-
-
Save geiststreicher/7d7d2177a78bc30f2b3f to your computer and use it in GitHub Desktop.
Mailserver configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See /usr/share/postfix/main.cf.dist for a commented, more complete version | |
# Debian specific: Specifying a file name will cause the first | |
# line of that file to be used as the name. The Debian default | |
# is /etc/mailname. | |
#myorigin = /etc/mailname | |
mynetworks = localhost 127.0.0.0/8 192.168.100.0/24 [::ffff:127.0.0.0]/104 [::1]/128 | |
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) | |
biff = no | |
# appending .domain is the MUA's job. | |
append_dot_mydomain = no | |
# Uncomment the next line to generate "delayed mail" warnings | |
#delay_warning_time = 4h | |
readme_directory = no | |
# SASL Zeug SERVER | |
smtpd_sasl_type = dovecot | |
smtpd_sasl_path = private/auth | |
smtpd_sasl_auth_enable = yes | |
smtpd_sasl_security_options = noanonymous | |
smtpd_sasl_tls_security_options = noanonymous | |
# TLS parameters SERVER | |
tls_random_source = dev:/dev/urandom | |
smtpd_tls_loglevel = 1 | |
smtpd_tls_security_level = may | |
smtpd_tls_received_header = yes | |
smtpd_tls_cert_file = /etc/postfix/tlscert/sacnic-net-cert.pem | |
smtpd_tls_key_file = /etc/postfix/tlscert/sacnic-net-key.pem | |
smtpd_tls_CAfile = /etc/postfix/tlscert/sacnic-net-cacert.pem | |
smtpd_use_tls=yes | |
smtpd_tls_auth_only = yes | |
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |
smtpd_recipient_restrictions = | |
#allow anyone sending to us: | |
permit_auth_destination | |
#otherwise, allow authenticated connections from localhost | |
check_client_access hash:/etc/postfix/access_client | |
#otherwise, demand both authentication and encryption: | |
reject_plaintext_session | |
permit_sasl_authenticated | |
reject | |
# SASL Zeug CLIENT | |
smtp_sasl_auth_enable = yes | |
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd | |
smtp_sasl_security_options = noanonymous, noplaintext | |
smtp_sasl_tls_security_options = noanonymous | |
smtp_sender_dependent_authentication = yes | |
#broken_sasl_auth_clients = yes | |
# TLS paramters CLIENT | |
smtp_tls_security_level = may | |
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy | |
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |
# information on enabling SSL in the smtp client. | |
myhostname = server.sacnic-net.de | |
alias_maps = hash:/etc/aliases | |
alias_database = hash:/etc/aliases | |
smtp_generic_maps = hash:/etc/postfix/generic | |
myorigin = /etc/mailname | |
mydestination = server.sacnic-net.de, localhost.sacnic-net.de, localhost, sacnic-net.de | |
relayhost = | |
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhosts | |
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" | |
mailbox_size_limit = 0 | |
recipient_delimiter = + | |
inet_interfaces = all | |
inet_protocols = ipv4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Postfix master process configuration file. For details on the format | |
# of the file, see the master(5) manual page (command: "man 5 master"). | |
# | |
# Do not forget to execute "postfix reload" after editing this file. | |
# | |
# ========================================================================== | |
# service type private unpriv chroot wakeup maxproc command + args | |
# (yes) (yes) (yes) (never) (100) | |
# ========================================================================== | |
smtp inet n - - - - smtpd | |
-o content_filter=spamfilter | |
#smtp inet n - - - 1 postscreen | |
#smtpd pass - - - - - smtpd | |
#scan unix - - n - 3 smtp | |
# -o smtp_send_xforward_command=yes | |
# -o disable_mime_output_conversion=yes | |
#dnsblog unix - - - - 0 dnsblog | |
#tlsproxy unix - - - - 0 tlsproxy | |
#submission inet n - - - - smtpd | |
# -o syslog_name=postfix/submission | |
# -o smtpd_tls_security_level=encrypt | |
# -o smtpd_sasl_auth_enable=yes | |
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject | |
# -o milter_macro_daemon_name=ORIGINATING | |
#smtps inet n - - - - smtpd | |
# -o syslog_name=postfix/smtps | |
# -o smtpd_tls_wrappermode=yes | |
# -o smtpd_sasl_auth_enable=yes | |
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject | |
# -o milter_macro_daemon_name=ORIGINATING | |
#628 inet n - - - - qmqpd | |
pickup fifo n - - 60 1 pickup | |
cleanup unix n - - - 0 cleanup | |
qmgr fifo n - n 300 1 qmgr | |
#qmgr fifo n - n 300 1 oqmgr | |
tlsmgr unix - - - 1000? 1 tlsmgr | |
rewrite unix - - - - - trivial-rewrite | |
bounce unix - - - - 0 bounce | |
defer unix - - - - 0 bounce | |
trace unix - - - - 0 bounce | |
verify unix - - - - 1 verify | |
flush unix n - - 1000? 0 flush | |
proxymap unix - - n - - proxymap | |
proxywrite unix - - n - 1 proxymap | |
smtp unix - - - - - smtp | |
relay unix - - - - - smtp | |
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 | |
showq unix n - - - - showq | |
error unix - - - - - error | |
retry unix - - - - - error | |
discard unix - - - - - discard | |
local unix - n n - - local | |
virtual unix - n n - - virtual | |
lmtp unix - - - - - lmtp | |
anvil unix - - - - 1 anvil | |
scache unix - - - - 1 scache | |
# | |
# ==================================================================== | |
# Interfaces to non-Postfix software. Be sure to examine the manual | |
# pages of the non-Postfix software to find out what options it wants. | |
# | |
# Many of the following services use the Postfix pipe(8) delivery | |
# agent. See the pipe(8) man page for information about ${recipient} | |
# and other message envelope options. | |
# ==================================================================== | |
# | |
# maildrop. See the Postfix MAILDROP_README file for details. | |
# Also specify in main.cf: maildrop_destination_recipient_limit=1 | |
# | |
maildrop unix - n n - - pipe | |
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} | |
# | |
# ==================================================================== | |
# | |
# Recent Cyrus versions can use the existing "lmtp" master.cf entry. | |
# | |
# Specify in cyrus.conf: | |
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 | |
# | |
# Specify in main.cf one or more of the following: | |
# mailbox_transport = lmtp:inet:localhost | |
# virtual_transport = lmtp:inet:localhost | |
# | |
# ==================================================================== | |
# | |
# Cyrus 2.1.5 (Amos Gouaux) | |
# Also specify in main.cf: cyrus_destination_recipient_limit=1 | |
# | |
#cyrus unix - n n - - pipe | |
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} | |
# | |
# ==================================================================== | |
# Old example of delivery via Cyrus. | |
# | |
#old-cyrus unix - n n - - pipe | |
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} | |
# | |
# ==================================================================== | |
# | |
# See the Postfix UUCP_README file for configuration details. | |
# | |
uucp unix - n n - - pipe | |
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) | |
# | |
# Other external delivery methods. | |
# | |
ifmail unix - n n - - pipe | |
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) | |
bsmtp unix - n n - - pipe | |
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient | |
scalemail-backend unix - n n - 2 pipe | |
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} | |
mailman unix - n n - - pipe | |
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py | |
${nexthop} ${user} | |
# | |
# ================================================================== | |
# | |
# Spamassassin configuration of spampd | |
# | |
# ================================================================== | |
# | |
#localhost:10026 inet n - n - 3 smtpd | |
# -o content_filter= | |
# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters | |
# -o smtpd_helo_restrictions= | |
# -o smtpd_client_restrictions= | |
# -o smtpd_sender_restrictions= | |
# -o smtpd_recipient_restrictions=permit_mynetworks,reject | |
# -o mynetworks=127.0.0.0/8 | |
# -o smtpd_authorized_xforward_hosts=127.0.0.0/8 | |
# | |
# ================================================================== | |
# | |
# Spamassassin configuration of spamd/spamc | |
# | |
# ================================================================== | |
# | |
spamfilter unix - n n - - pipe | |
flags=Rq user=debian-spamd argv=/usr/bin/spamc -u $user -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@googlemail.com [smtp.gmail.com]:587 | |
@gmail.com [smtp.gmail.com]:587 | |
@gmx.de [mail.gmx.net]:587 | |
@gmx.net [mail.gmx.net]:587 | |
someone@live.de [smtp.live.com]:587 | |
anotherone@live.de [smtp.live.com]:587 | |
@web.de [smtp.web.de] | |
@geiststreicher.org [triangulum.uberspace.de]:587 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[smtp.gmail.com]:587 user@googlemail.com:password | |
[mail.gmx.net]:587 user:password | |
someone@live.de someone@live.de:someonesPassword | |
anotherone@live.de anotherone@live.de:anotheronesPassword | |
[triangulum.uberspace.de]:587 user:password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment