| # | |
| # Mail aliases for sendmail | |
| # | |
| # You must run newaliases(1) after making changes to this file. | |
| # | |
| # Required aliases | |
| postmaster: root | |
| MAILER-DAEMON: postmaster | |
| # Common aliases | |
| abuse: postmaster | |
| spam: postmaster | |
| # Other aliases | |
| root: my-gmail-account@gmail.com | |
| # js@johnsiu.com | |
| js: my-gmail-account@gmail.com | |
| # test@johnsiu.com | |
| test: another-account@somewhere-else.com |
| openssl genrsa -des3 -out mail.domain.tld.key 2048 | |
| chmod 600 mail.domain.tld.key | |
| openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr | |
| openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt | |
| openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass | |
| mv mail.domain.tld.key.nopass mail.domain.tld.key | |
| openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 | |
| chmod 600 mail.domain.tld.key | |
| chmod 600 cakey.pem | |
| mv mail.domain.tld.key /etc/ssl/private/ | |
| mv mail.domain.tld.crt /etc/ssl/certs/ | |
| mv cakey.pem /etc/ssl/private/ | |
| mv cacert.pem /etc/ssl/certs/ | |
| postconf -e 'smtpd_tls_auth_only = no' | |
| postconf -e 'smtp_use_tls = yes' | |
| postconf -e 'smtpd_use_tls = yes' | |
| postconf -e 'smtp_tls_note_starttls_offer = yes' | |
| postconf -e 'smtpd_tls_key_file = /etc/ssl/private/mail.domain.tld.key' | |
| postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.tld.crt' | |
| postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' | |
| postconf -e 'smtpd_tls_loglevel = 1' | |
| postconf -e 'smtpd_tls_received_header = yes' | |
| postconf -e 'smtpd_tls_session_cache_timeout = 3600s' | |
| postconf -e 'tls_random_source = dev:/dev/urandom' | |
| postconf -e 'myhostname = mail.example.com' |
| # See /usr/share/postfix/main.cf.dist for a commented, more complete version | |
| # Debian specific: Specifying a file name will cause the first | |
| # line of that file to be used as the name. The Debian default | |
| # is /etc/mailname. | |
| #myorigin = /etc/mailname | |
| smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) | |
| biff = no | |
| # appending .domain is the MUA’s job. | |
| append_dot_mydomain = no | |
| # Uncomment the next line to generate "delayed mail" warnings | |
| #delay_warning_time = 4h | |
| readme_directory = no | |
| # TLS parameters | |
| smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | |
| smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
| smtpd_use_tls=yes | |
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |
| # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |
| # information on enabling SSL in the smtp client. | |
| myhostname = MY-HOSTNAME | |
| alias_maps = hash:/etc/aliases | |
| alias_database = hash:/etc/aliases | |
| myorigin = /etc/mailname | |
| mydestination = MY-DOMAIN, localhost.com, localhost | |
| relayhost = | |
| mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |
| mailbox_command = procmail -a "$EXTENSION" | |
| mailbox_size_limit = 0 | |
| recipient_delimiter = + | |
| inet_interfaces = all | |
| smtpd_recipient_restrictions = | |
| permit_mynetworks, | |
| permit_sasl_authenticated, | |
| reject_invalid_hostname, | |
| reject_non_fqdn_hostname, | |
| reject_non_fqdn_sender, | |
| reject_non_fqdn_recipient, | |
| reject_unknown_recipient_domain, | |
| reject_unlisted_recipient, | |
| reject_unauth_destination, | |
| reject_rbl_client cbl.abuseat.org, | |
| reject_rbl_client bl.spamcop.net, | |
| reject_rbl_client relays.mail-abuse.org, | |
| reject_rbl_client dnsbl.proxybl.org, | |
| reject_rbl_client truncate.gbudb.net, | |
| reject_rbl_client dnsbl.njabl.org, | |
| permit |