postfix/postfix.txt@a2c6460cfb16 (annotated)
postfix/postfix.txt
Mon, 28 Jan 2013 17:37:18 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 28 Jan 2013 17:37:18 +0100
- changeset 758
- a2c6460cfb16
- parent 664
- 3045cab269c7
- permissions
- -rw-r--r--
Correct socket error reporting improvement with IPv6 portable code,
after helpful recommendation by Saúl Ibarra Corretgé on OSips devlist.
| michael@146 | 1 | <file name="Makefile"> |
| michael@146 | 2 | ## |
| michael@146 | 3 | ## @l_prefix@/etc/postfix/Makefile -- maintainance procedures |
| michael@146 | 4 | ## |
| michael@146 | 5 | |
| michael@146 | 6 | # path configuration |
| michael@146 | 7 | PREFIX = @l_prefix@ |
| michael@146 | 8 | SBINDIR = $(PREFIX)/sbin |
| michael@146 | 9 | ETCDIR = $(PREFIX)/etc |
| michael@146 | 10 | |
| michael@146 | 11 | # program configuration |
| michael@146 | 12 | RC = $(ETCDIR)/rc |
| michael@146 | 13 | POSTALIAS = $(SBINDIR)/postalias |
| michael@146 | 14 | POSTMAP = $(SBINDIR)/postmap |
| michael@146 | 15 | POSTFIX = $(SBINDIR)/postfix |
| michael@146 | 16 | |
| michael@146 | 17 | # table filename configuration |
| michael@146 | 18 | T_ACCESS = access |
| michael@146 | 19 | T_CANONICAL = canonical |
| michael@146 | 20 | T_GENERIC = generic |
| michael@146 | 21 | T_VIRTUAL = virtual |
| michael@146 | 22 | T_RELOCATED = relocated |
| michael@146 | 23 | T_TRANSPORT = transport |
| michael@146 | 24 | T_ALIASES = aliases |
| michael@179 | 25 | T_CLIENTS = clients |
| michael@179 | 26 | T_SENDERS = senders |
| michael@181 | 27 | T_CLICRT = clicrt |
| michael@676 | 28 | T_RECIPIENT = recipient |
| michael@676 | 29 | T_HELO = helo |
| michael@146 | 30 | |
| michael@146 | 31 | # dependency tracking |
| michael@146 | 32 | TIMESTAMP = .up-to-date |
| michael@146 | 33 | DEPENDENCIES = Makefile master.cf main.cf $(TABLES) |
| michael@146 | 34 | |
| michael@146 | 35 | # managed tables: |
| michael@146 | 36 | # - use extension ".db" for hash tables ("hash") |
| michael@146 | 37 | # - use no extension for regex tables ("pcre") |
| michael@146 | 38 | TABLES = \ |
| michael@146 | 39 | $(T_ACCESS).db \ |
| michael@146 | 40 | $(T_CANONICAL).db \ |
| michael@146 | 41 | $(T_GENERIC).db \ |
| michael@146 | 42 | $(T_VIRTUAL).db \ |
| michael@146 | 43 | $(T_RELOCATED).db \ |
| michael@146 | 44 | $(T_TRANSPORT).db \ |
| michael@179 | 45 | $(T_ALIASES).db \ |
| michael@179 | 46 | $(T_CLIENTS).db \ |
| michael@179 | 47 | $(T_SENDERS).db \ |
| michael@676 | 48 | $(T_CLICRT).db \ |
| michael@676 | 49 | $(T_RECIPIENT).db \ |
| michael@676 | 50 | $(T_HELO).db |
| michael@146 | 51 | |
| michael@146 | 52 | # default target |
| michael@146 | 53 | all: $(TABLES) $(TIMESTAMP) |
| michael@146 | 54 | |
| michael@146 | 55 | # implicit checking and reloading |
| michael@146 | 56 | $(TIMESTAMP): $(DEPENDENCIES) |
| michael@146 | 57 | $(POSTFIX) check |
| michael@146 | 58 | $(POSTFIX) reload >/dev/null 2>&1 || true |
| michael@146 | 59 | touch $(TIMESTAMP) && chmod 600 $(TIMESTAMP) |
| michael@146 | 60 | |
| michael@146 | 61 | # explicit checking |
| michael@146 | 62 | check: |
| michael@146 | 63 | $(POSTFIX) check |
| michael@146 | 64 | |
| michael@146 | 65 | # hash table update targets |
| michael@146 | 66 | $(T_ACCESS).db: $(T_ACCESS) $(MAKEFILE) |
| michael@146 | 67 | $(POSTMAP) hash:$(T_ACCESS) |
| michael@146 | 68 | $(T_CANONICAL).db: $(T_CANONICAL) $(MAKEFILE) |
| michael@146 | 69 | $(POSTMAP) hash:$(T_CANONICAL) |
| michael@146 | 70 | $(T_GENERIC).db: $(T_GENERIC) $(MAKEFILE) |
| michael@146 | 71 | $(POSTMAP) hash:$(T_GENERIC) |
| michael@146 | 72 | $(T_VIRTUAL).db: $(T_VIRTUAL) $(MAKEFILE) |
| michael@146 | 73 | $(POSTMAP) hash:$(T_VIRTUAL) |
| michael@146 | 74 | $(T_RELOCATED).db: $(T_RELOCATED) $(MAKEFILE) |
| michael@146 | 75 | $(POSTMAP) hash:$(T_RELOCATED) |
| michael@146 | 76 | $(T_TRANSPORT).db: $(T_TRANSPORT) $(MAKEFILE) |
| michael@146 | 77 | $(POSTMAP) hash:$(T_TRANSPORT) |
| michael@146 | 78 | $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE) |
| michael@146 | 79 | $(POSTALIAS) hash:$(T_ALIASES) |
| michael@179 | 80 | $(T_CLIENTS).db: $(T_CLIENTS) $(MAKEFILE) |
| michael@179 | 81 | $(POSTMAP) hash:$(T_CLIENTS) |
| michael@179 | 82 | $(T_SENDERS).db: $(T_SENDERS) $(MAKEFILE) |
| michael@179 | 83 | $(POSTMAP) hash:$(T_SENDERS) |
| michael@181 | 84 | $(T_CLICRT).db: $(T_CLICRT) $(MAKEFILE) |
| michael@181 | 85 | $(POSTMAP) hash:$(T_CLICRT) |
| michael@676 | 86 | $(T_RECIPIENT).db: $(T_RECIPIENT) $(MAKEFILE) |
| michael@676 | 87 | $(POSTMAP) hash:$(T_RECIPIENT) |
| michael@676 | 88 | $(T_HELO).db: $(T_HELO) $(MAKEFILE) |
| michael@676 | 89 | $(POSTMAP) hash:$(T_HELO) |
| michael@146 | 90 | |
| michael@146 | 91 | # cleanup target |
| michael@146 | 92 | clean: |
| michael@146 | 93 | -rm -f $(TABLES) |
| michael@146 | 94 | -rm -f $(TIMESTAMP) |
| michael@146 | 95 | |
| michael@146 | 96 | # process management |
| michael@146 | 97 | start: |
| michael@146 | 98 | $(RC) postfix start |
| michael@146 | 99 | reload: |
| michael@146 | 100 | $(RC) postfix reload |
| michael@146 | 101 | stop: |
| michael@146 | 102 | $(RC) postfix stop |
| michael@146 | 103 | |
| michael@146 | 104 | </file> |
| michael@146 | 105 | <file name="master.cf"> |
| michael@146 | 106 | ## |
| michael@146 | 107 | ## @l_prefix@/etc/postfix/master.cf -- Postfix master process table |
| michael@146 | 108 | ## |
| michael@146 | 109 | # ========================================================================== |
| michael@146 | 110 | # service type private unpriv chroot wakeup maxproc command + args |
| michael@146 | 111 | # (yes) (yes) (yes) (never) (100) |
| michael@146 | 112 | # ========================================================================== |
| michael@146 | 113 | smtp inet n - n - - smtpd |
| michael@495 | 114 | #smtp inet n - n - - smtpd -o content_filter=spamass |
| michael@495 | 115 | #smtp inet n - n - 1 postscreen |
| michael@495 | 116 | #smtpd pass - - n - - smtpd |
| michael@495 | 117 | #dnsblog unix - - n - 0 dnsblog |
| michael@495 | 118 | #tlsproxy unix - - n - 0 tlsproxy |
| michael@146 | 119 | #628 inet n - n - - qmqpd |
| michael@146 | 120 | pickup fifo n - n 60 1 pickup |
| michael@146 | 121 | cleanup unix n - n - 0 cleanup |
| michael@146 | 122 | qmgr fifo n - n 300 1 qmgr |
| michael@146 | 123 | tlsmgr unix - - n 1000? 1 tlsmgr |
| michael@146 | 124 | rewrite unix - - n - - trivial-rewrite |
| michael@146 | 125 | bounce unix - - n - 0 bounce |
| michael@146 | 126 | defer unix - - n - 0 bounce |
| michael@146 | 127 | trace unix - - n - 0 bounce |
| michael@146 | 128 | verify unix - - n - 1 verify |
| michael@146 | 129 | flush unix n - n 1000? 0 flush |
| michael@146 | 130 | proxymap unix - - n - - proxymap |
| michael@146 | 131 | proxywrite unix - - n - - proxymap |
| michael@146 | 132 | smtp unix - - n - - smtp |
| michael@146 | 133 | relay unix - - n - - smtp -o fallback_relay= |
| michael@146 | 134 | showq unix n - n - - showq |
| michael@146 | 135 | error unix - - n - - error |
| michael@146 | 136 | retry unix - - n - - error |
| michael@146 | 137 | local unix - n n - - local |
| michael@146 | 138 | virtual unix - n n - - virtual |
| michael@146 | 139 | lmtp unix - - n - - lmtp |
| michael@146 | 140 | anvil unix - - n - 1 anvil |
| michael@146 | 141 | scache unix - - n - 1 scache |
| michael@146 | 142 | #maildrop unix - n n - - pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient} |
| michael@146 | 143 | #cyrus unix - n n - - pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user} |
| michael@495 | 144 | #dovecot unix - n n - - pipe flags=DR user=@l_rusr@ argv=@l_prefix@/libexec/dovecot/deliver -f ${sender} -d ${user} -n -m ${extension} |
| michael@495 | 145 | #spamass unix - n n - - pipe flags=R user=@l_rusr@ argv=@l_prefix@/bin/spamc -f -u ${user} -e @l_prefix@/sbin/sendmail -oi -f ${sender} ${recipient} |
| michael@146 | 146 | #uucp unix - n n - - pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient) |
| michael@146 | 147 | #ifmail unix - n n - - pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient) |
| michael@146 | 148 | #bsmtp unix - n n - - pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient |
| michael@146 | 149 | </file> |
| michael@146 | 150 | <file name="main.cf"> |
| michael@146 | 151 | ## |
| michael@146 | 152 | ## @l_prefix@/etc/postfix/main.cf -- Postfix main configuration |
| michael@146 | 153 | ## |
| michael@146 | 154 | ## Run "@l_prefix@/sbin/postconf -n" to see all parameters overriding |
| michael@146 | 155 | ## defaults, run "@l_prefix@/sbin/postconf -d" to see all possible |
| michael@146 | 156 | ## parameters and their defaults and read the following manual |
| michael@146 | 157 | ## pages for description of each parameter: bounce(8), cleanup(8), |
| michael@146 | 158 | ## defer(8), error(8), flush(8), lmtp(8), local(8), master(8), |
| michael@146 | 159 | ## pickup(8), pipe(8), qmgr(8), showq(8), smtp(8), smtpd(8), spawn(8), |
| michael@146 | 160 | ## trivial-rewrite(8). |
| michael@146 | 161 | ## |
| michael@146 | 162 | |
| michael@146 | 163 | # users |
| michael@146 | 164 | mail_owner = @l_musr@ |
| michael@146 | 165 | setgid_group = @l_rgrp@ |
| michael@146 | 166 | default_privs = @l_nusr@ |
| michael@146 | 167 | |
| michael@146 | 168 | # local host |
| michael@146 | 169 | myhostname = mail.example.com |
| michael@146 | 170 | mydomain = example.com |
| michael@146 | 171 | myorigin = $myhostname |
| michael@146 | 172 | |
| michael@146 | 173 | # smtp daemon |
| michael@146 | 174 | #smtpd_banner = $myhostname ESMTP $mail_name |
| michael@146 | 175 | inet_interfaces = 127.0.0.1 |
| michael@146 | 176 | |
| michael@146 | 177 | # smtp client |
| michael@146 | 178 | smtp_bind_address = 127.0.0.1 |
| michael@146 | 179 | |
| michael@146 | 180 | # relaying |
| michael@146 | 181 | mynetworks = 127.0.0.0/8 |
| michael@146 | 182 | #mydestination = $myhostname, localhost.$mydomain |
| michael@146 | 183 | #relay_domains = $mydestination, |
| michael@146 | 184 | # hash:@l_prefix@/etc/postfix/access |
| michael@664 | 185 | #relay_clientcerts = hash:@l_prefix@/etc/postfix/clicrt |
| michael@146 | 186 | #smtpd_recipient_restrictions = permit_mynetworks, |
| michael@146 | 187 | # check_client_access hash:@l_prefix@/etc/postfix/access, |
| michael@146 | 188 | # reject_unauth_destination |
| michael@146 | 189 | |
| michael@146 | 190 | # maps |
| michael@146 | 191 | #canonical_maps = hash:@l_prefix@/etc/postfix/canonical |
| michael@146 | 192 | #smtp_generic_maps = hash:@l_prefix@/etc/postfix/generic |
| michael@146 | 193 | #virtual_alias_maps = hash:@l_prefix@/etc/postfix/virtual |
| michael@146 | 194 | #relocated_maps = hash:@l_prefix@/etc/postfix/relocated |
| michael@146 | 195 | #transport_maps = hash:@l_prefix@/etc/postfix/transport |
| michael@146 | 196 | alias_maps = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 197 | alias_database = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 198 | |
| michael@146 | 199 | # local delivery |
| michael@146 | 200 | #local_recipient_maps = proxy:unix:passwd.byname $alias_maps |
| michael@146 | 201 | recipient_delimiter = + |
| michael@146 | 202 | mailbox_command = @l_prefix@/bin/procmail -a "$EXTENSION" |
| michael@146 | 203 | |
| michael@146 | 204 | </file> |
| michael@146 | 205 | <file name="access"> |
| michael@146 | 206 | ## |
| michael@146 | 207 | ## @l_prefix@/etc/postfix/access -- access control for relaying |
| michael@146 | 208 | ## |
| michael@146 | 209 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@146 | 210 | ## networks obtained by stripping least significant octets from IP |
| michael@146 | 211 | ## address) and destination address (resolved destination address, |
| michael@146 | 212 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@146 | 213 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@146 | 214 | ## request if the result is OK or RELAY or all-numerical. |
| michael@146 | 215 | ## |
| michael@146 | 216 | |
| michael@146 | 217 | # Syntax (see access(5)): |
| michael@146 | 218 | # | user@domain action |
| michael@146 | 219 | # | domain action |
| michael@146 | 220 | # | user@ action |
| michael@146 | 221 | # | net.work.addr.ess action |
| michael@146 | 222 | # | net.work.addr action |
| michael@146 | 223 | # | net.work action |
| michael@146 | 224 | # | net action |
| michael@146 | 225 | # where "action" is one of: |
| michael@146 | 226 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@146 | 227 | # |
| michael@146 | 228 | # Examples: |
| michael@146 | 229 | # | mail.example.com OK |
| michael@146 | 230 | # | example.com REJECT |
| michael@146 | 231 | # | 192.168.0.1 OK |
| michael@146 | 232 | # | 192.168 REJECT |
| michael@146 | 233 | # | postmaster@ OK |
| michael@146 | 234 | |
| michael@146 | 235 | </file> |
| michael@146 | 236 | <file name="virtual"> |
| michael@146 | 237 | ## |
| michael@146 | 238 | ## @l_prefix@/etc/postfix/virtual -- virtual address translation |
| michael@146 | 239 | ## |
| michael@146 | 240 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 241 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 242 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 243 | ## |
| michael@146 | 244 | |
| michael@146 | 245 | # Syntax (see virtual(5)): |
| michael@146 | 246 | # | user@domain address, address, ... |
| michael@146 | 247 | # | user address, address, ... |
| michael@146 | 248 | # | @domain address, address, ... |
| michael@146 | 249 | # |
| michael@146 | 250 | # Examples: |
| michael@146 | 251 | # | @example.com john@example.com |
| michael@146 | 252 | # | postmaster@example.com postmaster |
| michael@146 | 253 | # | john@example1.com john1 |
| michael@146 | 254 | # | john@example2.com john2 |
| michael@146 | 255 | |
| michael@146 | 256 | </file> |
| michael@146 | 257 | <file name="aliases"> |
| michael@146 | 258 | ## |
| michael@146 | 259 | ## @l_prefix@/etc/postfix/aliases -- local mailbox aliases |
| michael@146 | 260 | ## |
| michael@146 | 261 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 262 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 263 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 264 | ## |
| michael@146 | 265 | |
| michael@146 | 266 | # Syntax (see aliases(5)): |
| michael@146 | 267 | # | name: value, value, ... |
| michael@146 | 268 | # where value is one of: |
| michael@146 | 269 | # "address", "/file/name", "|command", ":include:/file/name" |
| michael@146 | 270 | # |
| michael@146 | 271 | # Examples: |
| michael@146 | 272 | # | john.doe: john, doe |
| michael@146 | 273 | # | robot: |/path/to/robot |
| michael@146 | 274 | # | archive: /path/to/archive |
| michael@146 | 275 | # | users: :include:/path/to/users.list |
| michael@146 | 276 | # | owner-users: john.doe |
| michael@146 | 277 | |
| michael@146 | 278 | # standard mail targets |
| michael@146 | 279 | nobody: /dev/null |
| michael@146 | 280 | MAILER-DAEMON: postmaster |
| michael@146 | 281 | |
| michael@146 | 282 | # mailbox names for common services, roles and functions |
| michael@146 | 283 | # (see RFC2142 for more details and expanded list of names) |
| michael@146 | 284 | postmaster: root |
| michael@146 | 285 | hostmaster: root |
| michael@146 | 286 | security: root |
| michael@146 | 287 | abuse: root |
| michael@146 | 288 | |
| michael@146 | 289 | # save unprivileged user storage of careless admins |
| michael@146 | 290 | root: /dev/null |
| michael@146 | 291 | |
| michael@146 | 292 | </file> |
| michael@146 | 293 | <file name="canonical"> |
| michael@146 | 294 | ## |
| michael@146 | 295 | ## @l_prefix@/etc/postfix/canonical -- address canonification on mail receiving |
| michael@146 | 296 | ## |
| michael@146 | 297 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 298 | ## (in this order). |
| michael@146 | 299 | ## |
| michael@146 | 300 | |
| michael@146 | 301 | # Syntax (see canonical(5)): |
| michael@146 | 302 | # | user@domain address |
| michael@146 | 303 | # | user address |
| michael@146 | 304 | # | @domain address |
| michael@146 | 305 | # |
| michael@146 | 306 | # Examples: |
| michael@146 | 307 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 308 | # | john John.Doe |
| michael@146 | 309 | # | @example.com @example.com |
| michael@146 | 310 | |
| michael@146 | 311 | </file> |
| michael@146 | 312 | <file name="relocated"> |
| michael@146 | 313 | ## |
| michael@146 | 314 | ## @l_prefix@/etc/postfix/relocated -- relocate obsolete addresses |
| michael@146 | 315 | ## |
| michael@146 | 316 | ## Searched for relocated addresses user@domain, user and @domain |
| michael@146 | 317 | ## (in this order). It bounces mail for all recipients. |
| michael@146 | 318 | ## |
| michael@146 | 319 | |
| michael@146 | 320 | # Syntax (see relocated(5)): |
| michael@146 | 321 | # | user@domain address |
| michael@146 | 322 | # | user address |
| michael@146 | 323 | # | @domain address |
| michael@146 | 324 | # |
| michael@146 | 325 | # Examples: |
| michael@146 | 326 | # | john@invalid john@example.com |
| michael@146 | 327 | # | john john@example.com |
| michael@146 | 328 | # | @invalid john@example.com |
| michael@146 | 329 | |
| michael@146 | 330 | </file> |
| michael@146 | 331 | <file name="generic"> |
| michael@146 | 332 | ## |
| michael@146 | 333 | ## @l_prefix@/etc/postfix/generic -- address canonification on mail sending |
| michael@146 | 334 | ## |
| michael@146 | 335 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 336 | ## (in this order). |
| michael@146 | 337 | ## |
| michael@146 | 338 | |
| michael@146 | 339 | # Syntax (see generic(5)): |
| michael@146 | 340 | # | user@domain address |
| michael@146 | 341 | # | user address |
| michael@146 | 342 | # | @domain address |
| michael@146 | 343 | # |
| michael@146 | 344 | # Examples: |
| michael@146 | 345 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 346 | # | john John.Doe |
| michael@146 | 347 | # | @example.com @example.com |
| michael@146 | 348 | |
| michael@146 | 349 | </file> |
| michael@146 | 350 | <file name="transport"> |
| michael@146 | 351 | ## |
| michael@146 | 352 | ## @l_prefix@/etc/postfix/transport -- transport selection |
| michael@146 | 353 | ## |
| michael@146 | 354 | ## Searched for domain and .domain (in this order). It selects the |
| michael@146 | 355 | ## specified transport facility for delivery. |
| michael@146 | 356 | ## |
| michael@146 | 357 | |
| michael@146 | 358 | # Syntax (see transport(5)): |
| michael@146 | 359 | # | domain transport:nexthop |
| michael@146 | 360 | # | .domain transport:nexthop |
| michael@146 | 361 | # |
| michael@146 | 362 | # Examples: |
| michael@146 | 363 | # | me.example.com local: |
| michael@146 | 364 | # | you.example.com smtp:mail.example.com:2525 |
| michael@146 | 365 | # | example.com smtp:mail.example.com |
| michael@146 | 366 | # | .example.com smtp:mail.example.com |
| michael@146 | 367 | |
| michael@146 | 368 | </file> |
| michael@181 | 369 | <file name="clients"> |
| michael@179 | 370 | ## |
| michael@181 | 371 | ## @l_prefix@/etc/postfix/clients -- control for relaying clients |
| michael@181 | 372 | ## |
| michael@181 | 373 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 374 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 375 | ## address) and destination address (resolved destination address, |
| michael@181 | 376 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 377 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 378 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 379 | ## |
| michael@181 | 380 | |
| michael@181 | 381 | # Syntax (see postmap(5)): |
| michael@181 | 382 | # | user@domain action |
| michael@181 | 383 | # | domain action |
| michael@181 | 384 | # | user@ action |
| michael@181 | 385 | # | net.work.addr.ess action |
| michael@181 | 386 | # | net.work.addr action |
| michael@181 | 387 | # | net.work action |
| michael@181 | 388 | # | net action |
| michael@181 | 389 | # where "action" is one of: |
| michael@181 | 390 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 391 | # |
| michael@181 | 392 | # Examples: |
| michael@181 | 393 | # | mail.example.com OK |
| michael@181 | 394 | # | example.com REJECT |
| michael@181 | 395 | # | 192.168.0.1 OK |
| michael@181 | 396 | # | 192.168 REJECT |
| michael@181 | 397 | # | postmaster@ OK |
| michael@181 | 398 | |
| michael@181 | 399 | </file> |
| michael@181 | 400 | <file name="senders"> |
| michael@181 | 401 | ## |
| michael@181 | 402 | ## @l_prefix@/etc/postfix/senders -- control for relaying senders |
| michael@181 | 403 | ## |
| michael@181 | 404 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 405 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 406 | ## address) and destination address (resolved destination address, |
| michael@181 | 407 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 408 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 409 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 410 | ## |
| michael@181 | 411 | |
| michael@181 | 412 | # Syntax (see access(5)): |
| michael@181 | 413 | # | user@domain action |
| michael@181 | 414 | # | domain action |
| michael@181 | 415 | # | user@ action |
| michael@181 | 416 | # | net.work.addr.ess action |
| michael@181 | 417 | # | net.work.addr action |
| michael@181 | 418 | # | net.work action |
| michael@181 | 419 | # | net action |
| michael@181 | 420 | # where "action" is one of: |
| michael@181 | 421 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 422 | # |
| michael@181 | 423 | # Examples: |
| michael@181 | 424 | # | mail.example.com OK |
| michael@181 | 425 | # | example.com REJECT |
| michael@181 | 426 | # | 192.168.0.1 OK |
| michael@181 | 427 | # | 192.168 REJECT |
| michael@181 | 428 | # | postmaster@ OK |
| michael@181 | 429 | |
| michael@181 | 430 | </file> |
| michael@181 | 431 | <file name="clicrt"> |
| michael@181 | 432 | ## |
| michael@181 | 433 | ## @l_prefix@/etc/postfix/clicrt -- user identity verification |
| michael@179 | 434 | ## |
| michael@179 | 435 | ## Searched for user names matching TLS certificate fingerprints |
| michael@179 | 436 | ## when a client responding to the MTA's client certificate request |
| michael@179 | 437 | ## presents a valid (signed from proper CA) certificate. |
| michael@179 | 438 | ## |
| michael@179 | 439 | ## To find such fingerprints given a valid client certificate: |
| michael@179 | 440 | ## @l_prefix@/bin/openssl x509 -noout -fingerprint -sha1 -in certfile.pem |
| michael@179 | 441 | ## |
| michael@179 | 442 | |
| michael@181 | 443 | # Syntax (fingerprint according to smtpd_tls_fingerprint_digest): |
| michael@181 | 444 | # | fingerprint arbitrary-value |
| michael@181 | 445 | # |
| michael@179 | 446 | # Examples: |
| michael@181 | 447 | # | B8:B8:A8:AE:B8:2A:2B:74:EC:43:FF:4F:B2:B2:AC:1E:B4:CE:26:1D user1 |
| michael@181 | 448 | # | 18:81:F5:22:18:BA:EB:15:FF:40:30:00:EA:C0:B4:2E:EC:AE:86:8E user2 |
| michael@179 | 449 | |
| michael@179 | 450 | </file> |
| michael@676 | 451 | <file name="recipient"> |
| michael@676 | 452 | ## |
| michael@676 | 453 | ## @l_prefix@/etc/postfix/recipient -- control for relaying recipients |
| michael@676 | 454 | ## |
| michael@676 | 455 | ## Searched for RCPT TO address, domain, parent domains, or localpart@ |
| michael@676 | 456 | ## and rejects the request if the result is REJECT or "[45]XX text" or |
| michael@676 | 457 | ## permits the request if the result is OK or RELAY or all-numerical. |
| michael@676 | 458 | ## |
| michael@676 | 459 | |
| michael@676 | 460 | # Syntax (see access(5)): |
| michael@676 | 461 | # | user@domain action |
| michael@676 | 462 | # | domain action |
| michael@676 | 463 | # | user@ action |
| michael@676 | 464 | # | net.work.addr.ess action |
| michael@676 | 465 | # | net.work.addr action |
| michael@676 | 466 | # | net.work action |
| michael@676 | 467 | # | net action |
| michael@676 | 468 | # where "action" is one of: |
| michael@676 | 469 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@676 | 470 | # |
| michael@676 | 471 | # Examples: |
| michael@676 | 472 | # | mail.example.com OK |
| michael@676 | 473 | # | example.com REJECT |
| michael@676 | 474 | # | 192.168.0.1 OK |
| michael@676 | 475 | # | 192.168 REJECT |
| michael@676 | 476 | # | postmaster@ OK |
| michael@676 | 477 | |
| michael@676 | 478 | </file> |
| michael@676 | 479 | <file name="helo"> |
| michael@676 | 480 | ## |
| michael@676 | 481 | ## @l_prefix@/etc/postfix/helo -- control for relaying helo transmissions |
| michael@676 | 482 | ## |
| michael@676 | 483 | ## Searched for HELO or EHLO hostname or parent domains and rejects the |
| michael@676 | 484 | ## request if the result is REJECT or "[45]XX text" or permits the request |
| michael@676 | 485 | ## if the result is OK or RELAY or all-numerical. |
| michael@676 | 486 | ## |
| michael@676 | 487 | |
| michael@676 | 488 | # Syntax (see access(5)): |
| michael@676 | 489 | # | user@domain action |
| michael@676 | 490 | # | domain action |
| michael@676 | 491 | # | user@ action |
| michael@676 | 492 | # | net.work.addr.ess action |
| michael@676 | 493 | # | net.work.addr action |
| michael@676 | 494 | # | net.work action |
| michael@676 | 495 | # | net action |
| michael@676 | 496 | # where "action" is one of: |
| michael@676 | 497 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@676 | 498 | # |
| michael@676 | 499 | # Examples: |
| michael@676 | 500 | # | mail.example.com OK |
| michael@676 | 501 | # | example.com REJECT |
| michael@676 | 502 | # | 192.168.0.1 OK |
| michael@676 | 503 | # | 192.168 REJECT |
| michael@676 | 504 | # | postmaster@ OK |
| michael@676 | 505 | |
| michael@676 | 506 | </file> |
