postfix/postfix.txt@c10fb90893b9 (annotated)
postfix/postfix.txt
Thu, 04 Oct 2012 20:30:05 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 04 Oct 2012 20:30:05 +0200
- changeset 715
- c10fb90893b9
- parent 664
- 3045cab269c7
- permissions
- -rw-r--r--
Correct out of date build configuration, porting to Solaris 11 network
link infrastructure and new libpcap logic. This additionally allows for
device drivers in subdirectories of /dev. Correct packaged nmap
personalities and signatures to work out of the box. Finally, hack
arpd logic to properly close sockets and quit on TERM by repeating
signaling in the run command script. Sadly, all this fails to correct
the run time behaviour of honeyd which fails to bind to the IP layer.
| michael@146 | 1 | <file name="Makefile"> |
| michael@146 | 2 | ## |
| michael@146 | 3 | ## @l_prefix@/etc/postfix/Makefile -- maintainance procedures |
| michael@146 | 4 | ## |
| michael@146 | 5 | |
| michael@146 | 6 | # path configuration |
| michael@146 | 7 | PREFIX = @l_prefix@ |
| michael@146 | 8 | SBINDIR = $(PREFIX)/sbin |
| michael@146 | 9 | ETCDIR = $(PREFIX)/etc |
| michael@146 | 10 | |
| michael@146 | 11 | # program configuration |
| michael@146 | 12 | RC = $(ETCDIR)/rc |
| michael@146 | 13 | POSTALIAS = $(SBINDIR)/postalias |
| michael@146 | 14 | POSTMAP = $(SBINDIR)/postmap |
| michael@146 | 15 | POSTFIX = $(SBINDIR)/postfix |
| michael@146 | 16 | |
| michael@146 | 17 | # table filename configuration |
| michael@146 | 18 | T_ACCESS = access |
| michael@146 | 19 | T_CANONICAL = canonical |
| michael@146 | 20 | T_GENERIC = generic |
| michael@146 | 21 | T_VIRTUAL = virtual |
| michael@146 | 22 | T_RELOCATED = relocated |
| michael@146 | 23 | T_TRANSPORT = transport |
| michael@146 | 24 | T_ALIASES = aliases |
| michael@179 | 25 | T_CLIENTS = clients |
| michael@179 | 26 | T_SENDERS = senders |
| michael@181 | 27 | T_CLICRT = clicrt |
| michael@676 | 28 | T_RECIPIENT = recipient |
| michael@676 | 29 | T_HELO = helo |
| michael@146 | 30 | |
| michael@146 | 31 | # dependency tracking |
| michael@146 | 32 | TIMESTAMP = .up-to-date |
| michael@146 | 33 | DEPENDENCIES = Makefile master.cf main.cf $(TABLES) |
| michael@146 | 34 | |
| michael@146 | 35 | # managed tables: |
| michael@146 | 36 | # - use extension ".db" for hash tables ("hash") |
| michael@146 | 37 | # - use no extension for regex tables ("pcre") |
| michael@146 | 38 | TABLES = \ |
| michael@146 | 39 | $(T_ACCESS).db \ |
| michael@146 | 40 | $(T_CANONICAL).db \ |
| michael@146 | 41 | $(T_GENERIC).db \ |
| michael@146 | 42 | $(T_VIRTUAL).db \ |
| michael@146 | 43 | $(T_RELOCATED).db \ |
| michael@146 | 44 | $(T_TRANSPORT).db \ |
| michael@179 | 45 | $(T_ALIASES).db \ |
| michael@179 | 46 | $(T_CLIENTS).db \ |
| michael@179 | 47 | $(T_SENDERS).db \ |
| michael@676 | 48 | $(T_CLICRT).db \ |
| michael@676 | 49 | $(T_RECIPIENT).db \ |
| michael@676 | 50 | $(T_HELO).db |
| michael@146 | 51 | |
| michael@146 | 52 | # default target |
| michael@146 | 53 | all: $(TABLES) $(TIMESTAMP) |
| michael@146 | 54 | |
| michael@146 | 55 | # implicit checking and reloading |
| michael@146 | 56 | $(TIMESTAMP): $(DEPENDENCIES) |
| michael@146 | 57 | $(POSTFIX) check |
| michael@146 | 58 | $(POSTFIX) reload >/dev/null 2>&1 || true |
| michael@146 | 59 | touch $(TIMESTAMP) && chmod 600 $(TIMESTAMP) |
| michael@146 | 60 | |
| michael@146 | 61 | # explicit checking |
| michael@146 | 62 | check: |
| michael@146 | 63 | $(POSTFIX) check |
| michael@146 | 64 | |
| michael@146 | 65 | # hash table update targets |
| michael@146 | 66 | $(T_ACCESS).db: $(T_ACCESS) $(MAKEFILE) |
| michael@146 | 67 | $(POSTMAP) hash:$(T_ACCESS) |
| michael@146 | 68 | $(T_CANONICAL).db: $(T_CANONICAL) $(MAKEFILE) |
| michael@146 | 69 | $(POSTMAP) hash:$(T_CANONICAL) |
| michael@146 | 70 | $(T_GENERIC).db: $(T_GENERIC) $(MAKEFILE) |
| michael@146 | 71 | $(POSTMAP) hash:$(T_GENERIC) |
| michael@146 | 72 | $(T_VIRTUAL).db: $(T_VIRTUAL) $(MAKEFILE) |
| michael@146 | 73 | $(POSTMAP) hash:$(T_VIRTUAL) |
| michael@146 | 74 | $(T_RELOCATED).db: $(T_RELOCATED) $(MAKEFILE) |
| michael@146 | 75 | $(POSTMAP) hash:$(T_RELOCATED) |
| michael@146 | 76 | $(T_TRANSPORT).db: $(T_TRANSPORT) $(MAKEFILE) |
| michael@146 | 77 | $(POSTMAP) hash:$(T_TRANSPORT) |
| michael@146 | 78 | $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE) |
| michael@146 | 79 | $(POSTALIAS) hash:$(T_ALIASES) |
| michael@179 | 80 | $(T_CLIENTS).db: $(T_CLIENTS) $(MAKEFILE) |
| michael@179 | 81 | $(POSTMAP) hash:$(T_CLIENTS) |
| michael@179 | 82 | $(T_SENDERS).db: $(T_SENDERS) $(MAKEFILE) |
| michael@179 | 83 | $(POSTMAP) hash:$(T_SENDERS) |
| michael@181 | 84 | $(T_CLICRT).db: $(T_CLICRT) $(MAKEFILE) |
| michael@181 | 85 | $(POSTMAP) hash:$(T_CLICRT) |
| michael@676 | 86 | $(T_RECIPIENT).db: $(T_RECIPIENT) $(MAKEFILE) |
| michael@676 | 87 | $(POSTMAP) hash:$(T_RECIPIENT) |
| michael@676 | 88 | $(T_HELO).db: $(T_HELO) $(MAKEFILE) |
| michael@676 | 89 | $(POSTMAP) hash:$(T_HELO) |
| michael@146 | 90 | |
| michael@146 | 91 | # cleanup target |
| michael@146 | 92 | clean: |
| michael@146 | 93 | -rm -f $(TABLES) |
| michael@146 | 94 | -rm -f $(TIMESTAMP) |
| michael@146 | 95 | |
| michael@146 | 96 | # process management |
| michael@146 | 97 | start: |
| michael@146 | 98 | $(RC) postfix start |
| michael@146 | 99 | reload: |
| michael@146 | 100 | $(RC) postfix reload |
| michael@146 | 101 | stop: |
| michael@146 | 102 | $(RC) postfix stop |
| michael@146 | 103 | |
| michael@146 | 104 | </file> |
| michael@146 | 105 | <file name="master.cf"> |
| michael@146 | 106 | ## |
| michael@146 | 107 | ## @l_prefix@/etc/postfix/master.cf -- Postfix master process table |
| michael@146 | 108 | ## |
| michael@146 | 109 | # ========================================================================== |
| michael@146 | 110 | # service type private unpriv chroot wakeup maxproc command + args |
| michael@146 | 111 | # (yes) (yes) (yes) (never) (100) |
| michael@146 | 112 | # ========================================================================== |
| michael@146 | 113 | smtp inet n - n - - smtpd |
| michael@495 | 114 | #smtp inet n - n - - smtpd -o content_filter=spamass |
| michael@495 | 115 | #smtp inet n - n - 1 postscreen |
| michael@495 | 116 | #smtpd pass - - n - - smtpd |
| michael@495 | 117 | #dnsblog unix - - n - 0 dnsblog |
| michael@495 | 118 | #tlsproxy unix - - n - 0 tlsproxy |
| michael@146 | 119 | #628 inet n - n - - qmqpd |
| michael@146 | 120 | pickup fifo n - n 60 1 pickup |
| michael@146 | 121 | cleanup unix n - n - 0 cleanup |
| michael@146 | 122 | qmgr fifo n - n 300 1 qmgr |
| michael@146 | 123 | tlsmgr unix - - n 1000? 1 tlsmgr |
| michael@146 | 124 | rewrite unix - - n - - trivial-rewrite |
| michael@146 | 125 | bounce unix - - n - 0 bounce |
| michael@146 | 126 | defer unix - - n - 0 bounce |
| michael@146 | 127 | trace unix - - n - 0 bounce |
| michael@146 | 128 | verify unix - - n - 1 verify |
| michael@146 | 129 | flush unix n - n 1000? 0 flush |
| michael@146 | 130 | proxymap unix - - n - - proxymap |
| michael@146 | 131 | proxywrite unix - - n - - proxymap |
| michael@146 | 132 | smtp unix - - n - - smtp |
| michael@146 | 133 | relay unix - - n - - smtp -o fallback_relay= |
| michael@146 | 134 | showq unix n - n - - showq |
| michael@146 | 135 | error unix - - n - - error |
| michael@146 | 136 | retry unix - - n - - error |
| michael@146 | 137 | local unix - n n - - local |
| michael@146 | 138 | virtual unix - n n - - virtual |
| michael@146 | 139 | lmtp unix - - n - - lmtp |
| michael@146 | 140 | anvil unix - - n - 1 anvil |
| michael@146 | 141 | scache unix - - n - 1 scache |
| michael@146 | 142 | #maildrop unix - n n - - pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient} |
| michael@146 | 143 | #cyrus unix - n n - - pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user} |
| michael@495 | 144 | #dovecot unix - n n - - pipe flags=DR user=@l_rusr@ argv=@l_prefix@/libexec/dovecot/deliver -f ${sender} -d ${user} -n -m ${extension} |
| michael@495 | 145 | #spamass unix - n n - - pipe flags=R user=@l_rusr@ argv=@l_prefix@/bin/spamc -f -u ${user} -e @l_prefix@/sbin/sendmail -oi -f ${sender} ${recipient} |
| michael@146 | 146 | #uucp unix - n n - - pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient) |
| michael@146 | 147 | #ifmail unix - n n - - pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient) |
| michael@146 | 148 | #bsmtp unix - n n - - pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient |
| michael@146 | 149 | </file> |
| michael@146 | 150 | <file name="main.cf"> |
| michael@146 | 151 | ## |
| michael@146 | 152 | ## @l_prefix@/etc/postfix/main.cf -- Postfix main configuration |
| michael@146 | 153 | ## |
| michael@146 | 154 | ## Run "@l_prefix@/sbin/postconf -n" to see all parameters overriding |
| michael@146 | 155 | ## defaults, run "@l_prefix@/sbin/postconf -d" to see all possible |
| michael@146 | 156 | ## parameters and their defaults and read the following manual |
| michael@146 | 157 | ## pages for description of each parameter: bounce(8), cleanup(8), |
| michael@146 | 158 | ## defer(8), error(8), flush(8), lmtp(8), local(8), master(8), |
| michael@146 | 159 | ## pickup(8), pipe(8), qmgr(8), showq(8), smtp(8), smtpd(8), spawn(8), |
| michael@146 | 160 | ## trivial-rewrite(8). |
| michael@146 | 161 | ## |
| michael@146 | 162 | |
| michael@146 | 163 | # users |
| michael@146 | 164 | mail_owner = @l_musr@ |
| michael@146 | 165 | setgid_group = @l_rgrp@ |
| michael@146 | 166 | default_privs = @l_nusr@ |
| michael@146 | 167 | |
| michael@146 | 168 | # local host |
| michael@146 | 169 | myhostname = mail.example.com |
| michael@146 | 170 | mydomain = example.com |
| michael@146 | 171 | myorigin = $myhostname |
| michael@146 | 172 | |
| michael@146 | 173 | # smtp daemon |
| michael@146 | 174 | #smtpd_banner = $myhostname ESMTP $mail_name |
| michael@146 | 175 | inet_interfaces = 127.0.0.1 |
| michael@146 | 176 | |
| michael@146 | 177 | # smtp client |
| michael@146 | 178 | smtp_bind_address = 127.0.0.1 |
| michael@146 | 179 | |
| michael@146 | 180 | # relaying |
| michael@146 | 181 | mynetworks = 127.0.0.0/8 |
| michael@146 | 182 | #mydestination = $myhostname, localhost.$mydomain |
| michael@146 | 183 | #relay_domains = $mydestination, |
| michael@146 | 184 | # hash:@l_prefix@/etc/postfix/access |
| michael@664 | 185 | #relay_clientcerts = hash:@l_prefix@/etc/postfix/clicrt |
| michael@146 | 186 | #smtpd_recipient_restrictions = permit_mynetworks, |
| michael@146 | 187 | # check_client_access hash:@l_prefix@/etc/postfix/access, |
| michael@146 | 188 | # reject_unauth_destination |
| michael@146 | 189 | |
| michael@146 | 190 | # maps |
| michael@146 | 191 | #canonical_maps = hash:@l_prefix@/etc/postfix/canonical |
| michael@146 | 192 | #smtp_generic_maps = hash:@l_prefix@/etc/postfix/generic |
| michael@146 | 193 | #virtual_alias_maps = hash:@l_prefix@/etc/postfix/virtual |
| michael@146 | 194 | #relocated_maps = hash:@l_prefix@/etc/postfix/relocated |
| michael@146 | 195 | #transport_maps = hash:@l_prefix@/etc/postfix/transport |
| michael@146 | 196 | alias_maps = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 197 | alias_database = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 198 | |
| michael@146 | 199 | # local delivery |
| michael@146 | 200 | #local_recipient_maps = proxy:unix:passwd.byname $alias_maps |
| michael@146 | 201 | recipient_delimiter = + |
| michael@146 | 202 | mailbox_command = @l_prefix@/bin/procmail -a "$EXTENSION" |
| michael@146 | 203 | |
| michael@146 | 204 | </file> |
| michael@146 | 205 | <file name="access"> |
| michael@146 | 206 | ## |
| michael@146 | 207 | ## @l_prefix@/etc/postfix/access -- access control for relaying |
| michael@146 | 208 | ## |
| michael@146 | 209 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@146 | 210 | ## networks obtained by stripping least significant octets from IP |
| michael@146 | 211 | ## address) and destination address (resolved destination address, |
| michael@146 | 212 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@146 | 213 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@146 | 214 | ## request if the result is OK or RELAY or all-numerical. |
| michael@146 | 215 | ## |
| michael@146 | 216 | |
| michael@146 | 217 | # Syntax (see access(5)): |
| michael@146 | 218 | # | user@domain action |
| michael@146 | 219 | # | domain action |
| michael@146 | 220 | # | user@ action |
| michael@146 | 221 | # | net.work.addr.ess action |
| michael@146 | 222 | # | net.work.addr action |
| michael@146 | 223 | # | net.work action |
| michael@146 | 224 | # | net action |
| michael@146 | 225 | # where "action" is one of: |
| michael@146 | 226 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@146 | 227 | # |
| michael@146 | 228 | # Examples: |
| michael@146 | 229 | # | mail.example.com OK |
| michael@146 | 230 | # | example.com REJECT |
| michael@146 | 231 | # | 192.168.0.1 OK |
| michael@146 | 232 | # | 192.168 REJECT |
| michael@146 | 233 | # | postmaster@ OK |
| michael@146 | 234 | |
| michael@146 | 235 | </file> |
| michael@146 | 236 | <file name="virtual"> |
| michael@146 | 237 | ## |
| michael@146 | 238 | ## @l_prefix@/etc/postfix/virtual -- virtual address translation |
| michael@146 | 239 | ## |
| michael@146 | 240 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 241 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 242 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 243 | ## |
| michael@146 | 244 | |
| michael@146 | 245 | # Syntax (see virtual(5)): |
| michael@146 | 246 | # | user@domain address, address, ... |
| michael@146 | 247 | # | user address, address, ... |
| michael@146 | 248 | # | @domain address, address, ... |
| michael@146 | 249 | # |
| michael@146 | 250 | # Examples: |
| michael@146 | 251 | # | @example.com john@example.com |
| michael@146 | 252 | # | postmaster@example.com postmaster |
| michael@146 | 253 | # | john@example1.com john1 |
| michael@146 | 254 | # | john@example2.com john2 |
| michael@146 | 255 | |
| michael@146 | 256 | </file> |
| michael@146 | 257 | <file name="aliases"> |
| michael@146 | 258 | ## |
| michael@146 | 259 | ## @l_prefix@/etc/postfix/aliases -- local mailbox aliases |
| michael@146 | 260 | ## |
| michael@146 | 261 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 262 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 263 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 264 | ## |
| michael@146 | 265 | |
| michael@146 | 266 | # Syntax (see aliases(5)): |
| michael@146 | 267 | # | name: value, value, ... |
| michael@146 | 268 | # where value is one of: |
| michael@146 | 269 | # "address", "/file/name", "|command", ":include:/file/name" |
| michael@146 | 270 | # |
| michael@146 | 271 | # Examples: |
| michael@146 | 272 | # | john.doe: john, doe |
| michael@146 | 273 | # | robot: |/path/to/robot |
| michael@146 | 274 | # | archive: /path/to/archive |
| michael@146 | 275 | # | users: :include:/path/to/users.list |
| michael@146 | 276 | # | owner-users: john.doe |
| michael@146 | 277 | |
| michael@146 | 278 | # standard mail targets |
| michael@146 | 279 | nobody: /dev/null |
| michael@146 | 280 | MAILER-DAEMON: postmaster |
| michael@146 | 281 | |
| michael@146 | 282 | # mailbox names for common services, roles and functions |
| michael@146 | 283 | # (see RFC2142 for more details and expanded list of names) |
| michael@146 | 284 | postmaster: root |
| michael@146 | 285 | hostmaster: root |
| michael@146 | 286 | security: root |
| michael@146 | 287 | abuse: root |
| michael@146 | 288 | |
| michael@146 | 289 | # save unprivileged user storage of careless admins |
| michael@146 | 290 | root: /dev/null |
| michael@146 | 291 | |
| michael@146 | 292 | </file> |
| michael@146 | 293 | <file name="canonical"> |
| michael@146 | 294 | ## |
| michael@146 | 295 | ## @l_prefix@/etc/postfix/canonical -- address canonification on mail receiving |
| michael@146 | 296 | ## |
| michael@146 | 297 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 298 | ## (in this order). |
| michael@146 | 299 | ## |
| michael@146 | 300 | |
| michael@146 | 301 | # Syntax (see canonical(5)): |
| michael@146 | 302 | # | user@domain address |
| michael@146 | 303 | # | user address |
| michael@146 | 304 | # | @domain address |
| michael@146 | 305 | # |
| michael@146 | 306 | # Examples: |
| michael@146 | 307 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 308 | # | john John.Doe |
| michael@146 | 309 | # | @example.com @example.com |
| michael@146 | 310 | |
| michael@146 | 311 | </file> |
| michael@146 | 312 | <file name="relocated"> |
| michael@146 | 313 | ## |
| michael@146 | 314 | ## @l_prefix@/etc/postfix/relocated -- relocate obsolete addresses |
| michael@146 | 315 | ## |
| michael@146 | 316 | ## Searched for relocated addresses user@domain, user and @domain |
| michael@146 | 317 | ## (in this order). It bounces mail for all recipients. |
| michael@146 | 318 | ## |
| michael@146 | 319 | |
| michael@146 | 320 | # Syntax (see relocated(5)): |
| michael@146 | 321 | # | user@domain address |
| michael@146 | 322 | # | user address |
| michael@146 | 323 | # | @domain address |
| michael@146 | 324 | # |
| michael@146 | 325 | # Examples: |
| michael@146 | 326 | # | john@invalid john@example.com |
| michael@146 | 327 | # | john john@example.com |
| michael@146 | 328 | # | @invalid john@example.com |
| michael@146 | 329 | |
| michael@146 | 330 | </file> |
| michael@146 | 331 | <file name="generic"> |
| michael@146 | 332 | ## |
| michael@146 | 333 | ## @l_prefix@/etc/postfix/generic -- address canonification on mail sending |
| michael@146 | 334 | ## |
| michael@146 | 335 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 336 | ## (in this order). |
| michael@146 | 337 | ## |
| michael@146 | 338 | |
| michael@146 | 339 | # Syntax (see generic(5)): |
| michael@146 | 340 | # | user@domain address |
| michael@146 | 341 | # | user address |
| michael@146 | 342 | # | @domain address |
| michael@146 | 343 | # |
| michael@146 | 344 | # Examples: |
| michael@146 | 345 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 346 | # | john John.Doe |
| michael@146 | 347 | # | @example.com @example.com |
| michael@146 | 348 | |
| michael@146 | 349 | </file> |
| michael@146 | 350 | <file name="transport"> |
| michael@146 | 351 | ## |
| michael@146 | 352 | ## @l_prefix@/etc/postfix/transport -- transport selection |
| michael@146 | 353 | ## |
| michael@146 | 354 | ## Searched for domain and .domain (in this order). It selects the |
| michael@146 | 355 | ## specified transport facility for delivery. |
| michael@146 | 356 | ## |
| michael@146 | 357 | |
| michael@146 | 358 | # Syntax (see transport(5)): |
| michael@146 | 359 | # | domain transport:nexthop |
| michael@146 | 360 | # | .domain transport:nexthop |
| michael@146 | 361 | # |
| michael@146 | 362 | # Examples: |
| michael@146 | 363 | # | me.example.com local: |
| michael@146 | 364 | # | you.example.com smtp:mail.example.com:2525 |
| michael@146 | 365 | # | example.com smtp:mail.example.com |
| michael@146 | 366 | # | .example.com smtp:mail.example.com |
| michael@146 | 367 | |
| michael@146 | 368 | </file> |
| michael@181 | 369 | <file name="clients"> |
| michael@179 | 370 | ## |
| michael@181 | 371 | ## @l_prefix@/etc/postfix/clients -- control for relaying clients |
| michael@181 | 372 | ## |
| michael@181 | 373 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 374 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 375 | ## address) and destination address (resolved destination address, |
| michael@181 | 376 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 377 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 378 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 379 | ## |
| michael@181 | 380 | |
| michael@181 | 381 | # Syntax (see postmap(5)): |
| michael@181 | 382 | # | user@domain action |
| michael@181 | 383 | # | domain action |
| michael@181 | 384 | # | user@ action |
| michael@181 | 385 | # | net.work.addr.ess action |
| michael@181 | 386 | # | net.work.addr action |
| michael@181 | 387 | # | net.work action |
| michael@181 | 388 | # | net action |
| michael@181 | 389 | # where "action" is one of: |
| michael@181 | 390 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 391 | # |
| michael@181 | 392 | # Examples: |
| michael@181 | 393 | # | mail.example.com OK |
| michael@181 | 394 | # | example.com REJECT |
| michael@181 | 395 | # | 192.168.0.1 OK |
| michael@181 | 396 | # | 192.168 REJECT |
| michael@181 | 397 | # | postmaster@ OK |
| michael@181 | 398 | |
| michael@181 | 399 | </file> |
| michael@181 | 400 | <file name="senders"> |
| michael@181 | 401 | ## |
| michael@181 | 402 | ## @l_prefix@/etc/postfix/senders -- control for relaying senders |
| michael@181 | 403 | ## |
| michael@181 | 404 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 405 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 406 | ## address) and destination address (resolved destination address, |
| michael@181 | 407 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 408 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 409 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 410 | ## |
| michael@181 | 411 | |
| michael@181 | 412 | # Syntax (see access(5)): |
| michael@181 | 413 | # | user@domain action |
| michael@181 | 414 | # | domain action |
| michael@181 | 415 | # | user@ action |
| michael@181 | 416 | # | net.work.addr.ess action |
| michael@181 | 417 | # | net.work.addr action |
| michael@181 | 418 | # | net.work action |
| michael@181 | 419 | # | net action |
| michael@181 | 420 | # where "action" is one of: |
| michael@181 | 421 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 422 | # |
| michael@181 | 423 | # Examples: |
| michael@181 | 424 | # | mail.example.com OK |
| michael@181 | 425 | # | example.com REJECT |
| michael@181 | 426 | # | 192.168.0.1 OK |
| michael@181 | 427 | # | 192.168 REJECT |
| michael@181 | 428 | # | postmaster@ OK |
| michael@181 | 429 | |
| michael@181 | 430 | </file> |
| michael@181 | 431 | <file name="clicrt"> |
| michael@181 | 432 | ## |
| michael@181 | 433 | ## @l_prefix@/etc/postfix/clicrt -- user identity verification |
| michael@179 | 434 | ## |
| michael@179 | 435 | ## Searched for user names matching TLS certificate fingerprints |
| michael@179 | 436 | ## when a client responding to the MTA's client certificate request |
| michael@179 | 437 | ## presents a valid (signed from proper CA) certificate. |
| michael@179 | 438 | ## |
| michael@179 | 439 | ## To find such fingerprints given a valid client certificate: |
| michael@179 | 440 | ## @l_prefix@/bin/openssl x509 -noout -fingerprint -sha1 -in certfile.pem |
| michael@179 | 441 | ## |
| michael@179 | 442 | |
| michael@181 | 443 | # Syntax (fingerprint according to smtpd_tls_fingerprint_digest): |
| michael@181 | 444 | # | fingerprint arbitrary-value |
| michael@181 | 445 | # |
| michael@179 | 446 | # Examples: |
| michael@181 | 447 | # | B8:B8:A8:AE:B8:2A:2B:74:EC:43:FF:4F:B2:B2:AC:1E:B4:CE:26:1D user1 |
| michael@181 | 448 | # | 18:81:F5:22:18:BA:EB:15:FF:40:30:00:EA:C0:B4:2E:EC:AE:86:8E user2 |
| michael@179 | 449 | |
| michael@179 | 450 | </file> |
| michael@676 | 451 | <file name="recipient"> |
| michael@676 | 452 | ## |
| michael@676 | 453 | ## @l_prefix@/etc/postfix/recipient -- control for relaying recipients |
| michael@676 | 454 | ## |
| michael@676 | 455 | ## Searched for RCPT TO address, domain, parent domains, or localpart@ |
| michael@676 | 456 | ## and rejects the request if the result is REJECT or "[45]XX text" or |
| michael@676 | 457 | ## permits the request if the result is OK or RELAY or all-numerical. |
| michael@676 | 458 | ## |
| michael@676 | 459 | |
| michael@676 | 460 | # Syntax (see access(5)): |
| michael@676 | 461 | # | user@domain action |
| michael@676 | 462 | # | domain action |
| michael@676 | 463 | # | user@ action |
| michael@676 | 464 | # | net.work.addr.ess action |
| michael@676 | 465 | # | net.work.addr action |
| michael@676 | 466 | # | net.work action |
| michael@676 | 467 | # | net action |
| michael@676 | 468 | # where "action" is one of: |
| michael@676 | 469 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@676 | 470 | # |
| michael@676 | 471 | # Examples: |
| michael@676 | 472 | # | mail.example.com OK |
| michael@676 | 473 | # | example.com REJECT |
| michael@676 | 474 | # | 192.168.0.1 OK |
| michael@676 | 475 | # | 192.168 REJECT |
| michael@676 | 476 | # | postmaster@ OK |
| michael@676 | 477 | |
| michael@676 | 478 | </file> |
| michael@676 | 479 | <file name="helo"> |
| michael@676 | 480 | ## |
| michael@676 | 481 | ## @l_prefix@/etc/postfix/helo -- control for relaying helo transmissions |
| michael@676 | 482 | ## |
| michael@676 | 483 | ## Searched for HELO or EHLO hostname or parent domains and rejects the |
| michael@676 | 484 | ## request if the result is REJECT or "[45]XX text" or permits the request |
| michael@676 | 485 | ## if the result is OK or RELAY or all-numerical. |
| michael@676 | 486 | ## |
| michael@676 | 487 | |
| michael@676 | 488 | # Syntax (see access(5)): |
| michael@676 | 489 | # | user@domain action |
| michael@676 | 490 | # | domain action |
| michael@676 | 491 | # | user@ action |
| michael@676 | 492 | # | net.work.addr.ess action |
| michael@676 | 493 | # | net.work.addr action |
| michael@676 | 494 | # | net.work action |
| michael@676 | 495 | # | net action |
| michael@676 | 496 | # where "action" is one of: |
| michael@676 | 497 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@676 | 498 | # |
| michael@676 | 499 | # Examples: |
| michael@676 | 500 | # | mail.example.com OK |
| michael@676 | 501 | # | example.com REJECT |
| michael@676 | 502 | # | 192.168.0.1 OK |
| michael@676 | 503 | # | 192.168 REJECT |
| michael@676 | 504 | # | postmaster@ OK |
| michael@676 | 505 | |
| michael@676 | 506 | </file> |
