postfix/postfix.txt@f341c75337f6 (annotated)
postfix/postfix.txt
Wed, 29 Aug 2012 19:12:02 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 29 Aug 2012 19:12:02 +0200
- changeset 644
- f341c75337f6
- parent 190
- 35b9f699911a
- child 664
- 3045cab269c7
- permissions
- -rw-r--r--
Import package vendor original spec for necessary manipulations.
| michael@146 | 1 | <file name="Makefile"> |
| michael@146 | 2 | ## |
| michael@146 | 3 | ## @l_prefix@/etc/postfix/Makefile -- maintainance procedures |
| michael@146 | 4 | ## |
| michael@146 | 5 | |
| michael@146 | 6 | # path configuration |
| michael@146 | 7 | PREFIX = @l_prefix@ |
| michael@146 | 8 | SBINDIR = $(PREFIX)/sbin |
| michael@146 | 9 | ETCDIR = $(PREFIX)/etc |
| michael@146 | 10 | |
| michael@146 | 11 | # program configuration |
| michael@146 | 12 | RC = $(ETCDIR)/rc |
| michael@146 | 13 | POSTALIAS = $(SBINDIR)/postalias |
| michael@146 | 14 | POSTMAP = $(SBINDIR)/postmap |
| michael@146 | 15 | POSTFIX = $(SBINDIR)/postfix |
| michael@146 | 16 | |
| michael@146 | 17 | # table filename configuration |
| michael@146 | 18 | T_ACCESS = access |
| michael@146 | 19 | T_CANONICAL = canonical |
| michael@146 | 20 | T_GENERIC = generic |
| michael@146 | 21 | T_VIRTUAL = virtual |
| michael@146 | 22 | T_RELOCATED = relocated |
| michael@146 | 23 | T_TRANSPORT = transport |
| michael@146 | 24 | T_ALIASES = aliases |
| michael@179 | 25 | T_CLIENTS = clients |
| michael@179 | 26 | T_SENDERS = senders |
| michael@181 | 27 | T_CLICRT = clicrt |
| michael@146 | 28 | |
| michael@146 | 29 | # dependency tracking |
| michael@146 | 30 | TIMESTAMP = .up-to-date |
| michael@146 | 31 | DEPENDENCIES = Makefile master.cf main.cf $(TABLES) |
| michael@146 | 32 | |
| michael@146 | 33 | # managed tables: |
| michael@146 | 34 | # - use extension ".db" for hash tables ("hash") |
| michael@146 | 35 | # - use no extension for regex tables ("pcre") |
| michael@146 | 36 | TABLES = \ |
| michael@146 | 37 | $(T_ACCESS).db \ |
| michael@146 | 38 | $(T_CANONICAL).db \ |
| michael@146 | 39 | $(T_GENERIC).db \ |
| michael@146 | 40 | $(T_VIRTUAL).db \ |
| michael@146 | 41 | $(T_RELOCATED).db \ |
| michael@146 | 42 | $(T_TRANSPORT).db \ |
| michael@179 | 43 | $(T_ALIASES).db \ |
| michael@179 | 44 | $(T_CLIENTS).db \ |
| michael@179 | 45 | $(T_SENDERS).db \ |
| michael@181 | 46 | $(T_CLICRT).db |
| michael@146 | 47 | |
| michael@146 | 48 | # default target |
| michael@146 | 49 | all: $(TABLES) $(TIMESTAMP) |
| michael@146 | 50 | |
| michael@146 | 51 | # implicit checking and reloading |
| michael@146 | 52 | $(TIMESTAMP): $(DEPENDENCIES) |
| michael@146 | 53 | $(POSTFIX) check |
| michael@146 | 54 | $(POSTFIX) reload >/dev/null 2>&1 || true |
| michael@146 | 55 | touch $(TIMESTAMP) && chmod 600 $(TIMESTAMP) |
| michael@146 | 56 | |
| michael@146 | 57 | # explicit checking |
| michael@146 | 58 | check: |
| michael@146 | 59 | $(POSTFIX) check |
| michael@146 | 60 | |
| michael@146 | 61 | # hash table update targets |
| michael@146 | 62 | $(T_ACCESS).db: $(T_ACCESS) $(MAKEFILE) |
| michael@146 | 63 | $(POSTMAP) hash:$(T_ACCESS) |
| michael@146 | 64 | $(T_CANONICAL).db: $(T_CANONICAL) $(MAKEFILE) |
| michael@146 | 65 | $(POSTMAP) hash:$(T_CANONICAL) |
| michael@146 | 66 | $(T_GENERIC).db: $(T_GENERIC) $(MAKEFILE) |
| michael@146 | 67 | $(POSTMAP) hash:$(T_GENERIC) |
| michael@146 | 68 | $(T_VIRTUAL).db: $(T_VIRTUAL) $(MAKEFILE) |
| michael@146 | 69 | $(POSTMAP) hash:$(T_VIRTUAL) |
| michael@146 | 70 | $(T_RELOCATED).db: $(T_RELOCATED) $(MAKEFILE) |
| michael@146 | 71 | $(POSTMAP) hash:$(T_RELOCATED) |
| michael@146 | 72 | $(T_TRANSPORT).db: $(T_TRANSPORT) $(MAKEFILE) |
| michael@146 | 73 | $(POSTMAP) hash:$(T_TRANSPORT) |
| michael@146 | 74 | $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE) |
| michael@146 | 75 | $(POSTALIAS) hash:$(T_ALIASES) |
| michael@179 | 76 | $(T_CLIENTS).db: $(T_CLIENTS) $(MAKEFILE) |
| michael@179 | 77 | $(POSTMAP) hash:$(T_CLIENTS) |
| michael@179 | 78 | $(T_SENDERS).db: $(T_SENDERS) $(MAKEFILE) |
| michael@179 | 79 | $(POSTMAP) hash:$(T_SENDERS) |
| michael@181 | 80 | $(T_CLICRT).db: $(T_CLICRT) $(MAKEFILE) |
| michael@181 | 81 | $(POSTMAP) hash:$(T_CLICRT) |
| michael@146 | 82 | |
| michael@146 | 83 | # cleanup target |
| michael@146 | 84 | clean: |
| michael@146 | 85 | -rm -f $(TABLES) |
| michael@146 | 86 | -rm -f $(TIMESTAMP) |
| michael@146 | 87 | |
| michael@146 | 88 | # process management |
| michael@146 | 89 | start: |
| michael@146 | 90 | $(RC) postfix start |
| michael@146 | 91 | reload: |
| michael@146 | 92 | $(RC) postfix reload |
| michael@146 | 93 | stop: |
| michael@146 | 94 | $(RC) postfix stop |
| michael@146 | 95 | |
| michael@146 | 96 | </file> |
| michael@146 | 97 | <file name="master.cf"> |
| michael@146 | 98 | ## |
| michael@146 | 99 | ## @l_prefix@/etc/postfix/master.cf -- Postfix master process table |
| michael@146 | 100 | ## |
| michael@146 | 101 | # ========================================================================== |
| michael@146 | 102 | # service type private unpriv chroot wakeup maxproc command + args |
| michael@146 | 103 | # (yes) (yes) (yes) (never) (100) |
| michael@146 | 104 | # ========================================================================== |
| michael@146 | 105 | smtp inet n - n - - smtpd |
| michael@495 | 106 | #smtp inet n - n - - smtpd -o content_filter=spamass |
| michael@495 | 107 | #smtp inet n - n - 1 postscreen |
| michael@495 | 108 | #smtpd pass - - n - - smtpd |
| michael@495 | 109 | #dnsblog unix - - n - 0 dnsblog |
| michael@495 | 110 | #tlsproxy unix - - n - 0 tlsproxy |
| michael@146 | 111 | #628 inet n - n - - qmqpd |
| michael@146 | 112 | pickup fifo n - n 60 1 pickup |
| michael@146 | 113 | cleanup unix n - n - 0 cleanup |
| michael@146 | 114 | qmgr fifo n - n 300 1 qmgr |
| michael@146 | 115 | tlsmgr unix - - n 1000? 1 tlsmgr |
| michael@146 | 116 | rewrite unix - - n - - trivial-rewrite |
| michael@146 | 117 | bounce unix - - n - 0 bounce |
| michael@146 | 118 | defer unix - - n - 0 bounce |
| michael@146 | 119 | trace unix - - n - 0 bounce |
| michael@146 | 120 | verify unix - - n - 1 verify |
| michael@146 | 121 | flush unix n - n 1000? 0 flush |
| michael@146 | 122 | proxymap unix - - n - - proxymap |
| michael@146 | 123 | proxywrite unix - - n - - proxymap |
| michael@146 | 124 | smtp unix - - n - - smtp |
| michael@146 | 125 | relay unix - - n - - smtp -o fallback_relay= |
| michael@146 | 126 | showq unix n - n - - showq |
| michael@146 | 127 | error unix - - n - - error |
| michael@146 | 128 | retry unix - - n - - error |
| michael@146 | 129 | local unix - n n - - local |
| michael@146 | 130 | virtual unix - n n - - virtual |
| michael@146 | 131 | lmtp unix - - n - - lmtp |
| michael@146 | 132 | anvil unix - - n - 1 anvil |
| michael@146 | 133 | scache unix - - n - 1 scache |
| michael@146 | 134 | #maildrop unix - n n - - pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient} |
| michael@146 | 135 | #cyrus unix - n n - - pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user} |
| michael@495 | 136 | #dovecot unix - n n - - pipe flags=DR user=@l_rusr@ argv=@l_prefix@/libexec/dovecot/deliver -f ${sender} -d ${user} -n -m ${extension} |
| michael@495 | 137 | #spamass unix - n n - - pipe flags=R user=@l_rusr@ argv=@l_prefix@/bin/spamc -f -u ${user} -e @l_prefix@/sbin/sendmail -oi -f ${sender} ${recipient} |
| michael@146 | 138 | #uucp unix - n n - - pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient) |
| michael@146 | 139 | #ifmail unix - n n - - pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient) |
| michael@146 | 140 | #bsmtp unix - n n - - pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient |
| michael@146 | 141 | </file> |
| michael@146 | 142 | <file name="main.cf"> |
| michael@146 | 143 | ## |
| michael@146 | 144 | ## @l_prefix@/etc/postfix/main.cf -- Postfix main configuration |
| michael@146 | 145 | ## |
| michael@146 | 146 | ## Run "@l_prefix@/sbin/postconf -n" to see all parameters overriding |
| michael@146 | 147 | ## defaults, run "@l_prefix@/sbin/postconf -d" to see all possible |
| michael@146 | 148 | ## parameters and their defaults and read the following manual |
| michael@146 | 149 | ## pages for description of each parameter: bounce(8), cleanup(8), |
| michael@146 | 150 | ## defer(8), error(8), flush(8), lmtp(8), local(8), master(8), |
| michael@146 | 151 | ## pickup(8), pipe(8), qmgr(8), showq(8), smtp(8), smtpd(8), spawn(8), |
| michael@146 | 152 | ## trivial-rewrite(8). |
| michael@146 | 153 | ## |
| michael@146 | 154 | |
| michael@146 | 155 | # users |
| michael@146 | 156 | mail_owner = @l_musr@ |
| michael@146 | 157 | setgid_group = @l_rgrp@ |
| michael@146 | 158 | default_privs = @l_nusr@ |
| michael@146 | 159 | |
| michael@146 | 160 | # local host |
| michael@146 | 161 | myhostname = mail.example.com |
| michael@146 | 162 | mydomain = example.com |
| michael@146 | 163 | myorigin = $myhostname |
| michael@146 | 164 | |
| michael@146 | 165 | # smtp daemon |
| michael@146 | 166 | #smtpd_banner = $myhostname ESMTP $mail_name |
| michael@146 | 167 | inet_interfaces = 127.0.0.1 |
| michael@146 | 168 | |
| michael@146 | 169 | # smtp client |
| michael@146 | 170 | smtp_bind_address = 127.0.0.1 |
| michael@146 | 171 | |
| michael@146 | 172 | # relaying |
| michael@146 | 173 | mynetworks = 127.0.0.0/8 |
| michael@146 | 174 | #mydestination = $myhostname, localhost.$mydomain |
| michael@146 | 175 | #relay_domains = $mydestination, |
| michael@146 | 176 | # hash:@l_prefix@/etc/postfix/access |
| michael@181 | 177 | #relay_clientcerts = hash:@l_prefix@/etc//postfix/clicrt |
| michael@146 | 178 | #smtpd_recipient_restrictions = permit_mynetworks, |
| michael@146 | 179 | # check_client_access hash:@l_prefix@/etc/postfix/access, |
| michael@146 | 180 | # reject_unauth_destination |
| michael@146 | 181 | |
| michael@146 | 182 | # maps |
| michael@146 | 183 | #canonical_maps = hash:@l_prefix@/etc/postfix/canonical |
| michael@146 | 184 | #smtp_generic_maps = hash:@l_prefix@/etc/postfix/generic |
| michael@146 | 185 | #virtual_alias_maps = hash:@l_prefix@/etc/postfix/virtual |
| michael@146 | 186 | #relocated_maps = hash:@l_prefix@/etc/postfix/relocated |
| michael@146 | 187 | #transport_maps = hash:@l_prefix@/etc/postfix/transport |
| michael@146 | 188 | alias_maps = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 189 | alias_database = hash:@l_prefix@/etc/postfix/aliases |
| michael@146 | 190 | |
| michael@146 | 191 | # local delivery |
| michael@146 | 192 | #local_recipient_maps = proxy:unix:passwd.byname $alias_maps |
| michael@146 | 193 | recipient_delimiter = + |
| michael@146 | 194 | mailbox_command = @l_prefix@/bin/procmail -a "$EXTENSION" |
| michael@146 | 195 | |
| michael@146 | 196 | </file> |
| michael@146 | 197 | <file name="access"> |
| michael@146 | 198 | ## |
| michael@146 | 199 | ## @l_prefix@/etc/postfix/access -- access control for relaying |
| michael@146 | 200 | ## |
| michael@146 | 201 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@146 | 202 | ## networks obtained by stripping least significant octets from IP |
| michael@146 | 203 | ## address) and destination address (resolved destination address, |
| michael@146 | 204 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@146 | 205 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@146 | 206 | ## request if the result is OK or RELAY or all-numerical. |
| michael@146 | 207 | ## |
| michael@146 | 208 | |
| michael@146 | 209 | # Syntax (see access(5)): |
| michael@146 | 210 | # | user@domain action |
| michael@146 | 211 | # | domain action |
| michael@146 | 212 | # | user@ action |
| michael@146 | 213 | # | net.work.addr.ess action |
| michael@146 | 214 | # | net.work.addr action |
| michael@146 | 215 | # | net.work action |
| michael@146 | 216 | # | net action |
| michael@146 | 217 | # where "action" is one of: |
| michael@146 | 218 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@146 | 219 | # |
| michael@146 | 220 | # Examples: |
| michael@146 | 221 | # | mail.example.com OK |
| michael@146 | 222 | # | example.com REJECT |
| michael@146 | 223 | # | 192.168.0.1 OK |
| michael@146 | 224 | # | 192.168 REJECT |
| michael@146 | 225 | # | postmaster@ OK |
| michael@146 | 226 | |
| michael@146 | 227 | </file> |
| michael@146 | 228 | <file name="virtual"> |
| michael@146 | 229 | ## |
| michael@146 | 230 | ## @l_prefix@/etc/postfix/virtual -- virtual address translation |
| michael@146 | 231 | ## |
| michael@146 | 232 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 233 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 234 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 235 | ## |
| michael@146 | 236 | |
| michael@146 | 237 | # Syntax (see virtual(5)): |
| michael@146 | 238 | # | user@domain address, address, ... |
| michael@146 | 239 | # | user address, address, ... |
| michael@146 | 240 | # | @domain address, address, ... |
| michael@146 | 241 | # |
| michael@146 | 242 | # Examples: |
| michael@146 | 243 | # | @example.com john@example.com |
| michael@146 | 244 | # | postmaster@example.com postmaster |
| michael@146 | 245 | # | john@example1.com john1 |
| michael@146 | 246 | # | john@example2.com john2 |
| michael@146 | 247 | |
| michael@146 | 248 | </file> |
| michael@146 | 249 | <file name="aliases"> |
| michael@146 | 250 | ## |
| michael@146 | 251 | ## @l_prefix@/etc/postfix/aliases -- local mailbox aliases |
| michael@146 | 252 | ## |
| michael@146 | 253 | ## Searched for virtual addresses user@domain, user and @domain |
| michael@146 | 254 | ## (in this order). It redirect mail for all recipients, local or |
| michael@146 | 255 | ## remote. The mapping affects only envelope recipients. |
| michael@146 | 256 | ## |
| michael@146 | 257 | |
| michael@146 | 258 | # Syntax (see aliases(5)): |
| michael@146 | 259 | # | name: value, value, ... |
| michael@146 | 260 | # where value is one of: |
| michael@146 | 261 | # "address", "/file/name", "|command", ":include:/file/name" |
| michael@146 | 262 | # |
| michael@146 | 263 | # Examples: |
| michael@146 | 264 | # | john.doe: john, doe |
| michael@146 | 265 | # | robot: |/path/to/robot |
| michael@146 | 266 | # | archive: /path/to/archive |
| michael@146 | 267 | # | users: :include:/path/to/users.list |
| michael@146 | 268 | # | owner-users: john.doe |
| michael@146 | 269 | |
| michael@146 | 270 | # standard mail targets |
| michael@146 | 271 | nobody: /dev/null |
| michael@146 | 272 | MAILER-DAEMON: postmaster |
| michael@146 | 273 | |
| michael@146 | 274 | # mailbox names for common services, roles and functions |
| michael@146 | 275 | # (see RFC2142 for more details and expanded list of names) |
| michael@146 | 276 | postmaster: root |
| michael@146 | 277 | hostmaster: root |
| michael@146 | 278 | security: root |
| michael@146 | 279 | abuse: root |
| michael@146 | 280 | |
| michael@146 | 281 | # save unprivileged user storage of careless admins |
| michael@146 | 282 | root: /dev/null |
| michael@146 | 283 | |
| michael@146 | 284 | </file> |
| michael@146 | 285 | <file name="canonical"> |
| michael@146 | 286 | ## |
| michael@146 | 287 | ## @l_prefix@/etc/postfix/canonical -- address canonification on mail receiving |
| michael@146 | 288 | ## |
| michael@146 | 289 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 290 | ## (in this order). |
| michael@146 | 291 | ## |
| michael@146 | 292 | |
| michael@146 | 293 | # Syntax (see canonical(5)): |
| michael@146 | 294 | # | user@domain address |
| michael@146 | 295 | # | user address |
| michael@146 | 296 | # | @domain address |
| michael@146 | 297 | # |
| michael@146 | 298 | # Examples: |
| michael@146 | 299 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 300 | # | john John.Doe |
| michael@146 | 301 | # | @example.com @example.com |
| michael@146 | 302 | |
| michael@146 | 303 | </file> |
| michael@146 | 304 | <file name="relocated"> |
| michael@146 | 305 | ## |
| michael@146 | 306 | ## @l_prefix@/etc/postfix/relocated -- relocate obsolete addresses |
| michael@146 | 307 | ## |
| michael@146 | 308 | ## Searched for relocated addresses user@domain, user and @domain |
| michael@146 | 309 | ## (in this order). It bounces mail for all recipients. |
| michael@146 | 310 | ## |
| michael@146 | 311 | |
| michael@146 | 312 | # Syntax (see relocated(5)): |
| michael@146 | 313 | # | user@domain address |
| michael@146 | 314 | # | user address |
| michael@146 | 315 | # | @domain address |
| michael@146 | 316 | # |
| michael@146 | 317 | # Examples: |
| michael@146 | 318 | # | john@invalid john@example.com |
| michael@146 | 319 | # | john john@example.com |
| michael@146 | 320 | # | @invalid john@example.com |
| michael@146 | 321 | |
| michael@146 | 322 | </file> |
| michael@146 | 323 | <file name="generic"> |
| michael@146 | 324 | ## |
| michael@146 | 325 | ## @l_prefix@/etc/postfix/generic -- address canonification on mail sending |
| michael@146 | 326 | ## |
| michael@146 | 327 | ## Searched for canonical addresses for user@domain, user and @domain |
| michael@146 | 328 | ## (in this order). |
| michael@146 | 329 | ## |
| michael@146 | 330 | |
| michael@146 | 331 | # Syntax (see generic(5)): |
| michael@146 | 332 | # | user@domain address |
| michael@146 | 333 | # | user address |
| michael@146 | 334 | # | @domain address |
| michael@146 | 335 | # |
| michael@146 | 336 | # Examples: |
| michael@146 | 337 | # | postmaster@mail.example.com postmaster@example.com |
| michael@146 | 338 | # | john John.Doe |
| michael@146 | 339 | # | @example.com @example.com |
| michael@146 | 340 | |
| michael@146 | 341 | </file> |
| michael@146 | 342 | <file name="transport"> |
| michael@146 | 343 | ## |
| michael@146 | 344 | ## @l_prefix@/etc/postfix/transport -- transport selection |
| michael@146 | 345 | ## |
| michael@146 | 346 | ## Searched for domain and .domain (in this order). It selects the |
| michael@146 | 347 | ## specified transport facility for delivery. |
| michael@146 | 348 | ## |
| michael@146 | 349 | |
| michael@146 | 350 | # Syntax (see transport(5)): |
| michael@146 | 351 | # | domain transport:nexthop |
| michael@146 | 352 | # | .domain transport:nexthop |
| michael@146 | 353 | # |
| michael@146 | 354 | # Examples: |
| michael@146 | 355 | # | me.example.com local: |
| michael@146 | 356 | # | you.example.com smtp:mail.example.com:2525 |
| michael@146 | 357 | # | example.com smtp:mail.example.com |
| michael@146 | 358 | # | .example.com smtp:mail.example.com |
| michael@146 | 359 | |
| michael@146 | 360 | </file> |
| michael@181 | 361 | <file name="clients"> |
| michael@179 | 362 | ## |
| michael@181 | 363 | ## @l_prefix@/etc/postfix/clients -- control for relaying clients |
| michael@181 | 364 | ## |
| michael@181 | 365 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 366 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 367 | ## address) and destination address (resolved destination address, |
| michael@181 | 368 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 369 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 370 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 371 | ## |
| michael@181 | 372 | |
| michael@181 | 373 | # Syntax (see postmap(5)): |
| michael@181 | 374 | # | user@domain action |
| michael@181 | 375 | # | domain action |
| michael@181 | 376 | # | user@ action |
| michael@181 | 377 | # | net.work.addr.ess action |
| michael@181 | 378 | # | net.work.addr action |
| michael@181 | 379 | # | net.work action |
| michael@181 | 380 | # | net action |
| michael@181 | 381 | # where "action" is one of: |
| michael@181 | 382 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 383 | # |
| michael@181 | 384 | # Examples: |
| michael@181 | 385 | # | mail.example.com OK |
| michael@181 | 386 | # | example.com REJECT |
| michael@181 | 387 | # | 192.168.0.1 OK |
| michael@181 | 388 | # | 192.168 REJECT |
| michael@181 | 389 | # | postmaster@ OK |
| michael@181 | 390 | |
| michael@181 | 391 | </file> |
| michael@181 | 392 | <file name="senders"> |
| michael@181 | 393 | ## |
| michael@181 | 394 | ## @l_prefix@/etc/postfix/senders -- control for relaying senders |
| michael@181 | 395 | ## |
| michael@181 | 396 | ## Searched for both the client (hostname, parent domains, IP address, |
| michael@181 | 397 | ## networks obtained by stripping least significant octets from IP |
| michael@181 | 398 | ## address) and destination address (resolved destination address, |
| michael@181 | 399 | ## parent domain, or localpart@) in order to allow relaying. Rejects |
| michael@181 | 400 | ## the request if the result is REJECT or "[45]XX text". Permits the |
| michael@181 | 401 | ## request if the result is OK or RELAY or all-numerical. |
| michael@181 | 402 | ## |
| michael@181 | 403 | |
| michael@181 | 404 | # Syntax (see access(5)): |
| michael@181 | 405 | # | user@domain action |
| michael@181 | 406 | # | domain action |
| michael@181 | 407 | # | user@ action |
| michael@181 | 408 | # | net.work.addr.ess action |
| michael@181 | 409 | # | net.work.addr action |
| michael@181 | 410 | # | net.work action |
| michael@181 | 411 | # | net action |
| michael@181 | 412 | # where "action" is one of: |
| michael@181 | 413 | # "[45]NN text", "REJECT", "OK", "restriction..." |
| michael@181 | 414 | # |
| michael@181 | 415 | # Examples: |
| michael@181 | 416 | # | mail.example.com OK |
| michael@181 | 417 | # | example.com REJECT |
| michael@181 | 418 | # | 192.168.0.1 OK |
| michael@181 | 419 | # | 192.168 REJECT |
| michael@181 | 420 | # | postmaster@ OK |
| michael@181 | 421 | |
| michael@181 | 422 | </file> |
| michael@181 | 423 | <file name="clicrt"> |
| michael@181 | 424 | ## |
| michael@181 | 425 | ## @l_prefix@/etc/postfix/clicrt -- user identity verification |
| michael@179 | 426 | ## |
| michael@179 | 427 | ## Searched for user names matching TLS certificate fingerprints |
| michael@179 | 428 | ## when a client responding to the MTA's client certificate request |
| michael@179 | 429 | ## presents a valid (signed from proper CA) certificate. |
| michael@179 | 430 | ## |
| michael@179 | 431 | ## To find such fingerprints given a valid client certificate: |
| michael@179 | 432 | ## @l_prefix@/bin/openssl x509 -noout -fingerprint -sha1 -in certfile.pem |
| michael@179 | 433 | ## |
| michael@179 | 434 | |
| michael@181 | 435 | # Syntax (fingerprint according to smtpd_tls_fingerprint_digest): |
| michael@181 | 436 | # | fingerprint arbitrary-value |
| michael@181 | 437 | # |
| michael@179 | 438 | # Examples: |
| michael@181 | 439 | # | B8:B8:A8:AE:B8:2A:2B:74:EC:43:FF:4F:B2:B2:AC:1E:B4:CE:26:1D user1 |
| michael@181 | 440 | # | 18:81:F5:22:18:BA:EB:15:FF:40:30:00:EA:C0:B4:2E:EC:AE:86:8E user2 |
| michael@179 | 441 | |
| michael@179 | 442 | </file> |
