postfix/postfix.txt@0ba300bdf30a
postfix/postfix.txt
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- child 179
- 6539a982f682
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 <file name="Makefile">
2 ##
3 ## @l_prefix@/etc/postfix/Makefile -- maintainance procedures
4 ##
6 # path configuration
7 PREFIX = @l_prefix@
8 SBINDIR = $(PREFIX)/sbin
9 ETCDIR = $(PREFIX)/etc
11 # program configuration
12 RC = $(ETCDIR)/rc
13 POSTALIAS = $(SBINDIR)/postalias
14 POSTMAP = $(SBINDIR)/postmap
15 POSTFIX = $(SBINDIR)/postfix
17 # table filename configuration
18 T_ACCESS = access
19 T_CANONICAL = canonical
20 T_GENERIC = generic
21 T_VIRTUAL = virtual
22 T_RELOCATED = relocated
23 T_TRANSPORT = transport
24 T_ALIASES = aliases
26 # dependency tracking
27 TIMESTAMP = .up-to-date
28 DEPENDENCIES = Makefile master.cf main.cf $(TABLES)
30 # managed tables:
31 # - use extension ".db" for hash tables ("hash")
32 # - use no extension for regex tables ("pcre")
33 TABLES = \
34 $(T_ACCESS).db \
35 $(T_CANONICAL).db \
36 $(T_GENERIC).db \
37 $(T_VIRTUAL).db \
38 $(T_RELOCATED).db \
39 $(T_TRANSPORT).db \
40 $(T_ALIASES).db
42 # default target
43 all: $(TABLES) $(TIMESTAMP)
45 # implicit checking and reloading
46 $(TIMESTAMP): $(DEPENDENCIES)
47 $(POSTFIX) check
48 $(POSTFIX) reload >/dev/null 2>&1 || true
49 touch $(TIMESTAMP) && chmod 600 $(TIMESTAMP)
51 # explicit checking
52 check:
53 $(POSTFIX) check
55 # hash table update targets
56 $(T_ACCESS).db: $(T_ACCESS) $(MAKEFILE)
57 $(POSTMAP) hash:$(T_ACCESS)
58 $(T_CANONICAL).db: $(T_CANONICAL) $(MAKEFILE)
59 $(POSTMAP) hash:$(T_CANONICAL)
60 $(T_GENERIC).db: $(T_GENERIC) $(MAKEFILE)
61 $(POSTMAP) hash:$(T_GENERIC)
62 $(T_VIRTUAL).db: $(T_VIRTUAL) $(MAKEFILE)
63 $(POSTMAP) hash:$(T_VIRTUAL)
64 $(T_RELOCATED).db: $(T_RELOCATED) $(MAKEFILE)
65 $(POSTMAP) hash:$(T_RELOCATED)
66 $(T_TRANSPORT).db: $(T_TRANSPORT) $(MAKEFILE)
67 $(POSTMAP) hash:$(T_TRANSPORT)
68 $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE)
69 $(POSTALIAS) hash:$(T_ALIASES)
71 # cleanup target
72 clean:
73 -rm -f $(TABLES)
74 -rm -f $(TIMESTAMP)
76 # process management
77 start:
78 $(RC) postfix start
79 reload:
80 $(RC) postfix reload
81 stop:
82 $(RC) postfix stop
84 </file>
85 <file name="master.cf">
86 ##
87 ## @l_prefix@/etc/postfix/master.cf -- Postfix master process table
88 ##
89 # ==========================================================================
90 # service type private unpriv chroot wakeup maxproc command + args
91 # (yes) (yes) (yes) (never) (100)
92 # ==========================================================================
93 smtp inet n - n - - smtpd
94 #628 inet n - n - - qmqpd
95 pickup fifo n - n 60 1 pickup
96 cleanup unix n - n - 0 cleanup
97 qmgr fifo n - n 300 1 qmgr
98 tlsmgr unix - - n 1000? 1 tlsmgr
99 rewrite unix - - n - - trivial-rewrite
100 bounce unix - - n - 0 bounce
101 defer unix - - n - 0 bounce
102 trace unix - - n - 0 bounce
103 verify unix - - n - 1 verify
104 flush unix n - n 1000? 0 flush
105 proxymap unix - - n - - proxymap
106 proxywrite unix - - n - - proxymap
107 smtp unix - - n - - smtp
108 relay unix - - n - - smtp -o fallback_relay=
109 showq unix n - n - - showq
110 error unix - - n - - error
111 retry unix - - n - - error
112 local unix - n n - - local
113 virtual unix - n n - - virtual
114 lmtp unix - - n - - lmtp
115 anvil unix - - n - 1 anvil
116 scache unix - - n - 1 scache
117 #maildrop unix - n n - - pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient}
118 #cyrus unix - n n - - pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user}
119 #uucp unix - n n - - pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
120 #ifmail unix - n n - - pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient)
121 #bsmtp unix - n n - - pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient
122 </file>
123 <file name="main.cf">
124 ##
125 ## @l_prefix@/etc/postfix/main.cf -- Postfix main configuration
126 ##
127 ## Run "@l_prefix@/sbin/postconf -n" to see all parameters overriding
128 ## defaults, run "@l_prefix@/sbin/postconf -d" to see all possible
129 ## parameters and their defaults and read the following manual
130 ## pages for description of each parameter: bounce(8), cleanup(8),
131 ## defer(8), error(8), flush(8), lmtp(8), local(8), master(8),
132 ## pickup(8), pipe(8), qmgr(8), showq(8), smtp(8), smtpd(8), spawn(8),
133 ## trivial-rewrite(8).
134 ##
136 # users
137 mail_owner = @l_musr@
138 setgid_group = @l_rgrp@
139 default_privs = @l_nusr@
141 # local host
142 myhostname = mail.example.com
143 mydomain = example.com
144 myorigin = $myhostname
146 # smtp daemon
147 #smtpd_banner = $myhostname ESMTP $mail_name
148 inet_interfaces = 127.0.0.1
150 # smtp client
151 smtp_bind_address = 127.0.0.1
153 # relaying
154 mynetworks = 127.0.0.0/8
155 #mydestination = $myhostname, localhost.$mydomain
156 #relay_domains = $mydestination,
157 # hash:@l_prefix@/etc/postfix/access
158 #smtpd_recipient_restrictions = permit_mynetworks,
159 # check_client_access hash:@l_prefix@/etc/postfix/access,
160 # reject_unauth_destination
162 # maps
163 #canonical_maps = hash:@l_prefix@/etc/postfix/canonical
164 #smtp_generic_maps = hash:@l_prefix@/etc/postfix/generic
165 #virtual_alias_maps = hash:@l_prefix@/etc/postfix/virtual
166 #relocated_maps = hash:@l_prefix@/etc/postfix/relocated
167 #transport_maps = hash:@l_prefix@/etc/postfix/transport
168 alias_maps = hash:@l_prefix@/etc/postfix/aliases
169 alias_database = hash:@l_prefix@/etc/postfix/aliases
171 # local delivery
172 #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
173 recipient_delimiter = +
174 mailbox_command = @l_prefix@/bin/procmail -a "$EXTENSION"
176 </file>
177 <file name="access">
178 ##
179 ## @l_prefix@/etc/postfix/access -- access control for relaying
180 ##
181 ## Searched for both the client (hostname, parent domains, IP address,
182 ## networks obtained by stripping least significant octets from IP
183 ## address) and destination address (resolved destination address,
184 ## parent domain, or localpart@) in order to allow relaying. Rejects
185 ## the request if the result is REJECT or "[45]XX text". Permits the
186 ## request if the result is OK or RELAY or all-numerical.
187 ##
189 # Syntax (see access(5)):
190 # | user@domain action
191 # | domain action
192 # | user@ action
193 # | net.work.addr.ess action
194 # | net.work.addr action
195 # | net.work action
196 # | net action
197 # where "action" is one of:
198 # "[45]NN text", "REJECT", "OK", "restriction..."
199 #
200 # Examples:
201 # | mail.example.com OK
202 # | example.com REJECT
203 # | 192.168.0.1 OK
204 # | 192.168 REJECT
205 # | postmaster@ OK
207 </file>
208 <file name="virtual">
209 ##
210 ## @l_prefix@/etc/postfix/virtual -- virtual address translation
211 ##
212 ## Searched for virtual addresses user@domain, user and @domain
213 ## (in this order). It redirect mail for all recipients, local or
214 ## remote. The mapping affects only envelope recipients.
215 ##
217 # Syntax (see virtual(5)):
218 # | user@domain address, address, ...
219 # | user address, address, ...
220 # | @domain address, address, ...
221 #
222 # Examples:
223 # | @example.com john@example.com
224 # | postmaster@example.com postmaster
225 # | john@example1.com john1
226 # | john@example2.com john2
228 </file>
229 <file name="aliases">
230 ##
231 ## @l_prefix@/etc/postfix/aliases -- local mailbox aliases
232 ##
233 ## Searched for virtual addresses user@domain, user and @domain
234 ## (in this order). It redirect mail for all recipients, local or
235 ## remote. The mapping affects only envelope recipients.
236 ##
238 # Syntax (see aliases(5)):
239 # | name: value, value, ...
240 # where value is one of:
241 # "address", "/file/name", "|command", ":include:/file/name"
242 #
243 # Examples:
244 # | john.doe: john, doe
245 # | robot: |/path/to/robot
246 # | archive: /path/to/archive
247 # | users: :include:/path/to/users.list
248 # | owner-users: john.doe
250 # standard mail targets
251 nobody: /dev/null
252 MAILER-DAEMON: postmaster
254 # mailbox names for common services, roles and functions
255 # (see RFC2142 for more details and expanded list of names)
256 postmaster: root
257 hostmaster: root
258 security: root
259 abuse: root
261 # save unprivileged user storage of careless admins
262 root: /dev/null
264 </file>
265 <file name="canonical">
266 ##
267 ## @l_prefix@/etc/postfix/canonical -- address canonification on mail receiving
268 ##
269 ## Searched for canonical addresses for user@domain, user and @domain
270 ## (in this order).
271 ##
273 # Syntax (see canonical(5)):
274 # | user@domain address
275 # | user address
276 # | @domain address
277 #
278 # Examples:
279 # | postmaster@mail.example.com postmaster@example.com
280 # | john John.Doe
281 # | @example.com @example.com
283 </file>
284 <file name="relocated">
285 ##
286 ## @l_prefix@/etc/postfix/relocated -- relocate obsolete addresses
287 ##
288 ## Searched for relocated addresses user@domain, user and @domain
289 ## (in this order). It bounces mail for all recipients.
290 ##
292 # Syntax (see relocated(5)):
293 # | user@domain address
294 # | user address
295 # | @domain address
296 #
297 # Examples:
298 # | john@invalid john@example.com
299 # | john john@example.com
300 # | @invalid john@example.com
302 </file>
303 <file name="generic">
304 ##
305 ## @l_prefix@/etc/postfix/generic -- address canonification on mail sending
306 ##
307 ## Searched for canonical addresses for user@domain, user and @domain
308 ## (in this order).
309 ##
311 # Syntax (see generic(5)):
312 # | user@domain address
313 # | user address
314 # | @domain address
315 #
316 # Examples:
317 # | postmaster@mail.example.com postmaster@example.com
318 # | john John.Doe
319 # | @example.com @example.com
321 </file>
322 <file name="transport">
323 ##
324 ## @l_prefix@/etc/postfix/transport -- transport selection
325 ##
326 ## Searched for domain and .domain (in this order). It selects the
327 ## specified transport facility for delivery.
328 ##
330 # Syntax (see transport(5)):
331 # | domain transport:nexthop
332 # | .domain transport:nexthop
333 #
334 # Examples:
335 # | me.example.com local:
336 # | you.example.com smtp:mail.example.com:2525
337 # | example.com smtp:mail.example.com
338 # | .example.com smtp:mail.example.com
340 </file>
