postfix/postfix.txt@c10fb90893b9
postfix/postfix.txt
Thu, 04 Oct 2012 20:30:05 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 04 Oct 2012 20:30:05 +0200
- changeset 715
- c10fb90893b9
- parent 664
- 3045cab269c7
- permissions
- -rw-r--r--
Correct out of date build configuration, porting to Solaris 11 network
link infrastructure and new libpcap logic. This additionally allows for
device drivers in subdirectories of /dev. Correct packaged nmap
personalities and signatures to work out of the box. Finally, hack
arpd logic to properly close sockets and quit on TERM by repeating
signaling in the run command script. Sadly, all this fails to correct
the run time behaviour of honeyd which fails to bind to the IP layer.
1 <file name="Makefile">
2 ##
3 ## @l_prefix@/etc/postfix/Makefile -- maintainance procedures
4 ##
6 # path configuration
7 PREFIX = @l_prefix@
8 SBINDIR = $(PREFIX)/sbin
9 ETCDIR = $(PREFIX)/etc
11 # program configuration
12 RC = $(ETCDIR)/rc
13 POSTALIAS = $(SBINDIR)/postalias
14 POSTMAP = $(SBINDIR)/postmap
15 POSTFIX = $(SBINDIR)/postfix
17 # table filename configuration
18 T_ACCESS = access
19 T_CANONICAL = canonical
20 T_GENERIC = generic
21 T_VIRTUAL = virtual
22 T_RELOCATED = relocated
23 T_TRANSPORT = transport
24 T_ALIASES = aliases
25 T_CLIENTS = clients
26 T_SENDERS = senders
27 T_CLICRT = clicrt
28 T_RECIPIENT = recipient
29 T_HELO = helo
31 # dependency tracking
32 TIMESTAMP = .up-to-date
33 DEPENDENCIES = Makefile master.cf main.cf $(TABLES)
35 # managed tables:
36 # - use extension ".db" for hash tables ("hash")
37 # - use no extension for regex tables ("pcre")
38 TABLES = \
39 $(T_ACCESS).db \
40 $(T_CANONICAL).db \
41 $(T_GENERIC).db \
42 $(T_VIRTUAL).db \
43 $(T_RELOCATED).db \
44 $(T_TRANSPORT).db \
45 $(T_ALIASES).db \
46 $(T_CLIENTS).db \
47 $(T_SENDERS).db \
48 $(T_CLICRT).db \
49 $(T_RECIPIENT).db \
50 $(T_HELO).db
52 # default target
53 all: $(TABLES) $(TIMESTAMP)
55 # implicit checking and reloading
56 $(TIMESTAMP): $(DEPENDENCIES)
57 $(POSTFIX) check
58 $(POSTFIX) reload >/dev/null 2>&1 || true
59 touch $(TIMESTAMP) && chmod 600 $(TIMESTAMP)
61 # explicit checking
62 check:
63 $(POSTFIX) check
65 # hash table update targets
66 $(T_ACCESS).db: $(T_ACCESS) $(MAKEFILE)
67 $(POSTMAP) hash:$(T_ACCESS)
68 $(T_CANONICAL).db: $(T_CANONICAL) $(MAKEFILE)
69 $(POSTMAP) hash:$(T_CANONICAL)
70 $(T_GENERIC).db: $(T_GENERIC) $(MAKEFILE)
71 $(POSTMAP) hash:$(T_GENERIC)
72 $(T_VIRTUAL).db: $(T_VIRTUAL) $(MAKEFILE)
73 $(POSTMAP) hash:$(T_VIRTUAL)
74 $(T_RELOCATED).db: $(T_RELOCATED) $(MAKEFILE)
75 $(POSTMAP) hash:$(T_RELOCATED)
76 $(T_TRANSPORT).db: $(T_TRANSPORT) $(MAKEFILE)
77 $(POSTMAP) hash:$(T_TRANSPORT)
78 $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE)
79 $(POSTALIAS) hash:$(T_ALIASES)
80 $(T_CLIENTS).db: $(T_CLIENTS) $(MAKEFILE)
81 $(POSTMAP) hash:$(T_CLIENTS)
82 $(T_SENDERS).db: $(T_SENDERS) $(MAKEFILE)
83 $(POSTMAP) hash:$(T_SENDERS)
84 $(T_CLICRT).db: $(T_CLICRT) $(MAKEFILE)
85 $(POSTMAP) hash:$(T_CLICRT)
86 $(T_RECIPIENT).db: $(T_RECIPIENT) $(MAKEFILE)
87 $(POSTMAP) hash:$(T_RECIPIENT)
88 $(T_HELO).db: $(T_HELO) $(MAKEFILE)
89 $(POSTMAP) hash:$(T_HELO)
91 # cleanup target
92 clean:
93 -rm -f $(TABLES)
94 -rm -f $(TIMESTAMP)
96 # process management
97 start:
98 $(RC) postfix start
99 reload:
100 $(RC) postfix reload
101 stop:
102 $(RC) postfix stop
104 </file>
105 <file name="master.cf">
106 ##
107 ## @l_prefix@/etc/postfix/master.cf -- Postfix master process table
108 ##
109 # ==========================================================================
110 # service type private unpriv chroot wakeup maxproc command + args
111 # (yes) (yes) (yes) (never) (100)
112 # ==========================================================================
113 smtp inet n - n - - smtpd
114 #smtp inet n - n - - smtpd -o content_filter=spamass
115 #smtp inet n - n - 1 postscreen
116 #smtpd pass - - n - - smtpd
117 #dnsblog unix - - n - 0 dnsblog
118 #tlsproxy unix - - n - 0 tlsproxy
119 #628 inet n - n - - qmqpd
120 pickup fifo n - n 60 1 pickup
121 cleanup unix n - n - 0 cleanup
122 qmgr fifo n - n 300 1 qmgr
123 tlsmgr unix - - n 1000? 1 tlsmgr
124 rewrite unix - - n - - trivial-rewrite
125 bounce unix - - n - 0 bounce
126 defer unix - - n - 0 bounce
127 trace unix - - n - 0 bounce
128 verify unix - - n - 1 verify
129 flush unix n - n 1000? 0 flush
130 proxymap unix - - n - - proxymap
131 proxywrite unix - - n - - proxymap
132 smtp unix - - n - - smtp
133 relay unix - - n - - smtp -o fallback_relay=
134 showq unix n - n - - showq
135 error unix - - n - - error
136 retry unix - - n - - error
137 local unix - n n - - local
138 virtual unix - n n - - virtual
139 lmtp unix - - n - - lmtp
140 anvil unix - - n - 1 anvil
141 scache unix - - n - 1 scache
142 #maildrop unix - n n - - pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient}
143 #cyrus unix - n n - - pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user}
144 #dovecot unix - n n - - pipe flags=DR user=@l_rusr@ argv=@l_prefix@/libexec/dovecot/deliver -f ${sender} -d ${user} -n -m ${extension}
145 #spamass unix - n n - - pipe flags=R user=@l_rusr@ argv=@l_prefix@/bin/spamc -f -u ${user} -e @l_prefix@/sbin/sendmail -oi -f ${sender} ${recipient}
146 #uucp unix - n n - - pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
147 #ifmail unix - n n - - pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient)
148 #bsmtp unix - n n - - pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient
149 </file>
150 <file name="main.cf">
151 ##
152 ## @l_prefix@/etc/postfix/main.cf -- Postfix main configuration
153 ##
154 ## Run "@l_prefix@/sbin/postconf -n" to see all parameters overriding
155 ## defaults, run "@l_prefix@/sbin/postconf -d" to see all possible
156 ## parameters and their defaults and read the following manual
157 ## pages for description of each parameter: bounce(8), cleanup(8),
158 ## defer(8), error(8), flush(8), lmtp(8), local(8), master(8),
159 ## pickup(8), pipe(8), qmgr(8), showq(8), smtp(8), smtpd(8), spawn(8),
160 ## trivial-rewrite(8).
161 ##
163 # users
164 mail_owner = @l_musr@
165 setgid_group = @l_rgrp@
166 default_privs = @l_nusr@
168 # local host
169 myhostname = mail.example.com
170 mydomain = example.com
171 myorigin = $myhostname
173 # smtp daemon
174 #smtpd_banner = $myhostname ESMTP $mail_name
175 inet_interfaces = 127.0.0.1
177 # smtp client
178 smtp_bind_address = 127.0.0.1
180 # relaying
181 mynetworks = 127.0.0.0/8
182 #mydestination = $myhostname, localhost.$mydomain
183 #relay_domains = $mydestination,
184 # hash:@l_prefix@/etc/postfix/access
185 #relay_clientcerts = hash:@l_prefix@/etc/postfix/clicrt
186 #smtpd_recipient_restrictions = permit_mynetworks,
187 # check_client_access hash:@l_prefix@/etc/postfix/access,
188 # reject_unauth_destination
190 # maps
191 #canonical_maps = hash:@l_prefix@/etc/postfix/canonical
192 #smtp_generic_maps = hash:@l_prefix@/etc/postfix/generic
193 #virtual_alias_maps = hash:@l_prefix@/etc/postfix/virtual
194 #relocated_maps = hash:@l_prefix@/etc/postfix/relocated
195 #transport_maps = hash:@l_prefix@/etc/postfix/transport
196 alias_maps = hash:@l_prefix@/etc/postfix/aliases
197 alias_database = hash:@l_prefix@/etc/postfix/aliases
199 # local delivery
200 #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
201 recipient_delimiter = +
202 mailbox_command = @l_prefix@/bin/procmail -a "$EXTENSION"
204 </file>
205 <file name="access">
206 ##
207 ## @l_prefix@/etc/postfix/access -- access control for relaying
208 ##
209 ## Searched for both the client (hostname, parent domains, IP address,
210 ## networks obtained by stripping least significant octets from IP
211 ## address) and destination address (resolved destination address,
212 ## parent domain, or localpart@) in order to allow relaying. Rejects
213 ## the request if the result is REJECT or "[45]XX text". Permits the
214 ## request if the result is OK or RELAY or all-numerical.
215 ##
217 # Syntax (see access(5)):
218 # | user@domain action
219 # | domain action
220 # | user@ action
221 # | net.work.addr.ess action
222 # | net.work.addr action
223 # | net.work action
224 # | net action
225 # where "action" is one of:
226 # "[45]NN text", "REJECT", "OK", "restriction..."
227 #
228 # Examples:
229 # | mail.example.com OK
230 # | example.com REJECT
231 # | 192.168.0.1 OK
232 # | 192.168 REJECT
233 # | postmaster@ OK
235 </file>
236 <file name="virtual">
237 ##
238 ## @l_prefix@/etc/postfix/virtual -- virtual address translation
239 ##
240 ## Searched for virtual addresses user@domain, user and @domain
241 ## (in this order). It redirect mail for all recipients, local or
242 ## remote. The mapping affects only envelope recipients.
243 ##
245 # Syntax (see virtual(5)):
246 # | user@domain address, address, ...
247 # | user address, address, ...
248 # | @domain address, address, ...
249 #
250 # Examples:
251 # | @example.com john@example.com
252 # | postmaster@example.com postmaster
253 # | john@example1.com john1
254 # | john@example2.com john2
256 </file>
257 <file name="aliases">
258 ##
259 ## @l_prefix@/etc/postfix/aliases -- local mailbox aliases
260 ##
261 ## Searched for virtual addresses user@domain, user and @domain
262 ## (in this order). It redirect mail for all recipients, local or
263 ## remote. The mapping affects only envelope recipients.
264 ##
266 # Syntax (see aliases(5)):
267 # | name: value, value, ...
268 # where value is one of:
269 # "address", "/file/name", "|command", ":include:/file/name"
270 #
271 # Examples:
272 # | john.doe: john, doe
273 # | robot: |/path/to/robot
274 # | archive: /path/to/archive
275 # | users: :include:/path/to/users.list
276 # | owner-users: john.doe
278 # standard mail targets
279 nobody: /dev/null
280 MAILER-DAEMON: postmaster
282 # mailbox names for common services, roles and functions
283 # (see RFC2142 for more details and expanded list of names)
284 postmaster: root
285 hostmaster: root
286 security: root
287 abuse: root
289 # save unprivileged user storage of careless admins
290 root: /dev/null
292 </file>
293 <file name="canonical">
294 ##
295 ## @l_prefix@/etc/postfix/canonical -- address canonification on mail receiving
296 ##
297 ## Searched for canonical addresses for user@domain, user and @domain
298 ## (in this order).
299 ##
301 # Syntax (see canonical(5)):
302 # | user@domain address
303 # | user address
304 # | @domain address
305 #
306 # Examples:
307 # | postmaster@mail.example.com postmaster@example.com
308 # | john John.Doe
309 # | @example.com @example.com
311 </file>
312 <file name="relocated">
313 ##
314 ## @l_prefix@/etc/postfix/relocated -- relocate obsolete addresses
315 ##
316 ## Searched for relocated addresses user@domain, user and @domain
317 ## (in this order). It bounces mail for all recipients.
318 ##
320 # Syntax (see relocated(5)):
321 # | user@domain address
322 # | user address
323 # | @domain address
324 #
325 # Examples:
326 # | john@invalid john@example.com
327 # | john john@example.com
328 # | @invalid john@example.com
330 </file>
331 <file name="generic">
332 ##
333 ## @l_prefix@/etc/postfix/generic -- address canonification on mail sending
334 ##
335 ## Searched for canonical addresses for user@domain, user and @domain
336 ## (in this order).
337 ##
339 # Syntax (see generic(5)):
340 # | user@domain address
341 # | user address
342 # | @domain address
343 #
344 # Examples:
345 # | postmaster@mail.example.com postmaster@example.com
346 # | john John.Doe
347 # | @example.com @example.com
349 </file>
350 <file name="transport">
351 ##
352 ## @l_prefix@/etc/postfix/transport -- transport selection
353 ##
354 ## Searched for domain and .domain (in this order). It selects the
355 ## specified transport facility for delivery.
356 ##
358 # Syntax (see transport(5)):
359 # | domain transport:nexthop
360 # | .domain transport:nexthop
361 #
362 # Examples:
363 # | me.example.com local:
364 # | you.example.com smtp:mail.example.com:2525
365 # | example.com smtp:mail.example.com
366 # | .example.com smtp:mail.example.com
368 </file>
369 <file name="clients">
370 ##
371 ## @l_prefix@/etc/postfix/clients -- control for relaying clients
372 ##
373 ## Searched for both the client (hostname, parent domains, IP address,
374 ## networks obtained by stripping least significant octets from IP
375 ## address) and destination address (resolved destination address,
376 ## parent domain, or localpart@) in order to allow relaying. Rejects
377 ## the request if the result is REJECT or "[45]XX text". Permits the
378 ## request if the result is OK or RELAY or all-numerical.
379 ##
381 # Syntax (see postmap(5)):
382 # | user@domain action
383 # | domain action
384 # | user@ action
385 # | net.work.addr.ess action
386 # | net.work.addr action
387 # | net.work action
388 # | net action
389 # where "action" is one of:
390 # "[45]NN text", "REJECT", "OK", "restriction..."
391 #
392 # Examples:
393 # | mail.example.com OK
394 # | example.com REJECT
395 # | 192.168.0.1 OK
396 # | 192.168 REJECT
397 # | postmaster@ OK
399 </file>
400 <file name="senders">
401 ##
402 ## @l_prefix@/etc/postfix/senders -- control for relaying senders
403 ##
404 ## Searched for both the client (hostname, parent domains, IP address,
405 ## networks obtained by stripping least significant octets from IP
406 ## address) and destination address (resolved destination address,
407 ## parent domain, or localpart@) in order to allow relaying. Rejects
408 ## the request if the result is REJECT or "[45]XX text". Permits the
409 ## request if the result is OK or RELAY or all-numerical.
410 ##
412 # Syntax (see access(5)):
413 # | user@domain action
414 # | domain action
415 # | user@ action
416 # | net.work.addr.ess action
417 # | net.work.addr action
418 # | net.work action
419 # | net action
420 # where "action" is one of:
421 # "[45]NN text", "REJECT", "OK", "restriction..."
422 #
423 # Examples:
424 # | mail.example.com OK
425 # | example.com REJECT
426 # | 192.168.0.1 OK
427 # | 192.168 REJECT
428 # | postmaster@ OK
430 </file>
431 <file name="clicrt">
432 ##
433 ## @l_prefix@/etc/postfix/clicrt -- user identity verification
434 ##
435 ## Searched for user names matching TLS certificate fingerprints
436 ## when a client responding to the MTA's client certificate request
437 ## presents a valid (signed from proper CA) certificate.
438 ##
439 ## To find such fingerprints given a valid client certificate:
440 ## @l_prefix@/bin/openssl x509 -noout -fingerprint -sha1 -in certfile.pem
441 ##
443 # Syntax (fingerprint according to smtpd_tls_fingerprint_digest):
444 # | fingerprint arbitrary-value
445 #
446 # Examples:
447 # | B8:B8:A8:AE:B8:2A:2B:74:EC:43:FF:4F:B2:B2:AC:1E:B4:CE:26:1D user1
448 # | 18:81:F5:22:18:BA:EB:15:FF:40:30:00:EA:C0:B4:2E:EC:AE:86:8E user2
450 </file>
451 <file name="recipient">
452 ##
453 ## @l_prefix@/etc/postfix/recipient -- control for relaying recipients
454 ##
455 ## Searched for RCPT TO address, domain, parent domains, or localpart@
456 ## and rejects the request if the result is REJECT or "[45]XX text" or
457 ## permits the request if the result is OK or RELAY or all-numerical.
458 ##
460 # Syntax (see access(5)):
461 # | user@domain action
462 # | domain action
463 # | user@ action
464 # | net.work.addr.ess action
465 # | net.work.addr action
466 # | net.work action
467 # | net action
468 # where "action" is one of:
469 # "[45]NN text", "REJECT", "OK", "restriction..."
470 #
471 # Examples:
472 # | mail.example.com OK
473 # | example.com REJECT
474 # | 192.168.0.1 OK
475 # | 192.168 REJECT
476 # | postmaster@ OK
478 </file>
479 <file name="helo">
480 ##
481 ## @l_prefix@/etc/postfix/helo -- control for relaying helo transmissions
482 ##
483 ## Searched for HELO or EHLO hostname or parent domains and rejects the
484 ## request if the result is REJECT or "[45]XX text" or permits the request
485 ## if the result is OK or RELAY or all-numerical.
486 ##
488 # Syntax (see access(5)):
489 # | user@domain action
490 # | domain action
491 # | user@ action
492 # | net.work.addr.ess action
493 # | net.work.addr action
494 # | net.work action
495 # | net action
496 # where "action" is one of:
497 # "[45]NN text", "REJECT", "OK", "restriction..."
498 #
499 # Examples:
500 # | mail.example.com OK
501 # | example.com REJECT
502 # | 192.168.0.1 OK
503 # | 192.168 REJECT
504 # | postmaster@ OK
506 </file>
