Bladeren bron

postfix: Update config for MX, move main.cf into private repo

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 4 jaren geleden
bovenliggende
commit
b7ead4b3d4
2 gewijzigde bestanden met toevoegingen van 2 en 97 verwijderingen
  1. 0 95
      postfix/main.cf.H_mail.in.ffho.net
  2. 2 2
      postfix/master.cf.H_mail.in.ffho.net

+ 0 - 95
postfix/main.cf.H_mail.in.ffho.net

@@ -1,95 +0,0 @@
-#
-# /etc/postfix/main.cf (Salt managed)
-#
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-compatibility_level=2
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.cert.pem
-smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key.pem
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtpd_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
-smtp_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
-smtp_tls_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2 !SSLv3
-smtpd_tls_exclude_ciphers = RC4, aNULL
-smtp_tls_exclude_ciphers = RC4, aNULL
-
-# SASL parameters
-smtpd_sasl_auth_enable = yes
-broken_sasl_auth_clients = yes
-smtpd_sasl_security_options = noanonymous
-smtpd_sasl_local_domain = 
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = mail.ffho.net
-alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
-alias_database = hash:/etc/aliases
-virtual_alias_domains = hash:/etc/postfix/virtual-domains
-virtual_alias_maps = hash:/etc/postfix/virtual-aliases
-
-myorigin = /etc/mailname
-mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
-relayhost = 
-
-# Read mynetworks from file
-mynetworks = /etc/postfix/mynetworks
-mailbox_command = procmail -a "$EXTENSION"
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
- 				
-smtpd_sender_restrictions =     check_sender_access hash:/etc/postfix/sender_checks,   
-				check_sender_access regexp:/etc/postfix/sender_checks_regexp,
-                                reject_non_fqdn_sender,
-                                reject_unknown_sender_domain
-
-smtpd_recipient_restrictions =  check_recipient_access hash:/etc/postfix/access_recipient-rfc,
-                                reject_non_fqdn_recipient,
-                                reject_unknown_recipient_domain, 
-                                permit_mynetworks, 
-                                permit_sasl_authenticated,
-                                reject_unauth_destination, 
-                                reject_unauth_pipelining,
-                                # Local Whitelist to override greylisting
-                                check_client_access hash:/etc/postfix/greylist_override,
-                                # greylisting by greyfix:
-				check_policy_service unix:private/greyfix,
-				permit
-
-# switched from policyd-weight to postscreen on buster (policyd-weight didn't work anymore)
-postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
-postscreen_blacklist_action = drop
-postscreen_greet_action = enforce
-postscreen_dnsbl_threshold = 3
-postscreen_dnsbl_action = enforce
-postscreen_dnsbl_sites =
-			pbl.spamhaus.org*2
-			sbl-xbl.spamhaus.org*3
-			bl.spamcop.net*2
-			ix.dnsbl.manitu.net*3
-
-# MailScanner checks
-header_checks = regexp:/etc/postfix/header_checks

+ 2 - 2
postfix/master.cf.H_mail.in.ffho.net

@@ -122,5 +122,5 @@ scalemail-backend unix	-	n	n	-	2	pipe
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FR user=list
 #  argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
-greyfix    unix  -       n       n       -       -       spawn
-  user=nobody argv=/usr/local/sbin/greyfix --greylist-delay 60 -/ 24 -6 56
+#greyfix    unix  -       n       n       -       -       spawn
+#  user=nobody argv=/usr/local/sbin/greyfix --greylist-delay 60 -/ 24 -6 56