commit 61f90ee2175e7547aa35b134145f127fc9aaa622 Author: PIVODEVAT Date: Fri Mar 14 01:52:25 2025 +0300 init diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..58ea8f1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,508 @@ +LICENSE - SECURE MAILER + +This software is dual-licensed under both the Eclipse Public License +version 2.0 and the IBM Public License version 1.0, for those who +are more comfortable continuing with that license. Recipients can +choose to take the software under the license of their choice. + +The remainder of this text contains a copy of each license. + +Eclipse Public License - v 2.0 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION + OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + + a) in the case of the initial Contributor, the initial content + Distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate from + and are Distributed by that particular Contributor. A Contribution + "originates" from a Contributor if it was added to the Program by + such Contributor itself or anyone acting on such Contributor's behalf. + Contributions do not include changes or additions to the Program that + are not Modified Works. + +"Contributor" means any person or entity that Distributes the Program. + +"Licensed Patents" mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Program" means the Contributions Distributed in accordance with this +Agreement. + +"Recipient" means anyone who receives the Program under this Agreement +or any Secondary License (as applicable), including Contributors. + +"Derivative Works" shall mean any work, whether in Source Code or other +form, that is based on (or derived from) the Program and for which the +editorial revisions, annotations, elaborations, or other modifications +represent, as a whole, an original work of authorship. + +"Modified Works" shall mean any work in Source Code or other form that +results from an addition to, deletion from, or modification of the +contents of the Program, including, for purposes of clarity any new file +in Source Code form that contains any contents of the Program. Modified +Works shall not include works that contain only declarations, +interfaces, types, classes, structures, or files of the Program solely +in each case in order to link to, bind by name, or subclass the Program +or Modified Works thereof. + +"Distribute" means the acts of a) distributing or b) making available +in any manner that enables the transfer of a copy. + +"Source Code" means the form of a Program preferred for making +modifications, including but not limited to software source code, +documentation source, and configuration files. + +"Secondary License" means either the GNU General Public License, +Version 2.0, or any later versions of that license, including any +exceptions or additional permissions as identified by the initial +Contributor. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare Derivative Works of, publicly display, + publicly perform, Distribute and sublicense the Contribution of such + Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in Source Code or other form. This patent license shall + apply to the combination of the Contribution and the Program if, at + the time the Contribution is added by the Contributor, such addition + of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other + combinations which include the Contribution. No hardware per se is + licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to Distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + + d) Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + e) Notwithstanding the terms of any Secondary License, no + Contributor makes additional grants to any Recipient (other than + those set forth in this Agreement) as a result of such Recipient's + receipt of the Program under the terms of a Secondary License + (if permitted under the terms of Section 3). + +3. REQUIREMENTS + +3.1 If a Contributor Distributes the Program in any form, then: + + a) the Program must also be made available as Source Code, in + accordance with section 3.2, and the Contributor must accompany + the Program with a statement that the Source Code for the Program + is available under this Agreement, and informs Recipients how to + obtain it in a reasonable manner on or through a medium customarily + used for software exchange; and + + b) the Contributor may Distribute the Program under a license + different than this Agreement, provided that such license: + i) effectively disclaims on behalf of all other Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + + ii) effectively excludes on behalf of all other Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + + iii) does not attempt to limit or alter the recipients' rights + in the Source Code under section 3.2; and + + iv) requires any subsequent distribution of the Program by any + party to be under a license that satisfies the requirements + of this section 3. + +3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, or if the + Program (i) is combined with other material in a separate file or + files made available under a Secondary License, and (ii) the initial + Contributor attached to the Source Code the notice described in + Exhibit A of this Agreement, then the Program may be made available + under the terms of such Secondary Licenses, and + + b) a copy of this Agreement must be included with each copy of + the Program. + +3.3 Contributors may not remove or alter any copyright, patent, +trademark, attribution notices, disclaimers of warranty, or limitations +of liability ("notices") contained within the Program from any copy of +the Program which they Distribute, provided that Contributors may add +their own appropriate notices. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, +the Contributor who includes the Program in a commercial product +offering should do so in a manner which does not create potential +liability for other Contributors. Therefore, if a Contributor includes +the Program in a commercial product offering, such Contributor +("Commercial Contributor") hereby agrees to defend and indemnify every +other Contributor ("Indemnified Contributor") against any losses, +damages and costs (collectively "Losses") arising from claims, lawsuits +and other legal actions brought by a third party against the Indemnified +Contributor to the extent caused by the acts or omissions of such +Commercial Contributor in connection with its distribution of the Program +in a commercial product offering. The obligations in this section do not +apply to any claims or Losses relating to any actual or alleged +intellectual property infringement. In order to qualify, an Indemnified +Contributor must: a) promptly notify the Commercial Contributor in +writing of such claim, and b) allow the Commercial Contributor to control, +and cooperate with the Commercial Contributor in, the defense and any +related settlement negotiations. The Indemnified Contributor may +participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay +those damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" +BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR +IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF +TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. Each Recipient is solely responsible for determining the +appropriateness of using and distributing the Program and assumes all +risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs +or equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS +SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST +PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE +EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further +action by the parties hereto, such provision shall be reformed to the +minimum extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against any entity +(including a cross-claim or counterclaim in a lawsuit) alleging that the +Program itself (excluding combinations of the Program with other software +or hardware) infringes such Recipient's patent(s), then such Recipient's +rights granted under Section 2(b) shall terminate as of the date such +litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it +fails to comply with any of the material terms or conditions of this +Agreement and does not cure such failure in a reasonable period of +time after becoming aware of such noncompliance. If all Recipient's +rights under this Agreement terminate, Recipient agrees to cease use +and distribution of the Program as soon as reasonably practicable. +However, Recipient's obligations under this Agreement and any licenses +granted by Recipient relating to the Program shall continue and survive. + +Everyone is permitted to copy and distribute copies of this Agreement, +but in order to avoid inconsistency the Agreement is copyrighted and +may only be modified in the following manner. The Agreement Steward +reserves the right to publish new versions (including revisions) of +this Agreement from time to time. No one other than the Agreement +Steward has the right to modify this Agreement. The Eclipse Foundation +is the initial Agreement Steward. The Eclipse Foundation may assign the +responsibility to serve as the Agreement Steward to a suitable separate +entity. Each new version of the Agreement will be given a distinguishing +version number. The Program (including Contributions) may always be +Distributed subject to the version of the Agreement under which it was +received. In addition, after a new version of the Agreement is published, +Contributor may elect to Distribute the Program (including its +Contributions) under the new version. + +Except as expressly stated in Sections 2(a) and 2(b) above, Recipient +receives no rights or licenses to the intellectual property of any +Contributor under this Agreement, whether expressly, by implication, +estoppel or otherwise. All rights in the Program not expressly granted +under this Agreement are reserved. Nothing in this Agreement is intended +to be enforceable by any entity that is not a Contributor or Recipient. +No third-party beneficiary rights are created under this Agreement. + +Exhibit A - Form of Secondary Licenses Notice + +"This Source Code may also be made available under the following +Secondary Licenses when the conditions for such availability set forth +in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), +version(s), and exceptions or additional permissions here}." + + Simply including a copy of this Agreement, including this Exhibit A + is not sufficient to license the Source Code under Secondary Licenses. + + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to + look for such a notice. + + You may add additional accurate notices of copyright ownership. + +IBM PUBLIC LICENSE VERSION 1.0 - SECURE MAILER + +THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC +LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE +PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + a) in the case of International Business Machines Corporation ("IBM"), + the Original Program, and + b) in the case of each Contributor, + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate + from and are distributed by that particular Contributor. + A Contribution 'originates' from a Contributor if it was added + to the Program by such Contributor itself or anyone acting on + such Contributor's behalf. + Contributions do not include additions to the Program which: + (i) are separate modules of software distributed in conjunction + with the Program under their own license agreement, and + (ii) are not derivative works of the Program. + +"Contributor" means IBM and any other entity that distributes the Program. + +"Licensed Patents " mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Original Program" means the original version of the software accompanying +this Agreement as released by IBM, including source code, object code +and documentation, if any. + +"Program" means the Original Program and Contributions. + +"Recipient" means anyone who receives the Program under this Agreement, +including all Contributors. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare derivative works of, publicly display, + publicly perform, distribute and sublicense the Contribution of such + Contributor, if any, and such derivative works, in source code and + object code form. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in source code and object code form. This patent license + shall apply to the combination of the Contribution and the Program + if, at the time the Contribution is added by the Contributor, such + addition of the Contribution causes such combination to be covered + by the Licensed Patents. The patent license shall not apply to any + other combinations which include the Contribution. No hardware per + se is licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the rights + and licenses granted hereunder, each Recipient hereby assumes sole + responsibility to secure any other intellectual property rights + needed, if any. For example, if a third party patent license + is required to allow Recipient to distribute the Program, it is + Recipient's responsibility to acquire that license before distributing + the Program. + + d) Each Contributor represents that to its knowledge it has sufficient + copyright rights in its Contribution, if any, to grant the copyright + license set forth in this Agreement. + +3. REQUIREMENTS + +A Contributor may choose to distribute the Program in object code form +under its own license agreement, provided that: + a) it complies with the terms and conditions of this Agreement; and + b) its license agreement: + i) effectively disclaims on behalf of all Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + ii) effectively excludes on behalf of all Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + iii) states that any provisions which differ from this Agreement + are offered by that Contributor alone and not by any other + party; and + iv) states that source code for the Program is available from + such Contributor, and informs licensees how to obtain it in a + reasonable manner on or through a medium customarily used for + software exchange. + +When the Program is made available in source code form: + a) it must be made available under this Agreement; and + b) a copy of this Agreement must be included with each copy of the + Program. + +Each Contributor must include the following in a conspicuous location +in the Program: + + Copyright (c) 1997,1998,1999, International Business Machines + Corporation and others. All Rights Reserved. + +In addition, each Contributor must identify itself as the originator of +its Contribution, if any, in a manner that reasonably allows subsequent +Recipients to identify the originator of the Contribution. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, the +Contributor who includes the Program in a commercial product offering +should do so in a manner which does not create potential liability for +other Contributors. Therefore, if a Contributor includes the Program in +a commercial product offering, such Contributor ("Commercial Contributor") +hereby agrees to defend and indemnify every other Contributor +("Indemnified Contributor") against any losses, damages and costs +(collectively "Losses") arising from claims, lawsuits and other legal +actions brought by a third party against the Indemnified Contributor to +the extent caused by the acts or omissions of such Commercial Contributor +in connection with its distribution of the Program in a commercial +product offering. The obligations in this section do not apply to any +claims or Losses relating to any actual or alleged intellectual property +infringement. In order to qualify, an Indemnified Contributor must: + a) promptly notify the Commercial Contributor in writing of such claim, +and + b) allow the Commercial Contributor to control, and cooperate with + the Commercial Contributor in, the defense and any related + settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay those +damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED +ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER +EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR +CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A +PARTICULAR PURPOSE. Each Recipient is solely responsible for determining +the appropriateness of using and distributing the Program and assumes +all risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs or +equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR +ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING +WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION +OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further action +by the parties hereto, such provision shall be reformed to the minimum +extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against a Contributor with +respect to a patent applicable to software (including a cross-claim or +counterclaim in a lawsuit), then any patent licenses granted by that +Contributor to such Recipient under this Agreement shall terminate +as of the date such litigation is filed. In addition, If Recipient +institutes patent litigation against any entity (including a cross-claim +or counterclaim in a lawsuit) alleging that the Program itself (excluding +combinations of the Program with other software or hardware) infringes +such Recipient's patent(s), then such Recipient's rights granted under +Section 2(b) shall terminate as of the date such litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it fails +to comply with any of the material terms or conditions of this Agreement +and does not cure such failure in a reasonable period of time after +becoming aware of such noncompliance. If all Recipient's rights under +this Agreement terminate, Recipient agrees to cease use and distribution +of the Program as soon as reasonably practicable. However, Recipient's +obligations under this Agreement and any licenses granted by Recipient +relating to the Program shall continue and survive. + +IBM may publish new versions (including revisions) of this Agreement +from time to time. Each new version of the Agreement will be given a +distinguishing version number. The Program (including Contributions) +may always be distributed subject to the version of the Agreement under +which it was received. In addition, after a new version of the Agreement +is published, Contributor may elect to distribute the Program (including +its Contributions) under the new version. No one other than IBM has the +right to modify this Agreement. Except as expressly stated in Sections +2(a) and 2(b) above, Recipient receives no rights or licenses to the +intellectual property of any Contributor under this Agreement, whether +expressly, by implication, estoppel or otherwise. All rights in the +Program not expressly granted under this Agreement are reserved. + +This Agreement is governed by the laws of the State of New York and the +intellectual property laws of the United States of America. No party to +this Agreement will bring a legal action under this Agreement more than +one year after the cause of action arose. Each party waives its rights +to a jury trial in any resulting litigation. diff --git a/TLS_LICENSE b/TLS_LICENSE new file mode 100644 index 0000000..3d54be2 --- /dev/null +++ b/TLS_LICENSE @@ -0,0 +1,36 @@ +Author: +======= +- Postfix/TLS support was originally developed by Lutz Jaenicke of + Brandenburg University of Technology, Cottbus, Germany. + +License: +======== +- This software is free. You can do with it whatever you want. + I would however kindly ask you to acknowledge the use of this + package, if you are going use it in your software, which you might + be going to distribute. I would also like to receive a note if + you are a satisfied user :-) + +Acknowledgements: +================= +- This package is based on the OpenSSL package as provided by the + ``OpenSSL Project''. + +Disclaimer: +=========== +- This software is provided ``as is''. You are using it at your own risk. + I will take no liability in any case. +- This software package uses strong cryptography, so even if it is created, + maintained and distributed from liberal countries in Europe (where it is + legal to do this), it falls under certain export/import and/or use + restrictions in some other parts of the world. +- PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG + CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST + COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS + ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE + TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL + TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR + OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY + EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF + PFIXTLS IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE + CAREFULLY YOURSELF, IT IS YOUR RESPONSIBILITY. diff --git a/access b/access new file mode 100644 index 0000000..5e3de53 --- /dev/null +++ b/access @@ -0,0 +1,484 @@ +# ACCESS(5) ACCESS(5) +# +# NAME +# access - Postfix SMTP server access table +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/access +# +# postmap -q "string" /usr/local/etc/postfix/access +# +# postmap -q - /usr/local/etc/postfix/access as the lookup key for such addresses. The value is +# specified with the smtpd_null_access_lookup_key parameter +# in the Postfix main.cf file. +# +# EMAIL ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, +# and user@. +# +# HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, the following +# lookup patterns are examined in the order as listed: +# +# domain.tld +# Matches domain.tld. +# +# The pattern domain.tld also matches subdomains, but +# only when the string smtpd_access_maps is listed in +# the Postfix parent_domain_matches_subdomains con- +# figuration setting. +# +# .domain.tld +# Matches subdomains of domain.tld, but only when the +# string smtpd_access_maps is not listed in the Post- +# fix parent_domain_matches_subdomains configuration +# setting. +# +# net.work.addr.ess +# +# net.work.addr +# +# net.work +# +# net Matches a remote IPv4 host address or network +# address range. Specify one to four decimal octets +# separated by ".". Do not specify "[]" , "/", lead- +# ing zeros, or hexadecimal forms. +# +# Network ranges are matched by repeatedly truncating +# the last ".octet" from a remote IPv4 host address +# string, until a match is found in the access table, +# or until further truncation is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# net:work:addr:ess +# +# net:work:addr +# +# net:work +# +# net Matches a remote IPv6 host address or network +# address range. Specify three to eight hexadecimal +# octet pairs separated by ":", using the compressed +# form "::" for a sequence of zero-valued octet +# pairs. Do not specify "[]", "/", leading zeros, or +# non-compressed forms. +# +# A network range is matched by repeatedly truncating +# the last ":octetpair" from the compressed-form +# remote IPv6 host address string, until a match is +# found in the access table, or until further trunca- +# tion is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# IPv6 support is available in Postfix 2.2 and later. +# +# ACCEPT ACTIONS +# OK Accept the address etc. that matches the pattern. +# +# all-numerical +# An all-numerical result is treated as OK. This for- +# mat is generated by address-based relay authoriza- +# tion schemes such as pop-before-smtp. +# +# For other accept actions, see "OTHER ACTIONS" below. +# +# REJECT ACTIONS +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When no code is specified +# at the beginning of the text below, Postfix inserts a +# default enhanced status code of "5.7.1" in the case of +# reject actions, and "4.7.1" in the case of defer actions. +# See "ENHANCED STATUS CODES" below. +# +# 4NN text +# +# 5NN text +# Reject the address etc. that matches the pattern, +# and respond with the numerical three-digit code and +# text. 4NN means "try again later", while 5NN means +# "do not try again". +# +# The following responses have special meaning for +# the Postfix SMTP server: +# +# 421 text (Postfix 2.3 and later) +# +# 521 text (Postfix 2.6 and later) +# After responding with the numerical +# three-digit code and text, disconnect imme- +# diately from the SMTP client. This frees up +# SMTP server resources so that they can be +# made available to another SMTP client. +# +# Note: The "521" response should be used only +# with botnets and other malware where inter- +# operability is of no concern. The "send 521 +# and disconnect" behavior is NOT defined in +# the SMTP standard. +# +# REJECT optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_reject_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# DEFER optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_defer_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# This feature is available in Postfix 2.6 and later. +# +# DEFER_IF_REJECT optional text... +# Defer the request if some later restriction would +# result in a REJECT action. Reply with +# "$access_map_defer_code 4.7.1 optional text..." +# when the optional text is specified, otherwise +# reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# DEFER_IF_PERMIT optional text... +# Defer the request if some later restriction would +# result in an explicit or implicit PERMIT action. +# Reply with "$access_map_defer_code 4.7.1 optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# For other reject actions, see "OTHER ACTIONS" below. +# +# OTHER ACTIONS +# restriction... +# Apply the named UCE restriction(s) (permit, reject, +# reject_unauth_destination, and so on). +# +# BCC user@domain +# Send one copy of the message to the specified +# recipient. +# +# If multiple BCC actions are specified within the +# same SMTP MAIL transaction, with Postfix 3.0 only +# the last action will be used. +# +# This feature is available in Postfix 3.0 and later. +# +# DISCARD optional text... +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- +# erwise log a generic message. +# +# Note: this action currently affects all recipients +# of the message. To discard only one recipient +# without discarding the entire message, use the +# transport(5) table to direct mail to the discard(8) +# service. +# +# This feature is available in Postfix 2.0 and later. +# +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network +# address subnetwork). +# +# This feature is available in Postfix 2.0 and later. +# +# FILTER transport:destination +# After the message is queued, send the entire mes- +# sage through the specified external content filter. +# The transport name specifies the first field of a +# mail delivery agent definition in master.cf; the +# syntax of the next-hop destination is described in +# the manual page of the corresponding delivery +# agent. More information about external content +# filters is in the Postfix FILTER_README file. +# +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you +# know that the information has a trusted origin. +# +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER +# actions fire, only the last one is executed. +# +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 +# and later), or specify a transport:destination that +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- +# der-dependent sender_dependent_default_transport- +# _maps features. +# +# This feature is available in Postfix 2.0 and later. +# +# HOLD optional text... +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, +# otherwise log a generic message. +# +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or +# released with the postsuper(1) command. +# +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- +# mal_queue_lifetime or $bounce_queue_lifetime, or +# longer. Use "postsuper -H" only for mail that will +# not expire within a few delivery attempts. +# +# Note: this action currently affects all recipients +# of the message. +# +# This feature is available in Postfix 2.0 and later. +# +# PREPEND headername: headervalue +# Prepend the specified message header to the mes- +# sage. When more than one PREPEND action executes, +# the first prepended header appears before the sec- +# ond etc. prepended header. +# +# Note: this action must execute before the message +# content is received; it cannot execute in the con- +# text of smtpd_end_of_data_restrictions. +# +# This feature is available in Postfix 2.1 and later. +# +# REDIRECT user@domain +# After the message is queued, send the message to +# the specified address instead of the intended +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. +# +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. +# +# This feature is available in Postfix 2.1 and later. +# +# INFO optional text... +# Log an informational record with the optional text, +# together with client information and if available, +# with helo, sender, recipient and protocol informa- +# tion. +# +# This feature is available in Postfix 3.0 and later. +# +# WARN optional text... +# Log a warning with the optional text, together with +# client information and if available, with helo, +# sender, recipient and protocol information. +# +# This feature is available in Postfix 2.1 and later. +# +# ENHANCED STATUS CODES +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen +# regardless of whether Postfix replies to a MAIL FROM, RCPT +# TO or other SMTP command. +# +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding +# sender DSN status, and vice versa. +# +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., +# 4.0.0). +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire string being looked up. Depending on the appli- +# cation, that string is an entire client hostname, an +# entire client IP address, or an entire mail address. Thus, +# no parent domain or parent network search is done, +# user@domain mail addresses are not broken up into their +# user@ and domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire +# client hostname, an entire client IP address, or an entire +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is +# user+foo broken up into user and foo. +# +# Actions are the same as with indexed file lookups. +# +# EXAMPLE +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on +# your system. +# +# /usr/local/etc/postfix/main.cf: +# smtpd_client_restrictions = +# check_client_access hash:$config_directory/access +# +# /usr/local/etc/postfix/access: +# 1.2.3 REJECT +# 1.2.3.4 OK +# +# Execute the command "postmap /usr/local/etc/postfix/access" after +# editing the file. +# +# BUGS +# The table format does not understand quoting conventions. +# +# SEE ALSO +# postmap(1), Postfix lookup table manager +# smtpd(8), SMTP server +# postconf(5), configuration parameters +# transport(5), transport:nexthop syntax +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# SMTPD_ACCESS_README, built-in SMTP server access control +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ACCESS(5) diff --git a/access.sample b/access.sample new file mode 100644 index 0000000..5e3de53 --- /dev/null +++ b/access.sample @@ -0,0 +1,484 @@ +# ACCESS(5) ACCESS(5) +# +# NAME +# access - Postfix SMTP server access table +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/access +# +# postmap -q "string" /usr/local/etc/postfix/access +# +# postmap -q - /usr/local/etc/postfix/access as the lookup key for such addresses. The value is +# specified with the smtpd_null_access_lookup_key parameter +# in the Postfix main.cf file. +# +# EMAIL ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, +# and user@. +# +# HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, the following +# lookup patterns are examined in the order as listed: +# +# domain.tld +# Matches domain.tld. +# +# The pattern domain.tld also matches subdomains, but +# only when the string smtpd_access_maps is listed in +# the Postfix parent_domain_matches_subdomains con- +# figuration setting. +# +# .domain.tld +# Matches subdomains of domain.tld, but only when the +# string smtpd_access_maps is not listed in the Post- +# fix parent_domain_matches_subdomains configuration +# setting. +# +# net.work.addr.ess +# +# net.work.addr +# +# net.work +# +# net Matches a remote IPv4 host address or network +# address range. Specify one to four decimal octets +# separated by ".". Do not specify "[]" , "/", lead- +# ing zeros, or hexadecimal forms. +# +# Network ranges are matched by repeatedly truncating +# the last ".octet" from a remote IPv4 host address +# string, until a match is found in the access table, +# or until further truncation is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# net:work:addr:ess +# +# net:work:addr +# +# net:work +# +# net Matches a remote IPv6 host address or network +# address range. Specify three to eight hexadecimal +# octet pairs separated by ":", using the compressed +# form "::" for a sequence of zero-valued octet +# pairs. Do not specify "[]", "/", leading zeros, or +# non-compressed forms. +# +# A network range is matched by repeatedly truncating +# the last ":octetpair" from the compressed-form +# remote IPv6 host address string, until a match is +# found in the access table, or until further trunca- +# tion is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# IPv6 support is available in Postfix 2.2 and later. +# +# ACCEPT ACTIONS +# OK Accept the address etc. that matches the pattern. +# +# all-numerical +# An all-numerical result is treated as OK. This for- +# mat is generated by address-based relay authoriza- +# tion schemes such as pop-before-smtp. +# +# For other accept actions, see "OTHER ACTIONS" below. +# +# REJECT ACTIONS +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When no code is specified +# at the beginning of the text below, Postfix inserts a +# default enhanced status code of "5.7.1" in the case of +# reject actions, and "4.7.1" in the case of defer actions. +# See "ENHANCED STATUS CODES" below. +# +# 4NN text +# +# 5NN text +# Reject the address etc. that matches the pattern, +# and respond with the numerical three-digit code and +# text. 4NN means "try again later", while 5NN means +# "do not try again". +# +# The following responses have special meaning for +# the Postfix SMTP server: +# +# 421 text (Postfix 2.3 and later) +# +# 521 text (Postfix 2.6 and later) +# After responding with the numerical +# three-digit code and text, disconnect imme- +# diately from the SMTP client. This frees up +# SMTP server resources so that they can be +# made available to another SMTP client. +# +# Note: The "521" response should be used only +# with botnets and other malware where inter- +# operability is of no concern. The "send 521 +# and disconnect" behavior is NOT defined in +# the SMTP standard. +# +# REJECT optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_reject_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# DEFER optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_defer_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# This feature is available in Postfix 2.6 and later. +# +# DEFER_IF_REJECT optional text... +# Defer the request if some later restriction would +# result in a REJECT action. Reply with +# "$access_map_defer_code 4.7.1 optional text..." +# when the optional text is specified, otherwise +# reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# DEFER_IF_PERMIT optional text... +# Defer the request if some later restriction would +# result in an explicit or implicit PERMIT action. +# Reply with "$access_map_defer_code 4.7.1 optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# For other reject actions, see "OTHER ACTIONS" below. +# +# OTHER ACTIONS +# restriction... +# Apply the named UCE restriction(s) (permit, reject, +# reject_unauth_destination, and so on). +# +# BCC user@domain +# Send one copy of the message to the specified +# recipient. +# +# If multiple BCC actions are specified within the +# same SMTP MAIL transaction, with Postfix 3.0 only +# the last action will be used. +# +# This feature is available in Postfix 3.0 and later. +# +# DISCARD optional text... +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- +# erwise log a generic message. +# +# Note: this action currently affects all recipients +# of the message. To discard only one recipient +# without discarding the entire message, use the +# transport(5) table to direct mail to the discard(8) +# service. +# +# This feature is available in Postfix 2.0 and later. +# +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network +# address subnetwork). +# +# This feature is available in Postfix 2.0 and later. +# +# FILTER transport:destination +# After the message is queued, send the entire mes- +# sage through the specified external content filter. +# The transport name specifies the first field of a +# mail delivery agent definition in master.cf; the +# syntax of the next-hop destination is described in +# the manual page of the corresponding delivery +# agent. More information about external content +# filters is in the Postfix FILTER_README file. +# +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you +# know that the information has a trusted origin. +# +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER +# actions fire, only the last one is executed. +# +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 +# and later), or specify a transport:destination that +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- +# der-dependent sender_dependent_default_transport- +# _maps features. +# +# This feature is available in Postfix 2.0 and later. +# +# HOLD optional text... +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, +# otherwise log a generic message. +# +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or +# released with the postsuper(1) command. +# +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- +# mal_queue_lifetime or $bounce_queue_lifetime, or +# longer. Use "postsuper -H" only for mail that will +# not expire within a few delivery attempts. +# +# Note: this action currently affects all recipients +# of the message. +# +# This feature is available in Postfix 2.0 and later. +# +# PREPEND headername: headervalue +# Prepend the specified message header to the mes- +# sage. When more than one PREPEND action executes, +# the first prepended header appears before the sec- +# ond etc. prepended header. +# +# Note: this action must execute before the message +# content is received; it cannot execute in the con- +# text of smtpd_end_of_data_restrictions. +# +# This feature is available in Postfix 2.1 and later. +# +# REDIRECT user@domain +# After the message is queued, send the message to +# the specified address instead of the intended +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. +# +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. +# +# This feature is available in Postfix 2.1 and later. +# +# INFO optional text... +# Log an informational record with the optional text, +# together with client information and if available, +# with helo, sender, recipient and protocol informa- +# tion. +# +# This feature is available in Postfix 3.0 and later. +# +# WARN optional text... +# Log a warning with the optional text, together with +# client information and if available, with helo, +# sender, recipient and protocol information. +# +# This feature is available in Postfix 2.1 and later. +# +# ENHANCED STATUS CODES +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen +# regardless of whether Postfix replies to a MAIL FROM, RCPT +# TO or other SMTP command. +# +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding +# sender DSN status, and vice versa. +# +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., +# 4.0.0). +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire string being looked up. Depending on the appli- +# cation, that string is an entire client hostname, an +# entire client IP address, or an entire mail address. Thus, +# no parent domain or parent network search is done, +# user@domain mail addresses are not broken up into their +# user@ and domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire +# client hostname, an entire client IP address, or an entire +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is +# user+foo broken up into user and foo. +# +# Actions are the same as with indexed file lookups. +# +# EXAMPLE +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on +# your system. +# +# /usr/local/etc/postfix/main.cf: +# smtpd_client_restrictions = +# check_client_access hash:$config_directory/access +# +# /usr/local/etc/postfix/access: +# 1.2.3 REJECT +# 1.2.3.4 OK +# +# Execute the command "postmap /usr/local/etc/postfix/access" after +# editing the file. +# +# BUGS +# The table format does not understand quoting conventions. +# +# SEE ALSO +# postmap(1), Postfix lookup table manager +# smtpd(8), SMTP server +# postconf(5), configuration parameters +# transport(5), transport:nexthop syntax +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# SMTPD_ACCESS_README, built-in SMTP server access control +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ACCESS(5) diff --git a/aliases b/aliases new file mode 100644 index 0000000..280c3d2 --- /dev/null +++ b/aliases @@ -0,0 +1,273 @@ +# +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to Postfix. +# + +# Person who should get root's mail. Don't receive mail as root! +#root: you + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +bin: root +daemon: root +named: root +nobody: root +uucp: root +www: root +ftp-bugs: root +postfix: root + +# Put your local aliases here. + +# Well-known aliases +manager: root +dumper: root +operator: root +abuse: postmaster + +# trap decode to catch security attacks +decode: root + +# ALIASES(5) ALIASES(5) +# +# NAME +# aliases - Postfix local alias database format +# +# SYNOPSIS +# newaliases +# +# DESCRIPTION +# The optional aliases(5) table (alias_maps) redirects mail +# for local recipients. The redirections are processed by +# the Postfix local(8) delivery agent. +# +# This is unlike virtual(5) aliasing (virtual_alias_maps) +# which applies to all recipients: local(8), virtual, and +# remote, and which is implemented by the cleanup(8) daemon. +# +# Normally, the aliases(5) table is specified as a text file +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after +# changing the Postfix alias database. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR +# EXPRESSION TABLES". +# +# Users can control delivery of their own mail by setting up +# .forward files in their home directory. Lines in per-user +# .forward files have the same syntax as the right-hand side +# of aliases(5) entries. +# +# The format of the alias database input file is as follows: +# +# o An alias definition has the form +# +# name: value1, value2, ... +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to +# lowercase, in order to make database lookups case insensi- +# tive. +# +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- +# ery diagnostics are directed to owner-name, instead of the +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who +# is in a better position to deal with mailing list delivery +# problems than the originator of the undelivered mail. +# +# The value contains one or more of the following: +# +# address +# Mail is forwarded to address, which is compatible +# with the RFC 822 standard. +# +# /file/name +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, +# deflect it to /dev/null. +# +# |command +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- +# ERY" and "DELIVERY RIGHTS" in the local(8) documen- +# tation. +# +# When the command fails, a limited amount of command +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to +# implement an expensive black hole. +# +# :include:/file/name +# Mail is sent to the destinations listed in the +# named file. Lines in :include: files have the same +# syntax as the right-hand side of alias entries. +# +# A destination can be any destination that is +# described in this manual page. However, delivery to +# "|command" and /file/name is disallowed by default. +# To enable, edit the allow_mail_to_commands and +# allow_mail_to_files configuration parameters. +# +# ADDRESS EXTENSION +# When alias database search fails, and the recipient local- +# part contains the optional recipient delimiter (e.g., +# user+foo), the search is repeated for the unextended +# address (e.g., user). +# +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- +# gated to the result of table lookup. +# +# CASE FOLDING +# The local(8) delivery agent always folds the search string +# to lowercase before database lookup. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). NOTE: these formats +# do not use ":" at the end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string user+foo is not broken up +# into user and foo. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for $1, $2 etc. +# substring interpolation. +# +# SECURITY +# The local(8) delivery agent disallows regular expression +# substitution of $1 etc. in alias_maps, because that would +# open a security hole. +# +# The local(8) delivery agent will silently ignore requests +# to use the proxymap(8) server within alias_maps. Instead +# it will open the table directly. Before Postfix version +# 2.2, the local(8) delivery agent will terminate with a +# fatal error. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# alias_database (see 'postconf -d' output) +# The alias databases for local(8) delivery that are +# updated with "newaliases" or with "sendmail -bi". +# +# alias_maps (see 'postconf -d' output) +# Optional lookup tables with aliases that apply only +# to local(8) recipients; this is unlike vir- +# tual_alias_maps that apply to all recipients: +# local(8), virtual, and remote. +# +# allow_mail_to_commands (alias, forward) +# Restrict local(8) mail delivery to external com- +# mands. +# +# allow_mail_to_files (alias, forward) +# Restrict local(8) mail delivery to external files. +# +# expand_owner_alias (no) +# When delivering to an alias "aliasname" that has an +# "owner-aliasname" companion alias, set the envelope +# sender address to the expansion of the +# "owner-aliasname" alias. +# +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# recipient_delimiter (empty) +# The set of characters that can separate an email +# address localpart, user name, or a .forward file +# name from its extension. +# +# Available in Postfix version 2.3 and later: +# +# frozen_delivered_to (yes) +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address +# while expanding aliases or .forward files. +# +# STANDARDS +# RFC 822 (ARPA Internet Text Messages) +# +# SEE ALSO +# local(8), local delivery agent +# newaliases(1), create/update alias database +# postalias(1), create/update alias database +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ALIASES(5) diff --git a/aliases.sample b/aliases.sample new file mode 100644 index 0000000..280c3d2 --- /dev/null +++ b/aliases.sample @@ -0,0 +1,273 @@ +# +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to Postfix. +# + +# Person who should get root's mail. Don't receive mail as root! +#root: you + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +bin: root +daemon: root +named: root +nobody: root +uucp: root +www: root +ftp-bugs: root +postfix: root + +# Put your local aliases here. + +# Well-known aliases +manager: root +dumper: root +operator: root +abuse: postmaster + +# trap decode to catch security attacks +decode: root + +# ALIASES(5) ALIASES(5) +# +# NAME +# aliases - Postfix local alias database format +# +# SYNOPSIS +# newaliases +# +# DESCRIPTION +# The optional aliases(5) table (alias_maps) redirects mail +# for local recipients. The redirections are processed by +# the Postfix local(8) delivery agent. +# +# This is unlike virtual(5) aliasing (virtual_alias_maps) +# which applies to all recipients: local(8), virtual, and +# remote, and which is implemented by the cleanup(8) daemon. +# +# Normally, the aliases(5) table is specified as a text file +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after +# changing the Postfix alias database. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR +# EXPRESSION TABLES". +# +# Users can control delivery of their own mail by setting up +# .forward files in their home directory. Lines in per-user +# .forward files have the same syntax as the right-hand side +# of aliases(5) entries. +# +# The format of the alias database input file is as follows: +# +# o An alias definition has the form +# +# name: value1, value2, ... +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to +# lowercase, in order to make database lookups case insensi- +# tive. +# +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- +# ery diagnostics are directed to owner-name, instead of the +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who +# is in a better position to deal with mailing list delivery +# problems than the originator of the undelivered mail. +# +# The value contains one or more of the following: +# +# address +# Mail is forwarded to address, which is compatible +# with the RFC 822 standard. +# +# /file/name +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, +# deflect it to /dev/null. +# +# |command +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- +# ERY" and "DELIVERY RIGHTS" in the local(8) documen- +# tation. +# +# When the command fails, a limited amount of command +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to +# implement an expensive black hole. +# +# :include:/file/name +# Mail is sent to the destinations listed in the +# named file. Lines in :include: files have the same +# syntax as the right-hand side of alias entries. +# +# A destination can be any destination that is +# described in this manual page. However, delivery to +# "|command" and /file/name is disallowed by default. +# To enable, edit the allow_mail_to_commands and +# allow_mail_to_files configuration parameters. +# +# ADDRESS EXTENSION +# When alias database search fails, and the recipient local- +# part contains the optional recipient delimiter (e.g., +# user+foo), the search is repeated for the unextended +# address (e.g., user). +# +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- +# gated to the result of table lookup. +# +# CASE FOLDING +# The local(8) delivery agent always folds the search string +# to lowercase before database lookup. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). NOTE: these formats +# do not use ":" at the end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string user+foo is not broken up +# into user and foo. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for $1, $2 etc. +# substring interpolation. +# +# SECURITY +# The local(8) delivery agent disallows regular expression +# substitution of $1 etc. in alias_maps, because that would +# open a security hole. +# +# The local(8) delivery agent will silently ignore requests +# to use the proxymap(8) server within alias_maps. Instead +# it will open the table directly. Before Postfix version +# 2.2, the local(8) delivery agent will terminate with a +# fatal error. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# alias_database (see 'postconf -d' output) +# The alias databases for local(8) delivery that are +# updated with "newaliases" or with "sendmail -bi". +# +# alias_maps (see 'postconf -d' output) +# Optional lookup tables with aliases that apply only +# to local(8) recipients; this is unlike vir- +# tual_alias_maps that apply to all recipients: +# local(8), virtual, and remote. +# +# allow_mail_to_commands (alias, forward) +# Restrict local(8) mail delivery to external com- +# mands. +# +# allow_mail_to_files (alias, forward) +# Restrict local(8) mail delivery to external files. +# +# expand_owner_alias (no) +# When delivering to an alias "aliasname" that has an +# "owner-aliasname" companion alias, set the envelope +# sender address to the expansion of the +# "owner-aliasname" alias. +# +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# recipient_delimiter (empty) +# The set of characters that can separate an email +# address localpart, user name, or a .forward file +# name from its extension. +# +# Available in Postfix version 2.3 and later: +# +# frozen_delivered_to (yes) +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address +# while expanding aliases or .forward files. +# +# STANDARDS +# RFC 822 (ARPA Internet Text Messages) +# +# SEE ALSO +# local(8), local delivery agent +# newaliases(1), create/update alias database +# postalias(1), create/update alias database +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ALIASES(5) diff --git a/bounce.cf.default b/bounce.cf.default new file mode 100644 index 0000000..cab6fcb --- /dev/null +++ b/bounce.cf.default @@ -0,0 +1,112 @@ +# +# Do not edit this file. This file shows the default delivery status +# notification (DSN) messages that are built into Postfix. +# +# To change Postfix DSN messages, perhaps to add non-English text, +# follow instructions in the bounce(5) manual page. +# + +# +# The failure template is used when mail is returned to the sender; +# either the destination rejected the message, or the destination +# could not be reached before the message expired in the queue. +# + +failure_template = < +Subject: Undelivered Mail Returned to Sender +Postmaster-Subject: Postmaster Copy: Undelivered Mail + +This is the mail system at host $myhostname. + +I'm sorry to have to inform you that your message could not +be delivered to one or more recipients. It's attached below. + +For further assistance, please send mail to postmaster. + +If you do so, please include this problem report. You can +delete your own text from the attached returned message. + + The mail system +EOF + + +# +# The delay template is used when mail is delayed. Note a neat trick: +# the default template displays the delay_warning_time value as hours +# by appending the _hours suffix to the parameter name; it displays +# the maximal_queue_lifetime value as days by appending the _days +# suffix. +# +# Other suffixes are: _seconds, _minutes, _weeks. There are no other +# main.cf parameters that have this special behavior. +# +# You need to adjust these suffixes (and the surrounding text) if +# you have very different settings for these time parameters. +# + +delay_template = < +Subject: Delayed Mail (still being retried) +Postmaster-Subject: Postmaster Warning: Delayed Mail + +This is the mail system at host $myhostname. + +#################################################################### +# THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # +#################################################################### + +Your message could not be delivered for more than $delay_warning_time_hours hour(s). +It will be retried until it is $maximal_queue_lifetime_days day(s) old. + +For further assistance, please send mail to postmaster. + +If you do so, please include this problem report. You can +delete your own text from the attached returned message. + + The mail system +EOF + + +# +# The success template is used when mail is delivered to mailbox, +# when an alias or list is expanded, or when mail is delivered to a +# system that does not announce DSN support. It is an error to specify +# a Postmaster-Subject: here. +# + +success_template = < +Subject: Successful Mail Delivery Report + +This is the mail system at host $myhostname. + +Your message was successfully delivered to the destination(s) +listed below. If the message was delivered to mailbox you will +receive no further notifications. Otherwise you may still receive +notifications of mail delivery errors from other systems. + + The mail system +EOF + + +# +# The verify template is used for address verification (sendmail -bv +# address...) or for verbose mail delivery (sendmail -v address...). +# It is an error to specify a Postmaster-Subject: here. +# + +verify_template = < +Subject: Mail Delivery Status Report + +This is the mail system at host $myhostname. + +Enclosed is the mail delivery report that you requested. + + The mail system +EOF diff --git a/canonical b/canonical new file mode 100644 index 0000000..3dbee56 --- /dev/null +++ b/canonical @@ -0,0 +1,306 @@ +# CANONICAL(5) CANONICAL(5) +# +# NAME +# canonical - Postfix canonical table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/canonical +# +# postmap -q "string" /usr/local/etc/postfix/canonical +# +# postmap -q - /usr/local/etc/postfix/canonical $/ +# REJECT IFRAME vulnerability exploit +# +# SEE ALSO +# cleanup(8), canonicalize and enqueue Postfix message +# pcre_table(5), format of PCRE lookup tables +# regexp_table(5), format of POSIX regular expression tables +# postconf(1), Postfix configuration utility +# postmap(1), Postfix lookup table management +# postsuper(1), Postfix janitor +# postcat(1), show Postfix queue file contents +# RFC 2045, base64 and quoted-printable encoding rules +# RFC 2047, message header encoding for non-ASCII text +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# CONTENT_INSPECTION_README, Postfix content inspection overview +# BUILTIN_FILTER_README, Postfix built-in content inspection +# BACKSCATTER_README, blocking returned forged mail +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# HEADER_CHECKS(5) diff --git a/header_checks.sample b/header_checks.sample new file mode 100644 index 0000000..f36f2e3 --- /dev/null +++ b/header_checks.sample @@ -0,0 +1,535 @@ +# HEADER_CHECKS(5) HEADER_CHECKS(5) +# +# NAME +# header_checks - Postfix built-in content inspection +# +# SYNOPSIS +# header_checks = pcre:$config_directory/header_checks +# mime_header_checks = pcre:$config_directory/mime_header_checks +# nested_header_checks = pcre:$config_directory/nested_header_checks +# body_checks = pcre:$config_directory/body_checks +# +# milter_header_checks = pcre:$config_directory/milter_header_checks +# +# smtp_header_checks = pcre:$config_directory/smtp_header_checks +# smtp_mime_header_checks = pcre:$config_directory/smtp_mime_header_checks +# smtp_nested_header_checks = pcre:$config_directory/smtp_nested_header_checks +# smtp_body_checks = pcre:$config_directory/smtp_body_checks +# +# postmap -q "string" pcre:$config_directory/filename +# postmap -q - pcre:$config_directory/filename $/ +# REJECT IFRAME vulnerability exploit +# +# SEE ALSO +# cleanup(8), canonicalize and enqueue Postfix message +# pcre_table(5), format of PCRE lookup tables +# regexp_table(5), format of POSIX regular expression tables +# postconf(1), Postfix configuration utility +# postmap(1), Postfix lookup table management +# postsuper(1), Postfix janitor +# postcat(1), show Postfix queue file contents +# RFC 2045, base64 and quoted-printable encoding rules +# RFC 2047, message header encoding for non-ASCII text +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# CONTENT_INSPECTION_README, Postfix content inspection overview +# BUILTIN_FILTER_README, Postfix built-in content inspection +# BACKSCATTER_README, blocking returned forged mail +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# HEADER_CHECKS(5) diff --git a/main.cf b/main.cf new file mode 100644 index 0000000..f2a4a5a --- /dev/null +++ b/main.cf @@ -0,0 +1,727 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# TIP: use the command "postconf -n" to view main.cf parameter +# settings, "postconf parametername" to view a specific parameter, +# and "postconf 'parametername=value'" to set a specific parameter. +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +compatibility_level = 3.9 + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/local/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/local/libexec/postfix + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/db/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld +myhostname = root-kit.ru + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld +mydomain = root-kit.ru + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain +mydestination = localhost, localhost.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = host), Postfix "trusts" only +# the local machine. +# +# Specify "mynetworks_style = subnet" when Postfix should "trust" +# SMTP clients in the same IP subnetworks as the local machine. +# On Linux, this works correctly only with interfaces specified +# with the "ifconfig" or "ip" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.3.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:$config_directory/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_relay_restrictions and +# smtpd_recipient_restrictions descriptions in postconf(5) for detailed +# information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks, or is +# SASL authenticated) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is empty. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = +virtual_mailbox_domains = root-kit.ru +virtual_mailbox_base = /var/mail/vmail +virtual_mailbox_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf +virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:$config_directory/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases +alias_maps = hash:/etc/mail/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_privs. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:$config_directory/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +#debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain +debug_peer_list = 127.0.0.1 +debug_peer_level = 3 + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/local/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/local/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/local/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = maildrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/local/share/doc/postfix + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/local/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /usr/local/etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/local/share/doc/postfix +inet_protocols = all + +# smtp CA path (default to system-wide location) +smtp_tls_CApath = /usr/local/etc/letsencrypt/live/root-kit.ru + + +# Включение TLS +smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem +smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem +smtpd_tls_security_level = may +smtpd_tls_auth_only = yes +# Для исходящей почты +smtp_tls_security_level = may +smtp_tls_CApath = /usr/local/etc/letsencrypt/live/root-kit.ru +smtp_tls_cert_file = /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem +smtp_tls_key_file = /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem +# Включение SASL-аутентификации +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous +smtpd_sasl_local_domain = $myhostname +broken_sasl_auth_clients = yes +# Разрешение аутентифицированным пользователям отправлять почту +smtpd_recipient_restrictions = + permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination + + +meta_directory = /usr/local/libexec/postfix +shlib_directory = /usr/local/lib/postfix diff --git a/main.cf.default b/main.cf.default new file mode 100644 index 0000000..99d8513 --- /dev/null +++ b/main.cf.default @@ -0,0 +1,953 @@ +# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE +# TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX. +# +2bounce_notice_recipient = postmaster +access_map_defer_code = 450 +access_map_reject_code = 554 +address_verify_cache_cleanup_interval = 12h +address_verify_default_transport = $default_transport +address_verify_local_transport = $local_transport +address_verify_map = btree:$data_directory/verify_cache +address_verify_negative_cache = yes +address_verify_negative_expire_time = 3d +address_verify_negative_refresh_time = 3h +address_verify_pending_request_limit = 5000 +address_verify_poll_count = ${stress?{1}:{3}} +address_verify_poll_delay = 3s +address_verify_positive_expire_time = 31d +address_verify_positive_refresh_time = 7d +address_verify_relay_transport = $relay_transport +address_verify_relayhost = $relayhost +address_verify_sender = $double_bounce_sender +address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps +address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps +address_verify_sender_ttl = 0s +address_verify_service_name = verify +address_verify_transport_maps = $transport_maps +address_verify_virtual_transport = $virtual_transport +alias_database = hash:/etc/aliases +alias_maps = hash:/etc/aliases +allow_mail_to_commands = alias, forward +allow_mail_to_files = alias, forward +allow_min_user = no +allow_percent_hack = yes +allow_srv_lookup_fallback = no +allow_untrusted_routing = no +alternate_config_directories = +always_add_missing_headers = no +always_bcc = +anvil_rate_time_unit = 60s +anvil_status_update_time = 600s +append_at_myorigin = yes +append_dot_mydomain = ${{$compatibility_level} +empty_address_local_login_sender_maps_lookup_key = <> +empty_address_recipient = MAILER-DAEMON +empty_address_relayhost_maps_lookup_key = <> +enable_idna2003_compatibility = no +enable_long_queue_ids = no +enable_original_recipient = yes +enable_threaded_bounces = no +error_delivery_slot_cost = $default_delivery_slot_cost +error_delivery_slot_discount = $default_delivery_slot_discount +error_delivery_slot_loan = $default_delivery_slot_loan +error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +error_destination_concurrency_limit = $default_destination_concurrency_limit +error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +error_destination_rate_delay = $default_destination_rate_delay +error_destination_recipient_limit = $default_destination_recipient_limit +error_extra_recipient_limit = $default_extra_recipient_limit +error_initial_destination_concurrency = $initial_destination_concurrency +error_minimum_delivery_slots = $default_minimum_delivery_slots +error_notice_recipient = postmaster +error_recipient_limit = $default_recipient_limit +error_recipient_refill_delay = $default_recipient_refill_delay +error_recipient_refill_limit = $default_recipient_refill_limit +error_service_name = error +error_transport_rate_delay = $default_transport_rate_delay +execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ +expand_owner_alias = no +export_environment = TZ MAIL_CONFIG LANG +fallback_transport = +fallback_transport_maps = +fast_flush_domains = $relay_domains +fast_flush_purge_time = 7d +fast_flush_refresh_time = 12h +fault_injection_code = 0 +flush_service_name = flush +force_mime_input_conversion = no +fork_attempts = 5 +fork_delay = 1s +forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ +forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward +frozen_delivered_to = yes +hash_queue_depth = 1 +hash_queue_names = deferred, defer +header_address_token_limit = 10240 +header_checks = +header_from_format = standard +header_size_limit = 102400 +helpful_warnings = yes +home_mailbox = +hopcount_limit = 50 +html_directory = /usr/local/share/doc/postfix +ignore_mx_lookup_error = no +ignore_srv_lookup_error = no +import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME +in_flow_delay = 1s +inet_interfaces = all +inet_protocols = all +info_log_address_format = external +initial_destination_concurrency = 5 +internal_mail_filter_classes = +invalid_hostname_reject_code = 501 +ipc_idle = 5s +ipc_timeout = 3600s +ipc_ttl = 1000s +known_tcp_ports = lmtp=24, smtp=25, smtps=submissions=465, submission=587 +line_length_limit = 2048 +lmdb_map_size = 16777216 +lmtp_address_preference = any +lmtp_address_verify_target = rcpt +lmtp_assume_final = no +lmtp_balance_inet_protocols = yes +lmtp_bind_address = +lmtp_bind_address6 = +lmtp_bind_address_enforce = no +lmtp_body_checks = +lmtp_cname_overrides_servername = no +lmtp_connect_timeout = 0s +lmtp_connection_cache_destinations = +lmtp_connection_cache_on_demand = yes +lmtp_connection_cache_time_limit = 2s +lmtp_connection_reuse_count_limit = 0 +lmtp_connection_reuse_time_limit = 300s +lmtp_data_done_timeout = 600s +lmtp_data_init_timeout = 120s +lmtp_data_xfer_timeout = 180s +lmtp_defer_if_no_mx_address_found = no +lmtp_delivery_slot_cost = $default_delivery_slot_cost +lmtp_delivery_slot_discount = $default_delivery_slot_discount +lmtp_delivery_slot_loan = $default_delivery_slot_loan +lmtp_delivery_status_filter = $default_delivery_status_filter +lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +lmtp_destination_concurrency_limit = $default_destination_concurrency_limit +lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +lmtp_destination_rate_delay = $default_destination_rate_delay +lmtp_destination_recipient_limit = $default_destination_recipient_limit +lmtp_discard_lhlo_keyword_address_maps = +lmtp_discard_lhlo_keywords = +lmtp_dns_reply_filter = +lmtp_dns_resolver_options = +lmtp_dns_support_level = +lmtp_enforce_tls = no +lmtp_extra_recipient_limit = $default_extra_recipient_limit +lmtp_fallback_relay = +lmtp_generic_maps = +lmtp_header_checks = +lmtp_host_lookup = dns +lmtp_initial_destination_concurrency = $initial_destination_concurrency +lmtp_lhlo_name = $myhostname +lmtp_lhlo_timeout = 300s +lmtp_line_length_limit = 998 +lmtp_mail_timeout = 300s +lmtp_mime_header_checks = +lmtp_min_data_rate = 500 +lmtp_minimum_delivery_slots = $default_minimum_delivery_slots +lmtp_mx_address_limit = 5 +lmtp_mx_session_limit = 2 +lmtp_nested_header_checks = +lmtp_per_request_deadline = ${lmtp_per_record_deadline?{$lmtp_per_record_deadline}:{no}} +lmtp_pix_workaround_delay_time = 10s +lmtp_pix_workaround_maps = +lmtp_pix_workaround_threshold_time = 500s +lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf +lmtp_quit_timeout = 300s +lmtp_quote_rfc821_envelope = yes +lmtp_randomize_addresses = yes +lmtp_rcpt_timeout = 300s +lmtp_recipient_limit = $default_recipient_limit +lmtp_recipient_refill_delay = $default_recipient_refill_delay +lmtp_recipient_refill_limit = $default_recipient_refill_limit +lmtp_reply_filter = +lmtp_rset_timeout = 20s +lmtp_sasl_auth_cache_name = +lmtp_sasl_auth_cache_time = 90d +lmtp_sasl_auth_enable = no +lmtp_sasl_auth_soft_bounce = yes +lmtp_sasl_mechanism_filter = +lmtp_sasl_password_maps = +lmtp_sasl_password_result_delimiter = : +lmtp_sasl_path = +lmtp_sasl_security_options = noplaintext, noanonymous +lmtp_sasl_tls_security_options = $lmtp_sasl_security_options +lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options +lmtp_sasl_type = cyrus +lmtp_send_dummy_mail_auth = no +lmtp_send_xforward_command = no +lmtp_sender_dependent_authentication = no +lmtp_skip_5xx_greeting = yes +lmtp_skip_quit_response = no +lmtp_starttls_timeout = 300s +lmtp_tcp_port = 24 +lmtp_tls_CAfile = +lmtp_tls_CApath = +lmtp_tls_block_early_mail_reply = no +lmtp_tls_cert_file = +lmtp_tls_chain_files = +lmtp_tls_ciphers = medium +lmtp_tls_connection_reuse = no +lmtp_tls_dcert_file = +lmtp_tls_dkey_file = $lmtp_tls_dcert_file +lmtp_tls_eccert_file = +lmtp_tls_eckey_file = $lmtp_tls_eccert_file +lmtp_tls_enable_rpk = no +lmtp_tls_enforce_peername = yes +lmtp_tls_exclude_ciphers = +lmtp_tls_fingerprint_cert_match = +lmtp_tls_fingerprint_digest = ${{$compatibility_level} =TLSv1 +lmtp_tls_note_starttls_offer = no +lmtp_tls_per_site = +lmtp_tls_policy_maps = +lmtp_tls_protocols = >=TLSv1 +lmtp_tls_scert_verifydepth = 9 +lmtp_tls_secure_cert_match = nexthop +lmtp_tls_security_level = +lmtp_tls_servername = +lmtp_tls_session_cache_database = +lmtp_tls_session_cache_timeout = 3600s +lmtp_tls_trust_anchor_file = +lmtp_tls_verify_cert_match = hostname +lmtp_tls_wrappermode = no +lmtp_transport_rate_delay = $default_transport_rate_delay +lmtp_use_tls = no +lmtp_xforward_timeout = 300s +local_command_shell = +local_delivery_slot_cost = $default_delivery_slot_cost +local_delivery_slot_discount = $default_delivery_slot_discount +local_delivery_slot_loan = $default_delivery_slot_loan +local_delivery_status_filter = $default_delivery_status_filter +local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +local_destination_concurrency_limit = 2 +local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +local_destination_rate_delay = $default_destination_rate_delay +local_destination_recipient_limit = 1 +local_extra_recipient_limit = $default_extra_recipient_limit +local_header_rewrite_clients = permit_inet_interfaces +local_initial_destination_concurrency = $initial_destination_concurrency +local_login_sender_maps = static:* +local_minimum_delivery_slots = $default_minimum_delivery_slots +local_recipient_limit = $default_recipient_limit +local_recipient_maps = proxy:unix:passwd.byname $alias_maps +local_recipient_refill_delay = $default_recipient_refill_delay +local_recipient_refill_limit = $default_recipient_refill_limit +local_transport = local:$myhostname +local_transport_rate_delay = $default_transport_rate_delay +luser_relay = +mail_name = Postfix +mail_owner = postfix +mail_release_date = 20241204 +mail_spool_directory = /var/mail +mail_version = 3.9.1 +mailbox_command = +mailbox_command_maps = +mailbox_delivery_lock = flock, dotlock +mailbox_size_limit = 51200000 +mailbox_transport = +mailbox_transport_maps = +maillog_file = +maillog_file_compressor = gzip +maillog_file_permissions = 0600 +maillog_file_prefixes = /var, /dev/stdout +maillog_file_rotate_suffix = %Y%m%d-%H%M%S +mailq_path = /usr/local/bin/mailq +manpage_directory = /usr/local/share/man +maps_rbl_domains = +maps_rbl_reject_code = 554 +masquerade_classes = envelope_sender, header_sender, header_recipient +masquerade_domains = +masquerade_exceptions = +master_service_disable = +max_idle = 100s +max_use = 100 +maximal_backoff_time = 4000s +maximal_queue_lifetime = 5d +message_drop_headers = bcc, content-length, resent-bcc, return-path +message_reject_characters = +message_size_limit = 10240000 +message_strip_characters = +meta_directory = /usr/local/libexec/postfix +milter_command_timeout = 30s +milter_connect_macros = j {daemon_name} {daemon_addr} v _ +milter_connect_timeout = 30s +milter_content_timeout = 300s +milter_data_macros = i +milter_default_action = tempfail +milter_end_of_data_macros = i +milter_end_of_header_macros = i +milter_header_checks = +milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} +milter_macro_daemon_name = $myhostname +milter_macro_defaults = +milter_macro_v = $mail_name $mail_version +milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} +milter_protocol = 6 +milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} +milter_unknown_command_macros = +mime_boundary_length_limit = 2048 +mime_header_checks = $header_checks +mime_nesting_limit = 100 +minimal_backoff_time = 300s +multi_instance_directories = +multi_instance_enable = no +multi_instance_group = +multi_instance_name = +multi_instance_wrapper = +multi_recipient_bounce_reject_code = 550 +mydestination = $myhostname, localhost.$mydomain, localhost +mynetworks_style = ${{$compatibility_level} =TLSv1 +smtp_tls_note_starttls_offer = no +smtp_tls_per_site = +smtp_tls_policy_maps = +smtp_tls_protocols = >=TLSv1 +smtp_tls_scert_verifydepth = 9 +smtp_tls_secure_cert_match = nexthop, dot-nexthop +smtp_tls_security_level = +smtp_tls_servername = +smtp_tls_session_cache_database = +smtp_tls_session_cache_timeout = 3600s +smtp_tls_trust_anchor_file = +smtp_tls_verify_cert_match = hostname +smtp_tls_wrappermode = no +smtp_transport_rate_delay = $default_transport_rate_delay +smtp_use_tls = no +smtp_xforward_timeout = 300s +smtpd_authorized_verp_clients = $authorized_verp_clients +smtpd_authorized_xclient_hosts = +smtpd_authorized_xforward_hosts = +smtpd_banner = $myhostname ESMTP $mail_name +smtpd_client_auth_rate_limit = 0 +smtpd_client_connection_count_limit = 50 +smtpd_client_connection_rate_limit = 0 +smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} +smtpd_client_ipv4_prefix_length = 32 +smtpd_client_ipv6_prefix_length = 84 +smtpd_client_message_rate_limit = 0 +smtpd_client_new_tls_session_rate_limit = 0 +smtpd_client_port_logging = no +smtpd_client_recipient_rate_limit = 0 +smtpd_client_restrictions = +smtpd_command_filter = +smtpd_data_restrictions = +smtpd_delay_open_until_valid_rcpt = yes +smtpd_delay_reject = yes +smtpd_discard_ehlo_keyword_address_maps = +smtpd_discard_ehlo_keywords = +smtpd_dns_reply_filter = +smtpd_end_of_data_restrictions = +smtpd_enforce_tls = no +smtpd_error_sleep_time = 1s +smtpd_etrn_restrictions = +smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ +smtpd_forbid_bare_newline = normalize +smtpd_forbid_bare_newline_exclusions = $mynetworks +smtpd_forbid_bare_newline_reject_code = 550 +smtpd_forbid_unauth_pipelining = yes +smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}} +smtpd_hard_error_limit = ${stress?{1}:{20}} +smtpd_helo_required = no +smtpd_helo_restrictions = +smtpd_history_flush_threshold = 100 +smtpd_junk_command_limit = ${stress?{1}:{100}} +smtpd_log_access_permit_actions = +smtpd_milter_maps = +smtpd_milters = +smtpd_min_data_rate = 500 +smtpd_noop_commands = +smtpd_null_access_lookup_key = <> +smtpd_peername_lookup = yes +smtpd_per_request_deadline = ${smtpd_per_record_deadline?{$smtpd_per_record_deadline}:{${stress?{yes}:{no}}}} +smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem +smtpd_policy_service_max_idle = 300s +smtpd_policy_service_max_ttl = 1000s +smtpd_policy_service_policy_context = +smtpd_policy_service_request_limit = 0 +smtpd_policy_service_retry_delay = 1s +smtpd_policy_service_timeout = 100s +smtpd_policy_service_try_limit = 2 +smtpd_proxy_ehlo = $myhostname +smtpd_proxy_filter = +smtpd_proxy_options = +smtpd_proxy_timeout = 100s +smtpd_recipient_limit = 1000 +smtpd_recipient_overshoot_limit = 1000 +smtpd_recipient_restrictions = +smtpd_reject_footer = +smtpd_reject_footer_maps = +smtpd_reject_unlisted_recipient = yes +smtpd_reject_unlisted_sender = no +smtpd_relay_before_recipient_restrictions = ${{$compatibility_level} =TLSv1 +smtpd_tls_protocols = >=TLSv1 +smtpd_tls_received_header = no +smtpd_tls_req_ccert = no +smtpd_tls_security_level = +smtpd_tls_session_cache_database = +smtpd_tls_session_cache_timeout = 3600s +smtpd_tls_wrappermode = no +smtpd_upstream_proxy_protocol = +smtpd_upstream_proxy_timeout = 5s +smtpd_use_tls = no +smtputf8_autodetect_classes = sendmail, verify +smtputf8_enable = ${{$compatibility_level} Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_privs. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:$config_directory/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/local/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/local/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/local/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = maildrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/local/share/doc/postfix + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/local/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /usr/local/etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/local/share/doc/postfix +inet_protocols = all + +# smtp CA path (default to system-wide location) +smtp_tls_CApath = /etc/ssl/certs +shlib_directory = /usr/local/lib/postfix +meta_directory = /usr/local/libexec/postfix diff --git a/master.cf b/master.cf new file mode 100644 index 0000000..710c78a --- /dev/null +++ b/master.cf @@ -0,0 +1,152 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +# Choose one: enable submission for loopback clients only, or for any client. +#127.0.0.1:submission inet n - n - - smtpd +submission inet n - n - - smtpd + -o smtpd_sasl_auth_enable=yes + -o smtpd_tls_security_level=encrypt + -o smtpd_tls_auth_only=yes + -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +#submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +# Choose one: enable submissions for loopback clients only, or for any client. +#127.0.0.1:submissions inet n - n - - smtpd +#submissions inet n - n - - smtpd +# -o syslog_name=postfix/submissions +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp + -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/master.cf.sample b/master.cf.sample new file mode 100644 index 0000000..abd6dae --- /dev/null +++ b/master.cf.sample @@ -0,0 +1,147 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +# Choose one: enable submission for loopback clients only, or for any client. +#127.0.0.1:submission inet n - n - - smtpd +#submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +# Choose one: enable submissions for loopback clients only, or for any client. +#127.0.0.1:submissions inet n - n - - smtpd +#submissions inet n - n - - smtpd +# -o syslog_name=postfix/submissions +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp + -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/pgsql_virtual_alias_maps.cf b/pgsql_virtual_alias_maps.cf new file mode 100644 index 0000000..249d0d2 --- /dev/null +++ b/pgsql_virtual_alias_maps.cf @@ -0,0 +1,4 @@ +user = postfix +hosts = 127.0.0.1:16458 +dbname = postfix +query = SELECT goto FROM alias WHERE address='%s' AND active='true' diff --git a/pgsql_virtual_mailbox_maps.cf b/pgsql_virtual_mailbox_maps.cf new file mode 100644 index 0000000..ffb0b38 --- /dev/null +++ b/pgsql_virtual_mailbox_maps.cf @@ -0,0 +1,4 @@ +user = postfix +hosts = 127.0.0.1:16458 +dbname = postfix +query = SELECT maildir FROM mailbox WHERE username='%s' AND active='true' diff --git a/relocated b/relocated new file mode 100644 index 0000000..9c262ce --- /dev/null +++ b/relocated @@ -0,0 +1,178 @@ +# RELOCATED(5) RELOCATED(5) +# +# NAME +# relocated - Postfix relocated table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/relocated +# +# DESCRIPTION +# The optional relocated(5) table provides the information +# that is used in "user has moved to new_location" bounce +# messages. +# +# Normally, the relocated(5) table is specified as a text +# file that serves as input to the postmap(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast searching by the mail system. Execute the command +# "postmap /usr/local/etc/postfix/relocated" to rebuild an indexed +# file after changing the corresponding relocated table. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to a TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". +# +# Table lookups are case insensitive. +# +# CASE FOLDING +# The search string is folded to lowercase before database +# lookup. As of Postfix 2.3, the search string is not case +# folded with database types such as regexp: or pcre: whose +# lookup fields can match both upper and lower case. +# +# TABLE FORMAT +# The input format for the postmap(1) command is as follows: +# +# o An entry has one of the following form: +# +# pattern new_location +# +# Where new_location specifies contact information +# such as an email address, or perhaps a street +# address or telephone number. +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# TABLE SEARCH ORDER +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, patterns are +# tried in the order as listed below: +# +# user@domain +# Matches user@domain. This form has precedence over +# all other forms. +# +# user Matches user@site when site is $myorigin, when site +# is listed in $mydestination, or when site is listed +# in $inet_interfaces or $proxy_interfaces. +# +# @domain +# Matches other addresses in domain. This form has +# the lowest precedence. +# +# ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, user+foo, user, and +# @domain. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions or +# when lookups are directed to a TCP-based server. For a +# description of regular expression lookup table syntax, see +# regexp_table(5) or pcre_table(5). For a description of the +# TCP client/server table lookup protocol, see tcp_table(5). +# This feature is available in Postfix 2.5 and later. +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, user@domain mail +# addresses are not broken up into their user and @domain +# constituent parts, nor is user+foo broken up into user and +# foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is available in Postfix 2.5 and +# later. +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# +# BUGS +# The table format does not understand quoting conventions. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# relocated_maps (empty) +# Optional lookup tables with new contact information +# for users or domains that no longer exist. +# +# Other parameters of interest: +# +# inet_interfaces (all) +# The local network interface addresses that this +# mail system receives mail on. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# proxy_interfaces (empty) +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or +# network address translation unit. +# +# SEE ALSO +# trivial-rewrite(8), address resolver +# postmap(1), Postfix lookup table manager +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# ADDRESS_REWRITING_README, address rewriting guide +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# RELOCATED(5) diff --git a/relocated.sample b/relocated.sample new file mode 100644 index 0000000..9c262ce --- /dev/null +++ b/relocated.sample @@ -0,0 +1,178 @@ +# RELOCATED(5) RELOCATED(5) +# +# NAME +# relocated - Postfix relocated table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/relocated +# +# DESCRIPTION +# The optional relocated(5) table provides the information +# that is used in "user has moved to new_location" bounce +# messages. +# +# Normally, the relocated(5) table is specified as a text +# file that serves as input to the postmap(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast searching by the mail system. Execute the command +# "postmap /usr/local/etc/postfix/relocated" to rebuild an indexed +# file after changing the corresponding relocated table. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to a TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". +# +# Table lookups are case insensitive. +# +# CASE FOLDING +# The search string is folded to lowercase before database +# lookup. As of Postfix 2.3, the search string is not case +# folded with database types such as regexp: or pcre: whose +# lookup fields can match both upper and lower case. +# +# TABLE FORMAT +# The input format for the postmap(1) command is as follows: +# +# o An entry has one of the following form: +# +# pattern new_location +# +# Where new_location specifies contact information +# such as an email address, or perhaps a street +# address or telephone number. +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# TABLE SEARCH ORDER +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, patterns are +# tried in the order as listed below: +# +# user@domain +# Matches user@domain. This form has precedence over +# all other forms. +# +# user Matches user@site when site is $myorigin, when site +# is listed in $mydestination, or when site is listed +# in $inet_interfaces or $proxy_interfaces. +# +# @domain +# Matches other addresses in domain. This form has +# the lowest precedence. +# +# ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, user+foo, user, and +# @domain. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions or +# when lookups are directed to a TCP-based server. For a +# description of regular expression lookup table syntax, see +# regexp_table(5) or pcre_table(5). For a description of the +# TCP client/server table lookup protocol, see tcp_table(5). +# This feature is available in Postfix 2.5 and later. +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, user@domain mail +# addresses are not broken up into their user and @domain +# constituent parts, nor is user+foo broken up into user and +# foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is available in Postfix 2.5 and +# later. +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# +# BUGS +# The table format does not understand quoting conventions. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# relocated_maps (empty) +# Optional lookup tables with new contact information +# for users or domains that no longer exist. +# +# Other parameters of interest: +# +# inet_interfaces (all) +# The local network interface addresses that this +# mail system receives mail on. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# proxy_interfaces (empty) +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or +# network address translation unit. +# +# SEE ALSO +# trivial-rewrite(8), address resolver +# postmap(1), Postfix lookup table manager +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# ADDRESS_REWRITING_README, address rewriting guide +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# RELOCATED(5) diff --git a/transport b/transport new file mode 100644 index 0000000..c6e84dd --- /dev/null +++ b/transport @@ -0,0 +1,317 @@ +# TRANSPORT(5) TRANSPORT(5) +# +# NAME +# transport - Postfix transport table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/transport +# +# postmap -q "string" /usr/local/etc/postfix/transport +# +# postmap -q - /usr/local/etc/postfix/transport = 3.5): +# +# example.com smtp:bar.example, foo.example +# +# This tries to deliver to bar.example before trying to +# deliver to foo.example. +# +# The error mailer can be used to bounce mail: +# +# .example.com error:mail for *.example.com is not deliverable +# +# This causes all mail for user@anything.example.com to be +# bounced. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# The trivial-rewrite(8) server disallows regular expression +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix +# version 2.3 and later). +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire recipient address +# once. Thus, some.domain.hierarchy is not looked up via +# its parent domains, nor is user+foo@domain looked up as +# user@domain. +# +# Results are the same as with indexed file lookups. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# empty_address_recipient (MAILER-DAEMON) +# The recipient of mail addressed to the null +# address. +# +# parent_domain_matches_subdomains (see 'postconf -d' out- +# put) +# A list of Postfix features where the pattern "exam- +# ple.com" also matches subdomains of example.com, +# instead of requiring an explicit ".example.com" +# pattern. +# +# transport_maps (empty) +# Optional lookup tables with mappings from recipient +# address to (message delivery transport, next-hop +# destination). +# +# SEE ALSO +# trivial-rewrite(8), rewrite and resolve addresses +# master(5), master.cf file format +# postconf(5), configuration parameters +# postmap(1), Postfix lookup table manager +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# ADDRESS_REWRITING_README, address rewriting guide +# DATABASE_README, Postfix lookup table overview +# FILTER_README, external content filter +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# TRANSPORT(5) diff --git a/transport.sample b/transport.sample new file mode 100644 index 0000000..c6e84dd --- /dev/null +++ b/transport.sample @@ -0,0 +1,317 @@ +# TRANSPORT(5) TRANSPORT(5) +# +# NAME +# transport - Postfix transport table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/transport +# +# postmap -q "string" /usr/local/etc/postfix/transport +# +# postmap -q - /usr/local/etc/postfix/transport = 3.5): +# +# example.com smtp:bar.example, foo.example +# +# This tries to deliver to bar.example before trying to +# deliver to foo.example. +# +# The error mailer can be used to bounce mail: +# +# .example.com error:mail for *.example.com is not deliverable +# +# This causes all mail for user@anything.example.com to be +# bounced. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# The trivial-rewrite(8) server disallows regular expression +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix +# version 2.3 and later). +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire recipient address +# once. Thus, some.domain.hierarchy is not looked up via +# its parent domains, nor is user+foo@domain looked up as +# user@domain. +# +# Results are the same as with indexed file lookups. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# empty_address_recipient (MAILER-DAEMON) +# The recipient of mail addressed to the null +# address. +# +# parent_domain_matches_subdomains (see 'postconf -d' out- +# put) +# A list of Postfix features where the pattern "exam- +# ple.com" also matches subdomains of example.com, +# instead of requiring an explicit ".example.com" +# pattern. +# +# transport_maps (empty) +# Optional lookup tables with mappings from recipient +# address to (message delivery transport, next-hop +# destination). +# +# SEE ALSO +# trivial-rewrite(8), rewrite and resolve addresses +# master(5), master.cf file format +# postconf(5), configuration parameters +# postmap(1), Postfix lookup table manager +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# ADDRESS_REWRITING_README, address rewriting guide +# DATABASE_README, Postfix lookup table overview +# FILTER_README, external content filter +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# TRANSPORT(5) diff --git a/virtual b/virtual new file mode 100644 index 0000000..89b37b9 --- /dev/null +++ b/virtual @@ -0,0 +1,329 @@ +# VIRTUAL(5) VIRTUAL(5) +# +# NAME +# virtual - Postfix virtual alias table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/virtual +# +# postmap -q "string" /usr/local/etc/postfix/virtual +# +# postmap -q - /usr/local/etc/postfix/virtual