From 61f90ee2175e7547aa35b134145f127fc9aaa622 Mon Sep 17 00:00:00 2001 From: PIVODEVAT Date: Fri, 14 Mar 2025 01:52:25 +0300 Subject: [PATCH] init --- LICENSE | 508 ++++++++++++++++++ TLS_LICENSE | 36 ++ access | 484 +++++++++++++++++ access.sample | 484 +++++++++++++++++ aliases | 273 ++++++++++ aliases.sample | 273 ++++++++++ bounce.cf.default | 112 ++++ canonical | 306 +++++++++++ canonical.sample | 306 +++++++++++ generic | 252 +++++++++ generic.sample | 252 +++++++++ header_checks | 535 +++++++++++++++++++ header_checks.sample | 535 +++++++++++++++++++ main.cf | 727 ++++++++++++++++++++++++++ main.cf.default | 953 ++++++++++++++++++++++++++++++++++ main.cf.sample | 689 ++++++++++++++++++++++++ master.cf | 152 ++++++ master.cf.sample | 147 ++++++ pgsql_virtual_alias_maps.cf | 4 + pgsql_virtual_mailbox_maps.cf | 4 + relocated | 178 +++++++ relocated.sample | 178 +++++++ transport | 317 +++++++++++ transport.sample | 317 +++++++++++ virtual | 329 ++++++++++++ virtual.sample | 329 ++++++++++++ 26 files changed, 8680 insertions(+) create mode 100644 LICENSE create mode 100644 TLS_LICENSE create mode 100644 access create mode 100644 access.sample create mode 100644 aliases create mode 100644 aliases.sample create mode 100644 bounce.cf.default create mode 100644 canonical create mode 100644 canonical.sample create mode 100644 generic create mode 100644 generic.sample create mode 100644 header_checks create mode 100644 header_checks.sample create mode 100644 main.cf create mode 100644 main.cf.default create mode 100644 main.cf.sample create mode 100644 master.cf create mode 100644 master.cf.sample create mode 100644 pgsql_virtual_alias_maps.cf create mode 100644 pgsql_virtual_mailbox_maps.cf create mode 100644 relocated create mode 100644 relocated.sample create mode 100644 transport create mode 100644 transport.sample create mode 100644 virtual create mode 100644 virtual.sample diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..58ea8f1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,508 @@ +LICENSE - SECURE MAILER + +This software is dual-licensed under both the Eclipse Public License +version 2.0 and the IBM Public License version 1.0, for those who +are more comfortable continuing with that license. Recipients can +choose to take the software under the license of their choice. + +The remainder of this text contains a copy of each license. + +Eclipse Public License - v 2.0 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION + OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + + a) in the case of the initial Contributor, the initial content + Distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate from + and are Distributed by that particular Contributor. A Contribution + "originates" from a Contributor if it was added to the Program by + such Contributor itself or anyone acting on such Contributor's behalf. + Contributions do not include changes or additions to the Program that + are not Modified Works. + +"Contributor" means any person or entity that Distributes the Program. + +"Licensed Patents" mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Program" means the Contributions Distributed in accordance with this +Agreement. + +"Recipient" means anyone who receives the Program under this Agreement +or any Secondary License (as applicable), including Contributors. + +"Derivative Works" shall mean any work, whether in Source Code or other +form, that is based on (or derived from) the Program and for which the +editorial revisions, annotations, elaborations, or other modifications +represent, as a whole, an original work of authorship. + +"Modified Works" shall mean any work in Source Code or other form that +results from an addition to, deletion from, or modification of the +contents of the Program, including, for purposes of clarity any new file +in Source Code form that contains any contents of the Program. Modified +Works shall not include works that contain only declarations, +interfaces, types, classes, structures, or files of the Program solely +in each case in order to link to, bind by name, or subclass the Program +or Modified Works thereof. + +"Distribute" means the acts of a) distributing or b) making available +in any manner that enables the transfer of a copy. + +"Source Code" means the form of a Program preferred for making +modifications, including but not limited to software source code, +documentation source, and configuration files. + +"Secondary License" means either the GNU General Public License, +Version 2.0, or any later versions of that license, including any +exceptions or additional permissions as identified by the initial +Contributor. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare Derivative Works of, publicly display, + publicly perform, Distribute and sublicense the Contribution of such + Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in Source Code or other form. This patent license shall + apply to the combination of the Contribution and the Program if, at + the time the Contribution is added by the Contributor, such addition + of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other + combinations which include the Contribution. No hardware per se is + licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to Distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + + d) Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + e) Notwithstanding the terms of any Secondary License, no + Contributor makes additional grants to any Recipient (other than + those set forth in this Agreement) as a result of such Recipient's + receipt of the Program under the terms of a Secondary License + (if permitted under the terms of Section 3). + +3. REQUIREMENTS + +3.1 If a Contributor Distributes the Program in any form, then: + + a) the Program must also be made available as Source Code, in + accordance with section 3.2, and the Contributor must accompany + the Program with a statement that the Source Code for the Program + is available under this Agreement, and informs Recipients how to + obtain it in a reasonable manner on or through a medium customarily + used for software exchange; and + + b) the Contributor may Distribute the Program under a license + different than this Agreement, provided that such license: + i) effectively disclaims on behalf of all other Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + + ii) effectively excludes on behalf of all other Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + + iii) does not attempt to limit or alter the recipients' rights + in the Source Code under section 3.2; and + + iv) requires any subsequent distribution of the Program by any + party to be under a license that satisfies the requirements + of this section 3. + +3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, or if the + Program (i) is combined with other material in a separate file or + files made available under a Secondary License, and (ii) the initial + Contributor attached to the Source Code the notice described in + Exhibit A of this Agreement, then the Program may be made available + under the terms of such Secondary Licenses, and + + b) a copy of this Agreement must be included with each copy of + the Program. + +3.3 Contributors may not remove or alter any copyright, patent, +trademark, attribution notices, disclaimers of warranty, or limitations +of liability ("notices") contained within the Program from any copy of +the Program which they Distribute, provided that Contributors may add +their own appropriate notices. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, +the Contributor who includes the Program in a commercial product +offering should do so in a manner which does not create potential +liability for other Contributors. Therefore, if a Contributor includes +the Program in a commercial product offering, such Contributor +("Commercial Contributor") hereby agrees to defend and indemnify every +other Contributor ("Indemnified Contributor") against any losses, +damages and costs (collectively "Losses") arising from claims, lawsuits +and other legal actions brought by a third party against the Indemnified +Contributor to the extent caused by the acts or omissions of such +Commercial Contributor in connection with its distribution of the Program +in a commercial product offering. The obligations in this section do not +apply to any claims or Losses relating to any actual or alleged +intellectual property infringement. In order to qualify, an Indemnified +Contributor must: a) promptly notify the Commercial Contributor in +writing of such claim, and b) allow the Commercial Contributor to control, +and cooperate with the Commercial Contributor in, the defense and any +related settlement negotiations. The Indemnified Contributor may +participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay +those damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" +BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR +IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF +TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. Each Recipient is solely responsible for determining the +appropriateness of using and distributing the Program and assumes all +risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs +or equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS +SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST +PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE +EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further +action by the parties hereto, such provision shall be reformed to the +minimum extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against any entity +(including a cross-claim or counterclaim in a lawsuit) alleging that the +Program itself (excluding combinations of the Program with other software +or hardware) infringes such Recipient's patent(s), then such Recipient's +rights granted under Section 2(b) shall terminate as of the date such +litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it +fails to comply with any of the material terms or conditions of this +Agreement and does not cure such failure in a reasonable period of +time after becoming aware of such noncompliance. If all Recipient's +rights under this Agreement terminate, Recipient agrees to cease use +and distribution of the Program as soon as reasonably practicable. +However, Recipient's obligations under this Agreement and any licenses +granted by Recipient relating to the Program shall continue and survive. + +Everyone is permitted to copy and distribute copies of this Agreement, +but in order to avoid inconsistency the Agreement is copyrighted and +may only be modified in the following manner. The Agreement Steward +reserves the right to publish new versions (including revisions) of +this Agreement from time to time. No one other than the Agreement +Steward has the right to modify this Agreement. The Eclipse Foundation +is the initial Agreement Steward. The Eclipse Foundation may assign the +responsibility to serve as the Agreement Steward to a suitable separate +entity. Each new version of the Agreement will be given a distinguishing +version number. The Program (including Contributions) may always be +Distributed subject to the version of the Agreement under which it was +received. In addition, after a new version of the Agreement is published, +Contributor may elect to Distribute the Program (including its +Contributions) under the new version. + +Except as expressly stated in Sections 2(a) and 2(b) above, Recipient +receives no rights or licenses to the intellectual property of any +Contributor under this Agreement, whether expressly, by implication, +estoppel or otherwise. All rights in the Program not expressly granted +under this Agreement are reserved. Nothing in this Agreement is intended +to be enforceable by any entity that is not a Contributor or Recipient. +No third-party beneficiary rights are created under this Agreement. + +Exhibit A - Form of Secondary Licenses Notice + +"This Source Code may also be made available under the following +Secondary Licenses when the conditions for such availability set forth +in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), +version(s), and exceptions or additional permissions here}." + + Simply including a copy of this Agreement, including this Exhibit A + is not sufficient to license the Source Code under Secondary Licenses. + + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to + look for such a notice. + + You may add additional accurate notices of copyright ownership. + +IBM PUBLIC LICENSE VERSION 1.0 - SECURE MAILER + +THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC +LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE +PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + a) in the case of International Business Machines Corporation ("IBM"), + the Original Program, and + b) in the case of each Contributor, + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate + from and are distributed by that particular Contributor. + A Contribution 'originates' from a Contributor if it was added + to the Program by such Contributor itself or anyone acting on + such Contributor's behalf. + Contributions do not include additions to the Program which: + (i) are separate modules of software distributed in conjunction + with the Program under their own license agreement, and + (ii) are not derivative works of the Program. + +"Contributor" means IBM and any other entity that distributes the Program. + +"Licensed Patents " mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Original Program" means the original version of the software accompanying +this Agreement as released by IBM, including source code, object code +and documentation, if any. + +"Program" means the Original Program and Contributions. + +"Recipient" means anyone who receives the Program under this Agreement, +including all Contributors. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare derivative works of, publicly display, + publicly perform, distribute and sublicense the Contribution of such + Contributor, if any, and such derivative works, in source code and + object code form. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in source code and object code form. This patent license + shall apply to the combination of the Contribution and the Program + if, at the time the Contribution is added by the Contributor, such + addition of the Contribution causes such combination to be covered + by the Licensed Patents. The patent license shall not apply to any + other combinations which include the Contribution. No hardware per + se is licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the rights + and licenses granted hereunder, each Recipient hereby assumes sole + responsibility to secure any other intellectual property rights + needed, if any. For example, if a third party patent license + is required to allow Recipient to distribute the Program, it is + Recipient's responsibility to acquire that license before distributing + the Program. + + d) Each Contributor represents that to its knowledge it has sufficient + copyright rights in its Contribution, if any, to grant the copyright + license set forth in this Agreement. + +3. REQUIREMENTS + +A Contributor may choose to distribute the Program in object code form +under its own license agreement, provided that: + a) it complies with the terms and conditions of this Agreement; and + b) its license agreement: + i) effectively disclaims on behalf of all Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + ii) effectively excludes on behalf of all Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + iii) states that any provisions which differ from this Agreement + are offered by that Contributor alone and not by any other + party; and + iv) states that source code for the Program is available from + such Contributor, and informs licensees how to obtain it in a + reasonable manner on or through a medium customarily used for + software exchange. + +When the Program is made available in source code form: + a) it must be made available under this Agreement; and + b) a copy of this Agreement must be included with each copy of the + Program. + +Each Contributor must include the following in a conspicuous location +in the Program: + + Copyright (c) 1997,1998,1999, International Business Machines + Corporation and others. All Rights Reserved. + +In addition, each Contributor must identify itself as the originator of +its Contribution, if any, in a manner that reasonably allows subsequent +Recipients to identify the originator of the Contribution. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, the +Contributor who includes the Program in a commercial product offering +should do so in a manner which does not create potential liability for +other Contributors. Therefore, if a Contributor includes the Program in +a commercial product offering, such Contributor ("Commercial Contributor") +hereby agrees to defend and indemnify every other Contributor +("Indemnified Contributor") against any losses, damages and costs +(collectively "Losses") arising from claims, lawsuits and other legal +actions brought by a third party against the Indemnified Contributor to +the extent caused by the acts or omissions of such Commercial Contributor +in connection with its distribution of the Program in a commercial +product offering. The obligations in this section do not apply to any +claims or Losses relating to any actual or alleged intellectual property +infringement. In order to qualify, an Indemnified Contributor must: + a) promptly notify the Commercial Contributor in writing of such claim, +and + b) allow the Commercial Contributor to control, and cooperate with + the Commercial Contributor in, the defense and any related + settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay those +damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED +ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER +EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR +CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A +PARTICULAR PURPOSE. Each Recipient is solely responsible for determining +the appropriateness of using and distributing the Program and assumes +all risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs or +equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR +ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING +WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION +OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further action +by the parties hereto, such provision shall be reformed to the minimum +extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against a Contributor with +respect to a patent applicable to software (including a cross-claim or +counterclaim in a lawsuit), then any patent licenses granted by that +Contributor to such Recipient under this Agreement shall terminate +as of the date such litigation is filed. In addition, If Recipient +institutes patent litigation against any entity (including a cross-claim +or counterclaim in a lawsuit) alleging that the Program itself (excluding +combinations of the Program with other software or hardware) infringes +such Recipient's patent(s), then such Recipient's rights granted under +Section 2(b) shall terminate as of the date such litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it fails +to comply with any of the material terms or conditions of this Agreement +and does not cure such failure in a reasonable period of time after +becoming aware of such noncompliance. If all Recipient's rights under +this Agreement terminate, Recipient agrees to cease use and distribution +of the Program as soon as reasonably practicable. However, Recipient's +obligations under this Agreement and any licenses granted by Recipient +relating to the Program shall continue and survive. + +IBM may publish new versions (including revisions) of this Agreement +from time to time. Each new version of the Agreement will be given a +distinguishing version number. The Program (including Contributions) +may always be distributed subject to the version of the Agreement under +which it was received. In addition, after a new version of the Agreement +is published, Contributor may elect to distribute the Program (including +its Contributions) under the new version. No one other than IBM has the +right to modify this Agreement. Except as expressly stated in Sections +2(a) and 2(b) above, Recipient receives no rights or licenses to the +intellectual property of any Contributor under this Agreement, whether +expressly, by implication, estoppel or otherwise. All rights in the +Program not expressly granted under this Agreement are reserved. + +This Agreement is governed by the laws of the State of New York and the +intellectual property laws of the United States of America. No party to +this Agreement will bring a legal action under this Agreement more than +one year after the cause of action arose. Each party waives its rights +to a jury trial in any resulting litigation. diff --git a/TLS_LICENSE b/TLS_LICENSE new file mode 100644 index 0000000..3d54be2 --- /dev/null +++ b/TLS_LICENSE @@ -0,0 +1,36 @@ +Author: +======= +- Postfix/TLS support was originally developed by Lutz Jaenicke of + Brandenburg University of Technology, Cottbus, Germany. + +License: +======== +- This software is free. You can do with it whatever you want. + I would however kindly ask you to acknowledge the use of this + package, if you are going use it in your software, which you might + be going to distribute. I would also like to receive a note if + you are a satisfied user :-) + +Acknowledgements: +================= +- This package is based on the OpenSSL package as provided by the + ``OpenSSL Project''. + +Disclaimer: +=========== +- This software is provided ``as is''. You are using it at your own risk. + I will take no liability in any case. +- This software package uses strong cryptography, so even if it is created, + maintained and distributed from liberal countries in Europe (where it is + legal to do this), it falls under certain export/import and/or use + restrictions in some other parts of the world. +- PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG + CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST + COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS + ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE + TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL + TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR + OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY + EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF + PFIXTLS IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE + CAREFULLY YOURSELF, IT IS YOUR RESPONSIBILITY. diff --git a/access b/access new file mode 100644 index 0000000..5e3de53 --- /dev/null +++ b/access @@ -0,0 +1,484 @@ +# ACCESS(5) ACCESS(5) +# +# NAME +# access - Postfix SMTP server access table +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/access +# +# postmap -q "string" /usr/local/etc/postfix/access +# +# postmap -q - /usr/local/etc/postfix/access as the lookup key for such addresses. The value is +# specified with the smtpd_null_access_lookup_key parameter +# in the Postfix main.cf file. +# +# EMAIL ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, +# and user@. +# +# HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, the following +# lookup patterns are examined in the order as listed: +# +# domain.tld +# Matches domain.tld. +# +# The pattern domain.tld also matches subdomains, but +# only when the string smtpd_access_maps is listed in +# the Postfix parent_domain_matches_subdomains con- +# figuration setting. +# +# .domain.tld +# Matches subdomains of domain.tld, but only when the +# string smtpd_access_maps is not listed in the Post- +# fix parent_domain_matches_subdomains configuration +# setting. +# +# net.work.addr.ess +# +# net.work.addr +# +# net.work +# +# net Matches a remote IPv4 host address or network +# address range. Specify one to four decimal octets +# separated by ".". Do not specify "[]" , "/", lead- +# ing zeros, or hexadecimal forms. +# +# Network ranges are matched by repeatedly truncating +# the last ".octet" from a remote IPv4 host address +# string, until a match is found in the access table, +# or until further truncation is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# net:work:addr:ess +# +# net:work:addr +# +# net:work +# +# net Matches a remote IPv6 host address or network +# address range. Specify three to eight hexadecimal +# octet pairs separated by ":", using the compressed +# form "::" for a sequence of zero-valued octet +# pairs. Do not specify "[]", "/", leading zeros, or +# non-compressed forms. +# +# A network range is matched by repeatedly truncating +# the last ":octetpair" from the compressed-form +# remote IPv6 host address string, until a match is +# found in the access table, or until further trunca- +# tion is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# IPv6 support is available in Postfix 2.2 and later. +# +# ACCEPT ACTIONS +# OK Accept the address etc. that matches the pattern. +# +# all-numerical +# An all-numerical result is treated as OK. This for- +# mat is generated by address-based relay authoriza- +# tion schemes such as pop-before-smtp. +# +# For other accept actions, see "OTHER ACTIONS" below. +# +# REJECT ACTIONS +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When no code is specified +# at the beginning of the text below, Postfix inserts a +# default enhanced status code of "5.7.1" in the case of +# reject actions, and "4.7.1" in the case of defer actions. +# See "ENHANCED STATUS CODES" below. +# +# 4NN text +# +# 5NN text +# Reject the address etc. that matches the pattern, +# and respond with the numerical three-digit code and +# text. 4NN means "try again later", while 5NN means +# "do not try again". +# +# The following responses have special meaning for +# the Postfix SMTP server: +# +# 421 text (Postfix 2.3 and later) +# +# 521 text (Postfix 2.6 and later) +# After responding with the numerical +# three-digit code and text, disconnect imme- +# diately from the SMTP client. This frees up +# SMTP server resources so that they can be +# made available to another SMTP client. +# +# Note: The "521" response should be used only +# with botnets and other malware where inter- +# operability is of no concern. The "send 521 +# and disconnect" behavior is NOT defined in +# the SMTP standard. +# +# REJECT optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_reject_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# DEFER optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_defer_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# This feature is available in Postfix 2.6 and later. +# +# DEFER_IF_REJECT optional text... +# Defer the request if some later restriction would +# result in a REJECT action. Reply with +# "$access_map_defer_code 4.7.1 optional text..." +# when the optional text is specified, otherwise +# reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# DEFER_IF_PERMIT optional text... +# Defer the request if some later restriction would +# result in an explicit or implicit PERMIT action. +# Reply with "$access_map_defer_code 4.7.1 optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# For other reject actions, see "OTHER ACTIONS" below. +# +# OTHER ACTIONS +# restriction... +# Apply the named UCE restriction(s) (permit, reject, +# reject_unauth_destination, and so on). +# +# BCC user@domain +# Send one copy of the message to the specified +# recipient. +# +# If multiple BCC actions are specified within the +# same SMTP MAIL transaction, with Postfix 3.0 only +# the last action will be used. +# +# This feature is available in Postfix 3.0 and later. +# +# DISCARD optional text... +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- +# erwise log a generic message. +# +# Note: this action currently affects all recipients +# of the message. To discard only one recipient +# without discarding the entire message, use the +# transport(5) table to direct mail to the discard(8) +# service. +# +# This feature is available in Postfix 2.0 and later. +# +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network +# address subnetwork). +# +# This feature is available in Postfix 2.0 and later. +# +# FILTER transport:destination +# After the message is queued, send the entire mes- +# sage through the specified external content filter. +# The transport name specifies the first field of a +# mail delivery agent definition in master.cf; the +# syntax of the next-hop destination is described in +# the manual page of the corresponding delivery +# agent. More information about external content +# filters is in the Postfix FILTER_README file. +# +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you +# know that the information has a trusted origin. +# +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER +# actions fire, only the last one is executed. +# +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 +# and later), or specify a transport:destination that +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- +# der-dependent sender_dependent_default_transport- +# _maps features. +# +# This feature is available in Postfix 2.0 and later. +# +# HOLD optional text... +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, +# otherwise log a generic message. +# +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or +# released with the postsuper(1) command. +# +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- +# mal_queue_lifetime or $bounce_queue_lifetime, or +# longer. Use "postsuper -H" only for mail that will +# not expire within a few delivery attempts. +# +# Note: this action currently affects all recipients +# of the message. +# +# This feature is available in Postfix 2.0 and later. +# +# PREPEND headername: headervalue +# Prepend the specified message header to the mes- +# sage. When more than one PREPEND action executes, +# the first prepended header appears before the sec- +# ond etc. prepended header. +# +# Note: this action must execute before the message +# content is received; it cannot execute in the con- +# text of smtpd_end_of_data_restrictions. +# +# This feature is available in Postfix 2.1 and later. +# +# REDIRECT user@domain +# After the message is queued, send the message to +# the specified address instead of the intended +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. +# +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. +# +# This feature is available in Postfix 2.1 and later. +# +# INFO optional text... +# Log an informational record with the optional text, +# together with client information and if available, +# with helo, sender, recipient and protocol informa- +# tion. +# +# This feature is available in Postfix 3.0 and later. +# +# WARN optional text... +# Log a warning with the optional text, together with +# client information and if available, with helo, +# sender, recipient and protocol information. +# +# This feature is available in Postfix 2.1 and later. +# +# ENHANCED STATUS CODES +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen +# regardless of whether Postfix replies to a MAIL FROM, RCPT +# TO or other SMTP command. +# +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding +# sender DSN status, and vice versa. +# +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., +# 4.0.0). +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire string being looked up. Depending on the appli- +# cation, that string is an entire client hostname, an +# entire client IP address, or an entire mail address. Thus, +# no parent domain or parent network search is done, +# user@domain mail addresses are not broken up into their +# user@ and domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire +# client hostname, an entire client IP address, or an entire +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is +# user+foo broken up into user and foo. +# +# Actions are the same as with indexed file lookups. +# +# EXAMPLE +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on +# your system. +# +# /usr/local/etc/postfix/main.cf: +# smtpd_client_restrictions = +# check_client_access hash:$config_directory/access +# +# /usr/local/etc/postfix/access: +# 1.2.3 REJECT +# 1.2.3.4 OK +# +# Execute the command "postmap /usr/local/etc/postfix/access" after +# editing the file. +# +# BUGS +# The table format does not understand quoting conventions. +# +# SEE ALSO +# postmap(1), Postfix lookup table manager +# smtpd(8), SMTP server +# postconf(5), configuration parameters +# transport(5), transport:nexthop syntax +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# SMTPD_ACCESS_README, built-in SMTP server access control +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ACCESS(5) diff --git a/access.sample b/access.sample new file mode 100644 index 0000000..5e3de53 --- /dev/null +++ b/access.sample @@ -0,0 +1,484 @@ +# ACCESS(5) ACCESS(5) +# +# NAME +# access - Postfix SMTP server access table +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/access +# +# postmap -q "string" /usr/local/etc/postfix/access +# +# postmap -q - /usr/local/etc/postfix/access as the lookup key for such addresses. The value is +# specified with the smtpd_null_access_lookup_key parameter +# in the Postfix main.cf file. +# +# EMAIL ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, +# and user@. +# +# HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, the following +# lookup patterns are examined in the order as listed: +# +# domain.tld +# Matches domain.tld. +# +# The pattern domain.tld also matches subdomains, but +# only when the string smtpd_access_maps is listed in +# the Postfix parent_domain_matches_subdomains con- +# figuration setting. +# +# .domain.tld +# Matches subdomains of domain.tld, but only when the +# string smtpd_access_maps is not listed in the Post- +# fix parent_domain_matches_subdomains configuration +# setting. +# +# net.work.addr.ess +# +# net.work.addr +# +# net.work +# +# net Matches a remote IPv4 host address or network +# address range. Specify one to four decimal octets +# separated by ".". Do not specify "[]" , "/", lead- +# ing zeros, or hexadecimal forms. +# +# Network ranges are matched by repeatedly truncating +# the last ".octet" from a remote IPv4 host address +# string, until a match is found in the access table, +# or until further truncation is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# net:work:addr:ess +# +# net:work:addr +# +# net:work +# +# net Matches a remote IPv6 host address or network +# address range. Specify three to eight hexadecimal +# octet pairs separated by ":", using the compressed +# form "::" for a sequence of zero-valued octet +# pairs. Do not specify "[]", "/", leading zeros, or +# non-compressed forms. +# +# A network range is matched by repeatedly truncating +# the last ":octetpair" from the compressed-form +# remote IPv6 host address string, until a match is +# found in the access table, or until further trunca- +# tion is not possible. +# +# NOTE: use the cidr lookup table type to specify +# network/netmask patterns. See cidr_table(5) for +# details. +# +# IPv6 support is available in Postfix 2.2 and later. +# +# ACCEPT ACTIONS +# OK Accept the address etc. that matches the pattern. +# +# all-numerical +# An all-numerical result is treated as OK. This for- +# mat is generated by address-based relay authoriza- +# tion schemes such as pop-before-smtp. +# +# For other accept actions, see "OTHER ACTIONS" below. +# +# REJECT ACTIONS +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When no code is specified +# at the beginning of the text below, Postfix inserts a +# default enhanced status code of "5.7.1" in the case of +# reject actions, and "4.7.1" in the case of defer actions. +# See "ENHANCED STATUS CODES" below. +# +# 4NN text +# +# 5NN text +# Reject the address etc. that matches the pattern, +# and respond with the numerical three-digit code and +# text. 4NN means "try again later", while 5NN means +# "do not try again". +# +# The following responses have special meaning for +# the Postfix SMTP server: +# +# 421 text (Postfix 2.3 and later) +# +# 521 text (Postfix 2.6 and later) +# After responding with the numerical +# three-digit code and text, disconnect imme- +# diately from the SMTP client. This frees up +# SMTP server resources so that they can be +# made available to another SMTP client. +# +# Note: The "521" response should be used only +# with botnets and other malware where inter- +# operability is of no concern. The "send 521 +# and disconnect" behavior is NOT defined in +# the SMTP standard. +# +# REJECT optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_reject_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# DEFER optional text... +# Reject the address etc. that matches the pattern. +# Reply with "$access_map_defer_code optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# This feature is available in Postfix 2.6 and later. +# +# DEFER_IF_REJECT optional text... +# Defer the request if some later restriction would +# result in a REJECT action. Reply with +# "$access_map_defer_code 4.7.1 optional text..." +# when the optional text is specified, otherwise +# reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# DEFER_IF_PERMIT optional text... +# Defer the request if some later restriction would +# result in an explicit or implicit PERMIT action. +# Reply with "$access_map_defer_code 4.7.1 optional +# text..." when the optional text is specified, oth- +# erwise reply with a generic error response message. +# +# Prior to Postfix 2.6, the SMTP reply code is 450. +# +# This feature is available in Postfix 2.1 and later. +# +# For other reject actions, see "OTHER ACTIONS" below. +# +# OTHER ACTIONS +# restriction... +# Apply the named UCE restriction(s) (permit, reject, +# reject_unauth_destination, and so on). +# +# BCC user@domain +# Send one copy of the message to the specified +# recipient. +# +# If multiple BCC actions are specified within the +# same SMTP MAIL transaction, with Postfix 3.0 only +# the last action will be used. +# +# This feature is available in Postfix 3.0 and later. +# +# DISCARD optional text... +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- +# erwise log a generic message. +# +# Note: this action currently affects all recipients +# of the message. To discard only one recipient +# without discarding the entire message, use the +# transport(5) table to direct mail to the discard(8) +# service. +# +# This feature is available in Postfix 2.0 and later. +# +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network +# address subnetwork). +# +# This feature is available in Postfix 2.0 and later. +# +# FILTER transport:destination +# After the message is queued, send the entire mes- +# sage through the specified external content filter. +# The transport name specifies the first field of a +# mail delivery agent definition in master.cf; the +# syntax of the next-hop destination is described in +# the manual page of the corresponding delivery +# agent. More information about external content +# filters is in the Postfix FILTER_README file. +# +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you +# know that the information has a trusted origin. +# +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER +# actions fire, only the last one is executed. +# +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 +# and later), or specify a transport:destination that +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- +# der-dependent sender_dependent_default_transport- +# _maps features. +# +# This feature is available in Postfix 2.0 and later. +# +# HOLD optional text... +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, +# otherwise log a generic message. +# +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or +# released with the postsuper(1) command. +# +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- +# mal_queue_lifetime or $bounce_queue_lifetime, or +# longer. Use "postsuper -H" only for mail that will +# not expire within a few delivery attempts. +# +# Note: this action currently affects all recipients +# of the message. +# +# This feature is available in Postfix 2.0 and later. +# +# PREPEND headername: headervalue +# Prepend the specified message header to the mes- +# sage. When more than one PREPEND action executes, +# the first prepended header appears before the sec- +# ond etc. prepended header. +# +# Note: this action must execute before the message +# content is received; it cannot execute in the con- +# text of smtpd_end_of_data_restrictions. +# +# This feature is available in Postfix 2.1 and later. +# +# REDIRECT user@domain +# After the message is queued, send the message to +# the specified address instead of the intended +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. +# +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. +# +# This feature is available in Postfix 2.1 and later. +# +# INFO optional text... +# Log an informational record with the optional text, +# together with client information and if available, +# with helo, sender, recipient and protocol informa- +# tion. +# +# This feature is available in Postfix 3.0 and later. +# +# WARN optional text... +# Log a warning with the optional text, together with +# client information and if available, with helo, +# sender, recipient and protocol information. +# +# This feature is available in Postfix 2.1 and later. +# +# ENHANCED STATUS CODES +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen +# regardless of whether Postfix replies to a MAIL FROM, RCPT +# TO or other SMTP command. +# +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding +# sender DSN status, and vice versa. +# +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., +# 4.0.0). +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire string being looked up. Depending on the appli- +# cation, that string is an entire client hostname, an +# entire client IP address, or an entire mail address. Thus, +# no parent domain or parent network search is done, +# user@domain mail addresses are not broken up into their +# user@ and domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire +# client hostname, an entire client IP address, or an entire +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is +# user+foo broken up into user and foo. +# +# Actions are the same as with indexed file lookups. +# +# EXAMPLE +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on +# your system. +# +# /usr/local/etc/postfix/main.cf: +# smtpd_client_restrictions = +# check_client_access hash:$config_directory/access +# +# /usr/local/etc/postfix/access: +# 1.2.3 REJECT +# 1.2.3.4 OK +# +# Execute the command "postmap /usr/local/etc/postfix/access" after +# editing the file. +# +# BUGS +# The table format does not understand quoting conventions. +# +# SEE ALSO +# postmap(1), Postfix lookup table manager +# smtpd(8), SMTP server +# postconf(5), configuration parameters +# transport(5), transport:nexthop syntax +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# SMTPD_ACCESS_README, built-in SMTP server access control +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ACCESS(5) diff --git a/aliases b/aliases new file mode 100644 index 0000000..280c3d2 --- /dev/null +++ b/aliases @@ -0,0 +1,273 @@ +# +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to Postfix. +# + +# Person who should get root's mail. Don't receive mail as root! +#root: you + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +bin: root +daemon: root +named: root +nobody: root +uucp: root +www: root +ftp-bugs: root +postfix: root + +# Put your local aliases here. + +# Well-known aliases +manager: root +dumper: root +operator: root +abuse: postmaster + +# trap decode to catch security attacks +decode: root + +# ALIASES(5) ALIASES(5) +# +# NAME +# aliases - Postfix local alias database format +# +# SYNOPSIS +# newaliases +# +# DESCRIPTION +# The optional aliases(5) table (alias_maps) redirects mail +# for local recipients. The redirections are processed by +# the Postfix local(8) delivery agent. +# +# This is unlike virtual(5) aliasing (virtual_alias_maps) +# which applies to all recipients: local(8), virtual, and +# remote, and which is implemented by the cleanup(8) daemon. +# +# Normally, the aliases(5) table is specified as a text file +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after +# changing the Postfix alias database. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR +# EXPRESSION TABLES". +# +# Users can control delivery of their own mail by setting up +# .forward files in their home directory. Lines in per-user +# .forward files have the same syntax as the right-hand side +# of aliases(5) entries. +# +# The format of the alias database input file is as follows: +# +# o An alias definition has the form +# +# name: value1, value2, ... +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to +# lowercase, in order to make database lookups case insensi- +# tive. +# +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- +# ery diagnostics are directed to owner-name, instead of the +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who +# is in a better position to deal with mailing list delivery +# problems than the originator of the undelivered mail. +# +# The value contains one or more of the following: +# +# address +# Mail is forwarded to address, which is compatible +# with the RFC 822 standard. +# +# /file/name +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, +# deflect it to /dev/null. +# +# |command +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- +# ERY" and "DELIVERY RIGHTS" in the local(8) documen- +# tation. +# +# When the command fails, a limited amount of command +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to +# implement an expensive black hole. +# +# :include:/file/name +# Mail is sent to the destinations listed in the +# named file. Lines in :include: files have the same +# syntax as the right-hand side of alias entries. +# +# A destination can be any destination that is +# described in this manual page. However, delivery to +# "|command" and /file/name is disallowed by default. +# To enable, edit the allow_mail_to_commands and +# allow_mail_to_files configuration parameters. +# +# ADDRESS EXTENSION +# When alias database search fails, and the recipient local- +# part contains the optional recipient delimiter (e.g., +# user+foo), the search is repeated for the unextended +# address (e.g., user). +# +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- +# gated to the result of table lookup. +# +# CASE FOLDING +# The local(8) delivery agent always folds the search string +# to lowercase before database lookup. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). NOTE: these formats +# do not use ":" at the end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string user+foo is not broken up +# into user and foo. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for $1, $2 etc. +# substring interpolation. +# +# SECURITY +# The local(8) delivery agent disallows regular expression +# substitution of $1 etc. in alias_maps, because that would +# open a security hole. +# +# The local(8) delivery agent will silently ignore requests +# to use the proxymap(8) server within alias_maps. Instead +# it will open the table directly. Before Postfix version +# 2.2, the local(8) delivery agent will terminate with a +# fatal error. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# alias_database (see 'postconf -d' output) +# The alias databases for local(8) delivery that are +# updated with "newaliases" or with "sendmail -bi". +# +# alias_maps (see 'postconf -d' output) +# Optional lookup tables with aliases that apply only +# to local(8) recipients; this is unlike vir- +# tual_alias_maps that apply to all recipients: +# local(8), virtual, and remote. +# +# allow_mail_to_commands (alias, forward) +# Restrict local(8) mail delivery to external com- +# mands. +# +# allow_mail_to_files (alias, forward) +# Restrict local(8) mail delivery to external files. +# +# expand_owner_alias (no) +# When delivering to an alias "aliasname" that has an +# "owner-aliasname" companion alias, set the envelope +# sender address to the expansion of the +# "owner-aliasname" alias. +# +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# recipient_delimiter (empty) +# The set of characters that can separate an email +# address localpart, user name, or a .forward file +# name from its extension. +# +# Available in Postfix version 2.3 and later: +# +# frozen_delivered_to (yes) +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address +# while expanding aliases or .forward files. +# +# STANDARDS +# RFC 822 (ARPA Internet Text Messages) +# +# SEE ALSO +# local(8), local delivery agent +# newaliases(1), create/update alias database +# postalias(1), create/update alias database +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ALIASES(5) diff --git a/aliases.sample b/aliases.sample new file mode 100644 index 0000000..280c3d2 --- /dev/null +++ b/aliases.sample @@ -0,0 +1,273 @@ +# +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to Postfix. +# + +# Person who should get root's mail. Don't receive mail as root! +#root: you + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +bin: root +daemon: root +named: root +nobody: root +uucp: root +www: root +ftp-bugs: root +postfix: root + +# Put your local aliases here. + +# Well-known aliases +manager: root +dumper: root +operator: root +abuse: postmaster + +# trap decode to catch security attacks +decode: root + +# ALIASES(5) ALIASES(5) +# +# NAME +# aliases - Postfix local alias database format +# +# SYNOPSIS +# newaliases +# +# DESCRIPTION +# The optional aliases(5) table (alias_maps) redirects mail +# for local recipients. The redirections are processed by +# the Postfix local(8) delivery agent. +# +# This is unlike virtual(5) aliasing (virtual_alias_maps) +# which applies to all recipients: local(8), virtual, and +# remote, and which is implemented by the cleanup(8) daemon. +# +# Normally, the aliases(5) table is specified as a text file +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after +# changing the Postfix alias database. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR +# EXPRESSION TABLES". +# +# Users can control delivery of their own mail by setting up +# .forward files in their home directory. Lines in per-user +# .forward files have the same syntax as the right-hand side +# of aliases(5) entries. +# +# The format of the alias database input file is as follows: +# +# o An alias definition has the form +# +# name: value1, value2, ... +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to +# lowercase, in order to make database lookups case insensi- +# tive. +# +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- +# ery diagnostics are directed to owner-name, instead of the +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who +# is in a better position to deal with mailing list delivery +# problems than the originator of the undelivered mail. +# +# The value contains one or more of the following: +# +# address +# Mail is forwarded to address, which is compatible +# with the RFC 822 standard. +# +# /file/name +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, +# deflect it to /dev/null. +# +# |command +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- +# ERY" and "DELIVERY RIGHTS" in the local(8) documen- +# tation. +# +# When the command fails, a limited amount of command +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to +# implement an expensive black hole. +# +# :include:/file/name +# Mail is sent to the destinations listed in the +# named file. Lines in :include: files have the same +# syntax as the right-hand side of alias entries. +# +# A destination can be any destination that is +# described in this manual page. However, delivery to +# "|command" and /file/name is disallowed by default. +# To enable, edit the allow_mail_to_commands and +# allow_mail_to_files configuration parameters. +# +# ADDRESS EXTENSION +# When alias database search fails, and the recipient local- +# part contains the optional recipient delimiter (e.g., +# user+foo), the search is repeated for the unextended +# address (e.g., user). +# +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- +# gated to the result of table lookup. +# +# CASE FOLDING +# The local(8) delivery agent always folds the search string +# to lowercase before database lookup. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). NOTE: these formats +# do not use ":" at the end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string user+foo is not broken up +# into user and foo. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for $1, $2 etc. +# substring interpolation. +# +# SECURITY +# The local(8) delivery agent disallows regular expression +# substitution of $1 etc. in alias_maps, because that would +# open a security hole. +# +# The local(8) delivery agent will silently ignore requests +# to use the proxymap(8) server within alias_maps. Instead +# it will open the table directly. Before Postfix version +# 2.2, the local(8) delivery agent will terminate with a +# fatal error. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# alias_database (see 'postconf -d' output) +# The alias databases for local(8) delivery that are +# updated with "newaliases" or with "sendmail -bi". +# +# alias_maps (see 'postconf -d' output) +# Optional lookup tables with aliases that apply only +# to local(8) recipients; this is unlike vir- +# tual_alias_maps that apply to all recipients: +# local(8), virtual, and remote. +# +# allow_mail_to_commands (alias, forward) +# Restrict local(8) mail delivery to external com- +# mands. +# +# allow_mail_to_files (alias, forward) +# Restrict local(8) mail delivery to external files. +# +# expand_owner_alias (no) +# When delivering to an alias "aliasname" that has an +# "owner-aliasname" companion alias, set the envelope +# sender address to the expansion of the +# "owner-aliasname" alias. +# +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# recipient_delimiter (empty) +# The set of characters that can separate an email +# address localpart, user name, or a .forward file +# name from its extension. +# +# Available in Postfix version 2.3 and later: +# +# frozen_delivered_to (yes) +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address +# while expanding aliases or .forward files. +# +# STANDARDS +# RFC 822 (ARPA Internet Text Messages) +# +# SEE ALSO +# local(8), local delivery agent +# newaliases(1), create/update alias database +# postalias(1), create/update alias database +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# ALIASES(5) diff --git a/bounce.cf.default b/bounce.cf.default new file mode 100644 index 0000000..cab6fcb --- /dev/null +++ b/bounce.cf.default @@ -0,0 +1,112 @@ +# +# Do not edit this file. This file shows the default delivery status +# notification (DSN) messages that are built into Postfix. +# +# To change Postfix DSN messages, perhaps to add non-English text, +# follow instructions in the bounce(5) manual page. +# + +# +# The failure template is used when mail is returned to the sender; +# either the destination rejected the message, or the destination +# could not be reached before the message expired in the queue. +# + +failure_template = < +Subject: Undelivered Mail Returned to Sender +Postmaster-Subject: Postmaster Copy: Undelivered Mail + +This is the mail system at host $myhostname. + +I'm sorry to have to inform you that your message could not +be delivered to one or more recipients. It's attached below. + +For further assistance, please send mail to postmaster. + +If you do so, please include this problem report. You can +delete your own text from the attached returned message. + + The mail system +EOF + + +# +# The delay template is used when mail is delayed. Note a neat trick: +# the default template displays the delay_warning_time value as hours +# by appending the _hours suffix to the parameter name; it displays +# the maximal_queue_lifetime value as days by appending the _days +# suffix. +# +# Other suffixes are: _seconds, _minutes, _weeks. There are no other +# main.cf parameters that have this special behavior. +# +# You need to adjust these suffixes (and the surrounding text) if +# you have very different settings for these time parameters. +# + +delay_template = < +Subject: Delayed Mail (still being retried) +Postmaster-Subject: Postmaster Warning: Delayed Mail + +This is the mail system at host $myhostname. + +#################################################################### +# THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # +#################################################################### + +Your message could not be delivered for more than $delay_warning_time_hours hour(s). +It will be retried until it is $maximal_queue_lifetime_days day(s) old. + +For further assistance, please send mail to postmaster. + +If you do so, please include this problem report. You can +delete your own text from the attached returned message. + + The mail system +EOF + + +# +# The success template is used when mail is delivered to mailbox, +# when an alias or list is expanded, or when mail is delivered to a +# system that does not announce DSN support. It is an error to specify +# a Postmaster-Subject: here. +# + +success_template = < +Subject: Successful Mail Delivery Report + +This is the mail system at host $myhostname. + +Your message was successfully delivered to the destination(s) +listed below. If the message was delivered to mailbox you will +receive no further notifications. Otherwise you may still receive +notifications of mail delivery errors from other systems. + + The mail system +EOF + + +# +# The verify template is used for address verification (sendmail -bv +# address...) or for verbose mail delivery (sendmail -v address...). +# It is an error to specify a Postmaster-Subject: here. +# + +verify_template = < +Subject: Mail Delivery Status Report + +This is the mail system at host $myhostname. + +Enclosed is the mail delivery report that you requested. + + The mail system +EOF diff --git a/canonical b/canonical new file mode 100644 index 0000000..3dbee56 --- /dev/null +++ b/canonical @@ -0,0 +1,306 @@ +# CANONICAL(5) CANONICAL(5) +# +# NAME +# canonical - Postfix canonical table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/canonical +# +# postmap -q "string" /usr/local/etc/postfix/canonical +# +# postmap -q - /usr/local/etc/postfix/canonical $/ +# REJECT IFRAME vulnerability exploit +# +# SEE ALSO +# cleanup(8), canonicalize and enqueue Postfix message +# pcre_table(5), format of PCRE lookup tables +# regexp_table(5), format of POSIX regular expression tables +# postconf(1), Postfix configuration utility +# postmap(1), Postfix lookup table management +# postsuper(1), Postfix janitor +# postcat(1), show Postfix queue file contents +# RFC 2045, base64 and quoted-printable encoding rules +# RFC 2047, message header encoding for non-ASCII text +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# CONTENT_INSPECTION_README, Postfix content inspection overview +# BUILTIN_FILTER_README, Postfix built-in content inspection +# BACKSCATTER_README, blocking returned forged mail +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# HEADER_CHECKS(5) diff --git a/header_checks.sample b/header_checks.sample new file mode 100644 index 0000000..f36f2e3 --- /dev/null +++ b/header_checks.sample @@ -0,0 +1,535 @@ +# HEADER_CHECKS(5) HEADER_CHECKS(5) +# +# NAME +# header_checks - Postfix built-in content inspection +# +# SYNOPSIS +# header_checks = pcre:$config_directory/header_checks +# mime_header_checks = pcre:$config_directory/mime_header_checks +# nested_header_checks = pcre:$config_directory/nested_header_checks +# body_checks = pcre:$config_directory/body_checks +# +# milter_header_checks = pcre:$config_directory/milter_header_checks +# +# smtp_header_checks = pcre:$config_directory/smtp_header_checks +# smtp_mime_header_checks = pcre:$config_directory/smtp_mime_header_checks +# smtp_nested_header_checks = pcre:$config_directory/smtp_nested_header_checks +# smtp_body_checks = pcre:$config_directory/smtp_body_checks +# +# postmap -q "string" pcre:$config_directory/filename +# postmap -q - pcre:$config_directory/filename $/ +# REJECT IFRAME vulnerability exploit +# +# SEE ALSO +# cleanup(8), canonicalize and enqueue Postfix message +# pcre_table(5), format of PCRE lookup tables +# regexp_table(5), format of POSIX regular expression tables +# postconf(1), Postfix configuration utility +# postmap(1), Postfix lookup table management +# postsuper(1), Postfix janitor +# postcat(1), show Postfix queue file contents +# RFC 2045, base64 and quoted-printable encoding rules +# RFC 2047, message header encoding for non-ASCII text +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# CONTENT_INSPECTION_README, Postfix content inspection overview +# BUILTIN_FILTER_README, Postfix built-in content inspection +# BACKSCATTER_README, blocking returned forged mail +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# HEADER_CHECKS(5) diff --git a/main.cf b/main.cf new file mode 100644 index 0000000..f2a4a5a --- /dev/null +++ b/main.cf @@ -0,0 +1,727 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# TIP: use the command "postconf -n" to view main.cf parameter +# settings, "postconf parametername" to view a specific parameter, +# and "postconf 'parametername=value'" to set a specific parameter. +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +compatibility_level = 3.9 + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/local/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/local/libexec/postfix + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/db/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld +myhostname = root-kit.ru + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld +mydomain = root-kit.ru + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain +mydestination = localhost, localhost.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = host), Postfix "trusts" only +# the local machine. +# +# Specify "mynetworks_style = subnet" when Postfix should "trust" +# SMTP clients in the same IP subnetworks as the local machine. +# On Linux, this works correctly only with interfaces specified +# with the "ifconfig" or "ip" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.3.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:$config_directory/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_relay_restrictions and +# smtpd_recipient_restrictions descriptions in postconf(5) for detailed +# information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks, or is +# SASL authenticated) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is empty. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = +virtual_mailbox_domains = root-kit.ru +virtual_mailbox_base = /var/mail/vmail +virtual_mailbox_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf +virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:$config_directory/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases +alias_maps = hash:/etc/mail/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_privs. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:$config_directory/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +#debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain +debug_peer_list = 127.0.0.1 +debug_peer_level = 3 + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/local/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/local/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/local/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = maildrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/local/share/doc/postfix + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/local/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /usr/local/etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/local/share/doc/postfix +inet_protocols = all + +# smtp CA path (default to system-wide location) +smtp_tls_CApath = /usr/local/etc/letsencrypt/live/root-kit.ru + + +# Включение TLS +smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem +smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem +smtpd_tls_security_level = may +smtpd_tls_auth_only = yes +# Для исходящей почты +smtp_tls_security_level = may +smtp_tls_CApath = /usr/local/etc/letsencrypt/live/root-kit.ru +smtp_tls_cert_file = /usr/local/etc/letsencrypt/live/root-kit.ru/fullchain.pem +smtp_tls_key_file = /usr/local/etc/letsencrypt/live/root-kit.ru/privkey.pem +# Включение SASL-аутентификации +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous +smtpd_sasl_local_domain = $myhostname +broken_sasl_auth_clients = yes +# Разрешение аутентифицированным пользователям отправлять почту +smtpd_recipient_restrictions = + permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination + + +meta_directory = /usr/local/libexec/postfix +shlib_directory = /usr/local/lib/postfix diff --git a/main.cf.default b/main.cf.default new file mode 100644 index 0000000..99d8513 --- /dev/null +++ b/main.cf.default @@ -0,0 +1,953 @@ +# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE +# TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX. +# +2bounce_notice_recipient = postmaster +access_map_defer_code = 450 +access_map_reject_code = 554 +address_verify_cache_cleanup_interval = 12h +address_verify_default_transport = $default_transport +address_verify_local_transport = $local_transport +address_verify_map = btree:$data_directory/verify_cache +address_verify_negative_cache = yes +address_verify_negative_expire_time = 3d +address_verify_negative_refresh_time = 3h +address_verify_pending_request_limit = 5000 +address_verify_poll_count = ${stress?{1}:{3}} +address_verify_poll_delay = 3s +address_verify_positive_expire_time = 31d +address_verify_positive_refresh_time = 7d +address_verify_relay_transport = $relay_transport +address_verify_relayhost = $relayhost +address_verify_sender = $double_bounce_sender +address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps +address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps +address_verify_sender_ttl = 0s +address_verify_service_name = verify +address_verify_transport_maps = $transport_maps +address_verify_virtual_transport = $virtual_transport +alias_database = hash:/etc/aliases +alias_maps = hash:/etc/aliases +allow_mail_to_commands = alias, forward +allow_mail_to_files = alias, forward +allow_min_user = no +allow_percent_hack = yes +allow_srv_lookup_fallback = no +allow_untrusted_routing = no +alternate_config_directories = +always_add_missing_headers = no +always_bcc = +anvil_rate_time_unit = 60s +anvil_status_update_time = 600s +append_at_myorigin = yes +append_dot_mydomain = ${{$compatibility_level} +empty_address_local_login_sender_maps_lookup_key = <> +empty_address_recipient = MAILER-DAEMON +empty_address_relayhost_maps_lookup_key = <> +enable_idna2003_compatibility = no +enable_long_queue_ids = no +enable_original_recipient = yes +enable_threaded_bounces = no +error_delivery_slot_cost = $default_delivery_slot_cost +error_delivery_slot_discount = $default_delivery_slot_discount +error_delivery_slot_loan = $default_delivery_slot_loan +error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +error_destination_concurrency_limit = $default_destination_concurrency_limit +error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +error_destination_rate_delay = $default_destination_rate_delay +error_destination_recipient_limit = $default_destination_recipient_limit +error_extra_recipient_limit = $default_extra_recipient_limit +error_initial_destination_concurrency = $initial_destination_concurrency +error_minimum_delivery_slots = $default_minimum_delivery_slots +error_notice_recipient = postmaster +error_recipient_limit = $default_recipient_limit +error_recipient_refill_delay = $default_recipient_refill_delay +error_recipient_refill_limit = $default_recipient_refill_limit +error_service_name = error +error_transport_rate_delay = $default_transport_rate_delay +execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ +expand_owner_alias = no +export_environment = TZ MAIL_CONFIG LANG +fallback_transport = +fallback_transport_maps = +fast_flush_domains = $relay_domains +fast_flush_purge_time = 7d +fast_flush_refresh_time = 12h +fault_injection_code = 0 +flush_service_name = flush +force_mime_input_conversion = no +fork_attempts = 5 +fork_delay = 1s +forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ +forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward +frozen_delivered_to = yes +hash_queue_depth = 1 +hash_queue_names = deferred, defer +header_address_token_limit = 10240 +header_checks = +header_from_format = standard +header_size_limit = 102400 +helpful_warnings = yes +home_mailbox = +hopcount_limit = 50 +html_directory = /usr/local/share/doc/postfix +ignore_mx_lookup_error = no +ignore_srv_lookup_error = no +import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C POSTLOG_SERVICE POSTLOG_HOSTNAME +in_flow_delay = 1s +inet_interfaces = all +inet_protocols = all +info_log_address_format = external +initial_destination_concurrency = 5 +internal_mail_filter_classes = +invalid_hostname_reject_code = 501 +ipc_idle = 5s +ipc_timeout = 3600s +ipc_ttl = 1000s +known_tcp_ports = lmtp=24, smtp=25, smtps=submissions=465, submission=587 +line_length_limit = 2048 +lmdb_map_size = 16777216 +lmtp_address_preference = any +lmtp_address_verify_target = rcpt +lmtp_assume_final = no +lmtp_balance_inet_protocols = yes +lmtp_bind_address = +lmtp_bind_address6 = +lmtp_bind_address_enforce = no +lmtp_body_checks = +lmtp_cname_overrides_servername = no +lmtp_connect_timeout = 0s +lmtp_connection_cache_destinations = +lmtp_connection_cache_on_demand = yes +lmtp_connection_cache_time_limit = 2s +lmtp_connection_reuse_count_limit = 0 +lmtp_connection_reuse_time_limit = 300s +lmtp_data_done_timeout = 600s +lmtp_data_init_timeout = 120s +lmtp_data_xfer_timeout = 180s +lmtp_defer_if_no_mx_address_found = no +lmtp_delivery_slot_cost = $default_delivery_slot_cost +lmtp_delivery_slot_discount = $default_delivery_slot_discount +lmtp_delivery_slot_loan = $default_delivery_slot_loan +lmtp_delivery_status_filter = $default_delivery_status_filter +lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +lmtp_destination_concurrency_limit = $default_destination_concurrency_limit +lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +lmtp_destination_rate_delay = $default_destination_rate_delay +lmtp_destination_recipient_limit = $default_destination_recipient_limit +lmtp_discard_lhlo_keyword_address_maps = +lmtp_discard_lhlo_keywords = +lmtp_dns_reply_filter = +lmtp_dns_resolver_options = +lmtp_dns_support_level = +lmtp_enforce_tls = no +lmtp_extra_recipient_limit = $default_extra_recipient_limit +lmtp_fallback_relay = +lmtp_generic_maps = +lmtp_header_checks = +lmtp_host_lookup = dns +lmtp_initial_destination_concurrency = $initial_destination_concurrency +lmtp_lhlo_name = $myhostname +lmtp_lhlo_timeout = 300s +lmtp_line_length_limit = 998 +lmtp_mail_timeout = 300s +lmtp_mime_header_checks = +lmtp_min_data_rate = 500 +lmtp_minimum_delivery_slots = $default_minimum_delivery_slots +lmtp_mx_address_limit = 5 +lmtp_mx_session_limit = 2 +lmtp_nested_header_checks = +lmtp_per_request_deadline = ${lmtp_per_record_deadline?{$lmtp_per_record_deadline}:{no}} +lmtp_pix_workaround_delay_time = 10s +lmtp_pix_workaround_maps = +lmtp_pix_workaround_threshold_time = 500s +lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf +lmtp_quit_timeout = 300s +lmtp_quote_rfc821_envelope = yes +lmtp_randomize_addresses = yes +lmtp_rcpt_timeout = 300s +lmtp_recipient_limit = $default_recipient_limit +lmtp_recipient_refill_delay = $default_recipient_refill_delay +lmtp_recipient_refill_limit = $default_recipient_refill_limit +lmtp_reply_filter = +lmtp_rset_timeout = 20s +lmtp_sasl_auth_cache_name = +lmtp_sasl_auth_cache_time = 90d +lmtp_sasl_auth_enable = no +lmtp_sasl_auth_soft_bounce = yes +lmtp_sasl_mechanism_filter = +lmtp_sasl_password_maps = +lmtp_sasl_password_result_delimiter = : +lmtp_sasl_path = +lmtp_sasl_security_options = noplaintext, noanonymous +lmtp_sasl_tls_security_options = $lmtp_sasl_security_options +lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options +lmtp_sasl_type = cyrus +lmtp_send_dummy_mail_auth = no +lmtp_send_xforward_command = no +lmtp_sender_dependent_authentication = no +lmtp_skip_5xx_greeting = yes +lmtp_skip_quit_response = no +lmtp_starttls_timeout = 300s +lmtp_tcp_port = 24 +lmtp_tls_CAfile = +lmtp_tls_CApath = +lmtp_tls_block_early_mail_reply = no +lmtp_tls_cert_file = +lmtp_tls_chain_files = +lmtp_tls_ciphers = medium +lmtp_tls_connection_reuse = no +lmtp_tls_dcert_file = +lmtp_tls_dkey_file = $lmtp_tls_dcert_file +lmtp_tls_eccert_file = +lmtp_tls_eckey_file = $lmtp_tls_eccert_file +lmtp_tls_enable_rpk = no +lmtp_tls_enforce_peername = yes +lmtp_tls_exclude_ciphers = +lmtp_tls_fingerprint_cert_match = +lmtp_tls_fingerprint_digest = ${{$compatibility_level} =TLSv1 +lmtp_tls_note_starttls_offer = no +lmtp_tls_per_site = +lmtp_tls_policy_maps = +lmtp_tls_protocols = >=TLSv1 +lmtp_tls_scert_verifydepth = 9 +lmtp_tls_secure_cert_match = nexthop +lmtp_tls_security_level = +lmtp_tls_servername = +lmtp_tls_session_cache_database = +lmtp_tls_session_cache_timeout = 3600s +lmtp_tls_trust_anchor_file = +lmtp_tls_verify_cert_match = hostname +lmtp_tls_wrappermode = no +lmtp_transport_rate_delay = $default_transport_rate_delay +lmtp_use_tls = no +lmtp_xforward_timeout = 300s +local_command_shell = +local_delivery_slot_cost = $default_delivery_slot_cost +local_delivery_slot_discount = $default_delivery_slot_discount +local_delivery_slot_loan = $default_delivery_slot_loan +local_delivery_status_filter = $default_delivery_status_filter +local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit +local_destination_concurrency_limit = 2 +local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback +local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback +local_destination_rate_delay = $default_destination_rate_delay +local_destination_recipient_limit = 1 +local_extra_recipient_limit = $default_extra_recipient_limit +local_header_rewrite_clients = permit_inet_interfaces +local_initial_destination_concurrency = $initial_destination_concurrency +local_login_sender_maps = static:* +local_minimum_delivery_slots = $default_minimum_delivery_slots +local_recipient_limit = $default_recipient_limit +local_recipient_maps = proxy:unix:passwd.byname $alias_maps +local_recipient_refill_delay = $default_recipient_refill_delay +local_recipient_refill_limit = $default_recipient_refill_limit +local_transport = local:$myhostname +local_transport_rate_delay = $default_transport_rate_delay +luser_relay = +mail_name = Postfix +mail_owner = postfix +mail_release_date = 20241204 +mail_spool_directory = /var/mail +mail_version = 3.9.1 +mailbox_command = +mailbox_command_maps = +mailbox_delivery_lock = flock, dotlock +mailbox_size_limit = 51200000 +mailbox_transport = +mailbox_transport_maps = +maillog_file = +maillog_file_compressor = gzip +maillog_file_permissions = 0600 +maillog_file_prefixes = /var, /dev/stdout +maillog_file_rotate_suffix = %Y%m%d-%H%M%S +mailq_path = /usr/local/bin/mailq +manpage_directory = /usr/local/share/man +maps_rbl_domains = +maps_rbl_reject_code = 554 +masquerade_classes = envelope_sender, header_sender, header_recipient +masquerade_domains = +masquerade_exceptions = +master_service_disable = +max_idle = 100s +max_use = 100 +maximal_backoff_time = 4000s +maximal_queue_lifetime = 5d +message_drop_headers = bcc, content-length, resent-bcc, return-path +message_reject_characters = +message_size_limit = 10240000 +message_strip_characters = +meta_directory = /usr/local/libexec/postfix +milter_command_timeout = 30s +milter_connect_macros = j {daemon_name} {daemon_addr} v _ +milter_connect_timeout = 30s +milter_content_timeout = 300s +milter_data_macros = i +milter_default_action = tempfail +milter_end_of_data_macros = i +milter_end_of_header_macros = i +milter_header_checks = +milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} +milter_macro_daemon_name = $myhostname +milter_macro_defaults = +milter_macro_v = $mail_name $mail_version +milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} +milter_protocol = 6 +milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} +milter_unknown_command_macros = +mime_boundary_length_limit = 2048 +mime_header_checks = $header_checks +mime_nesting_limit = 100 +minimal_backoff_time = 300s +multi_instance_directories = +multi_instance_enable = no +multi_instance_group = +multi_instance_name = +multi_instance_wrapper = +multi_recipient_bounce_reject_code = 550 +mydestination = $myhostname, localhost.$mydomain, localhost +mynetworks_style = ${{$compatibility_level} =TLSv1 +smtp_tls_note_starttls_offer = no +smtp_tls_per_site = +smtp_tls_policy_maps = +smtp_tls_protocols = >=TLSv1 +smtp_tls_scert_verifydepth = 9 +smtp_tls_secure_cert_match = nexthop, dot-nexthop +smtp_tls_security_level = +smtp_tls_servername = +smtp_tls_session_cache_database = +smtp_tls_session_cache_timeout = 3600s +smtp_tls_trust_anchor_file = +smtp_tls_verify_cert_match = hostname +smtp_tls_wrappermode = no +smtp_transport_rate_delay = $default_transport_rate_delay +smtp_use_tls = no +smtp_xforward_timeout = 300s +smtpd_authorized_verp_clients = $authorized_verp_clients +smtpd_authorized_xclient_hosts = +smtpd_authorized_xforward_hosts = +smtpd_banner = $myhostname ESMTP $mail_name +smtpd_client_auth_rate_limit = 0 +smtpd_client_connection_count_limit = 50 +smtpd_client_connection_rate_limit = 0 +smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} +smtpd_client_ipv4_prefix_length = 32 +smtpd_client_ipv6_prefix_length = 84 +smtpd_client_message_rate_limit = 0 +smtpd_client_new_tls_session_rate_limit = 0 +smtpd_client_port_logging = no +smtpd_client_recipient_rate_limit = 0 +smtpd_client_restrictions = +smtpd_command_filter = +smtpd_data_restrictions = +smtpd_delay_open_until_valid_rcpt = yes +smtpd_delay_reject = yes +smtpd_discard_ehlo_keyword_address_maps = +smtpd_discard_ehlo_keywords = +smtpd_dns_reply_filter = +smtpd_end_of_data_restrictions = +smtpd_enforce_tls = no +smtpd_error_sleep_time = 1s +smtpd_etrn_restrictions = +smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ +smtpd_forbid_bare_newline = normalize +smtpd_forbid_bare_newline_exclusions = $mynetworks +smtpd_forbid_bare_newline_reject_code = 550 +smtpd_forbid_unauth_pipelining = yes +smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}} +smtpd_hard_error_limit = ${stress?{1}:{20}} +smtpd_helo_required = no +smtpd_helo_restrictions = +smtpd_history_flush_threshold = 100 +smtpd_junk_command_limit = ${stress?{1}:{100}} +smtpd_log_access_permit_actions = +smtpd_milter_maps = +smtpd_milters = +smtpd_min_data_rate = 500 +smtpd_noop_commands = +smtpd_null_access_lookup_key = <> +smtpd_peername_lookup = yes +smtpd_per_request_deadline = ${smtpd_per_record_deadline?{$smtpd_per_record_deadline}:{${stress?{yes}:{no}}}} +smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem +smtpd_policy_service_max_idle = 300s +smtpd_policy_service_max_ttl = 1000s +smtpd_policy_service_policy_context = +smtpd_policy_service_request_limit = 0 +smtpd_policy_service_retry_delay = 1s +smtpd_policy_service_timeout = 100s +smtpd_policy_service_try_limit = 2 +smtpd_proxy_ehlo = $myhostname +smtpd_proxy_filter = +smtpd_proxy_options = +smtpd_proxy_timeout = 100s +smtpd_recipient_limit = 1000 +smtpd_recipient_overshoot_limit = 1000 +smtpd_recipient_restrictions = +smtpd_reject_footer = +smtpd_reject_footer_maps = +smtpd_reject_unlisted_recipient = yes +smtpd_reject_unlisted_sender = no +smtpd_relay_before_recipient_restrictions = ${{$compatibility_level} =TLSv1 +smtpd_tls_protocols = >=TLSv1 +smtpd_tls_received_header = no +smtpd_tls_req_ccert = no +smtpd_tls_security_level = +smtpd_tls_session_cache_database = +smtpd_tls_session_cache_timeout = 3600s +smtpd_tls_wrappermode = no +smtpd_upstream_proxy_protocol = +smtpd_upstream_proxy_timeout = 5s +smtpd_use_tls = no +smtputf8_autodetect_classes = sendmail, verify +smtputf8_enable = ${{$compatibility_level} Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_privs. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:$config_directory/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/local/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/local/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/local/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = maildrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/local/share/doc/postfix + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/local/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /usr/local/etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/local/share/doc/postfix +inet_protocols = all + +# smtp CA path (default to system-wide location) +smtp_tls_CApath = /etc/ssl/certs +shlib_directory = /usr/local/lib/postfix +meta_directory = /usr/local/libexec/postfix diff --git a/master.cf b/master.cf new file mode 100644 index 0000000..710c78a --- /dev/null +++ b/master.cf @@ -0,0 +1,152 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +# Choose one: enable submission for loopback clients only, or for any client. +#127.0.0.1:submission inet n - n - - smtpd +submission inet n - n - - smtpd + -o smtpd_sasl_auth_enable=yes + -o smtpd_tls_security_level=encrypt + -o smtpd_tls_auth_only=yes + -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +#submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +# Choose one: enable submissions for loopback clients only, or for any client. +#127.0.0.1:submissions inet n - n - - smtpd +#submissions inet n - n - - smtpd +# -o syslog_name=postfix/submissions +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp + -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/master.cf.sample b/master.cf.sample new file mode 100644 index 0000000..abd6dae --- /dev/null +++ b/master.cf.sample @@ -0,0 +1,147 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +# Choose one: enable submission for loopback clients only, or for any client. +#127.0.0.1:submission inet n - n - - smtpd +#submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +# Choose one: enable submissions for loopback clients only, or for any client. +#127.0.0.1:submissions inet n - n - - smtpd +#submissions inet n - n - - smtpd +# -o syslog_name=postfix/submissions +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp + -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/pgsql_virtual_alias_maps.cf b/pgsql_virtual_alias_maps.cf new file mode 100644 index 0000000..249d0d2 --- /dev/null +++ b/pgsql_virtual_alias_maps.cf @@ -0,0 +1,4 @@ +user = postfix +hosts = 127.0.0.1:16458 +dbname = postfix +query = SELECT goto FROM alias WHERE address='%s' AND active='true' diff --git a/pgsql_virtual_mailbox_maps.cf b/pgsql_virtual_mailbox_maps.cf new file mode 100644 index 0000000..ffb0b38 --- /dev/null +++ b/pgsql_virtual_mailbox_maps.cf @@ -0,0 +1,4 @@ +user = postfix +hosts = 127.0.0.1:16458 +dbname = postfix +query = SELECT maildir FROM mailbox WHERE username='%s' AND active='true' diff --git a/relocated b/relocated new file mode 100644 index 0000000..9c262ce --- /dev/null +++ b/relocated @@ -0,0 +1,178 @@ +# RELOCATED(5) RELOCATED(5) +# +# NAME +# relocated - Postfix relocated table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/relocated +# +# DESCRIPTION +# The optional relocated(5) table provides the information +# that is used in "user has moved to new_location" bounce +# messages. +# +# Normally, the relocated(5) table is specified as a text +# file that serves as input to the postmap(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast searching by the mail system. Execute the command +# "postmap /usr/local/etc/postfix/relocated" to rebuild an indexed +# file after changing the corresponding relocated table. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to a TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". +# +# Table lookups are case insensitive. +# +# CASE FOLDING +# The search string is folded to lowercase before database +# lookup. As of Postfix 2.3, the search string is not case +# folded with database types such as regexp: or pcre: whose +# lookup fields can match both upper and lower case. +# +# TABLE FORMAT +# The input format for the postmap(1) command is as follows: +# +# o An entry has one of the following form: +# +# pattern new_location +# +# Where new_location specifies contact information +# such as an email address, or perhaps a street +# address or telephone number. +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# TABLE SEARCH ORDER +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, patterns are +# tried in the order as listed below: +# +# user@domain +# Matches user@domain. This form has precedence over +# all other forms. +# +# user Matches user@site when site is $myorigin, when site +# is listed in $mydestination, or when site is listed +# in $inet_interfaces or $proxy_interfaces. +# +# @domain +# Matches other addresses in domain. This form has +# the lowest precedence. +# +# ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, user+foo, user, and +# @domain. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions or +# when lookups are directed to a TCP-based server. For a +# description of regular expression lookup table syntax, see +# regexp_table(5) or pcre_table(5). For a description of the +# TCP client/server table lookup protocol, see tcp_table(5). +# This feature is available in Postfix 2.5 and later. +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, user@domain mail +# addresses are not broken up into their user and @domain +# constituent parts, nor is user+foo broken up into user and +# foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is available in Postfix 2.5 and +# later. +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# +# BUGS +# The table format does not understand quoting conventions. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# relocated_maps (empty) +# Optional lookup tables with new contact information +# for users or domains that no longer exist. +# +# Other parameters of interest: +# +# inet_interfaces (all) +# The local network interface addresses that this +# mail system receives mail on. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# proxy_interfaces (empty) +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or +# network address translation unit. +# +# SEE ALSO +# trivial-rewrite(8), address resolver +# postmap(1), Postfix lookup table manager +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# ADDRESS_REWRITING_README, address rewriting guide +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# RELOCATED(5) diff --git a/relocated.sample b/relocated.sample new file mode 100644 index 0000000..9c262ce --- /dev/null +++ b/relocated.sample @@ -0,0 +1,178 @@ +# RELOCATED(5) RELOCATED(5) +# +# NAME +# relocated - Postfix relocated table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/relocated +# +# DESCRIPTION +# The optional relocated(5) table provides the information +# that is used in "user has moved to new_location" bounce +# messages. +# +# Normally, the relocated(5) table is specified as a text +# file that serves as input to the postmap(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast searching by the mail system. Execute the command +# "postmap /usr/local/etc/postfix/relocated" to rebuild an indexed +# file after changing the corresponding relocated table. +# +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to a TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". +# +# Table lookups are case insensitive. +# +# CASE FOLDING +# The search string is folded to lowercase before database +# lookup. As of Postfix 2.3, the search string is not case +# folded with database types such as regexp: or pcre: whose +# lookup fields can match both upper and lower case. +# +# TABLE FORMAT +# The input format for the postmap(1) command is as follows: +# +# o An entry has one of the following form: +# +# pattern new_location +# +# Where new_location specifies contact information +# such as an email address, or perhaps a street +# address or telephone number. +# +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character +# is a `#'. +# +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- +# cal line. +# +# TABLE SEARCH ORDER +# With lookups from indexed files such as DB or DBM, or from +# networked tables such as NIS, LDAP or SQL, patterns are +# tried in the order as listed below: +# +# user@domain +# Matches user@domain. This form has precedence over +# all other forms. +# +# user Matches user@site when site is $myorigin, when site +# is listed in $mydestination, or when site is listed +# in $inet_interfaces or $proxy_interfaces. +# +# @domain +# Matches other addresses in domain. This form has +# the lowest precedence. +# +# ADDRESS EXTENSION +# When a mail address localpart contains the optional recip- +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, user+foo, user, and +# @domain. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions or +# when lookups are directed to a TCP-based server. For a +# description of regular expression lookup table syntax, see +# regexp_table(5) or pcre_table(5). For a description of the +# TCP client/server table lookup protocol, see tcp_table(5). +# This feature is available in Postfix 2.5 and later. +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, user@domain mail +# addresses are not broken up into their user and @domain +# constituent parts, nor is user+foo broken up into user and +# foo. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from +# the pattern can be interpolated as $1, $2 and so on. +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is available in Postfix 2.5 and +# later. +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# +# BUGS +# The table format does not understand quoting conventions. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# relocated_maps (empty) +# Optional lookup tables with new contact information +# for users or domains that no longer exist. +# +# Other parameters of interest: +# +# inet_interfaces (all) +# The local network interface addresses that this +# mail system receives mail on. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# proxy_interfaces (empty) +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or +# network address translation unit. +# +# SEE ALSO +# trivial-rewrite(8), address resolver +# postmap(1), Postfix lookup table manager +# postconf(5), configuration parameters +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# DATABASE_README, Postfix lookup table overview +# ADDRESS_REWRITING_README, address rewriting guide +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# RELOCATED(5) diff --git a/transport b/transport new file mode 100644 index 0000000..c6e84dd --- /dev/null +++ b/transport @@ -0,0 +1,317 @@ +# TRANSPORT(5) TRANSPORT(5) +# +# NAME +# transport - Postfix transport table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/transport +# +# postmap -q "string" /usr/local/etc/postfix/transport +# +# postmap -q - /usr/local/etc/postfix/transport = 3.5): +# +# example.com smtp:bar.example, foo.example +# +# This tries to deliver to bar.example before trying to +# deliver to foo.example. +# +# The error mailer can be used to bounce mail: +# +# .example.com error:mail for *.example.com is not deliverable +# +# This causes all mail for user@anything.example.com to be +# bounced. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# The trivial-rewrite(8) server disallows regular expression +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix +# version 2.3 and later). +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire recipient address +# once. Thus, some.domain.hierarchy is not looked up via +# its parent domains, nor is user+foo@domain looked up as +# user@domain. +# +# Results are the same as with indexed file lookups. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# empty_address_recipient (MAILER-DAEMON) +# The recipient of mail addressed to the null +# address. +# +# parent_domain_matches_subdomains (see 'postconf -d' out- +# put) +# A list of Postfix features where the pattern "exam- +# ple.com" also matches subdomains of example.com, +# instead of requiring an explicit ".example.com" +# pattern. +# +# transport_maps (empty) +# Optional lookup tables with mappings from recipient +# address to (message delivery transport, next-hop +# destination). +# +# SEE ALSO +# trivial-rewrite(8), rewrite and resolve addresses +# master(5), master.cf file format +# postconf(5), configuration parameters +# postmap(1), Postfix lookup table manager +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# ADDRESS_REWRITING_README, address rewriting guide +# DATABASE_README, Postfix lookup table overview +# FILTER_README, external content filter +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# TRANSPORT(5) diff --git a/transport.sample b/transport.sample new file mode 100644 index 0000000..c6e84dd --- /dev/null +++ b/transport.sample @@ -0,0 +1,317 @@ +# TRANSPORT(5) TRANSPORT(5) +# +# NAME +# transport - Postfix transport table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/transport +# +# postmap -q "string" /usr/local/etc/postfix/transport +# +# postmap -q - /usr/local/etc/postfix/transport = 3.5): +# +# example.com smtp:bar.example, foo.example +# +# This tries to deliver to bar.example before trying to +# deliver to foo.example. +# +# The error mailer can be used to bounce mail: +# +# .example.com error:mail for *.example.com is not deliverable +# +# This causes all mail for user@anything.example.com to be +# bounced. +# +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). +# +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. +# +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search +# string. +# +# The trivial-rewrite(8) server disallows regular expression +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix +# version 2.3 and later). +# +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see tcp_ta- +# ble(5). This feature is not available up to and including +# Postfix version 2.4. +# +# Each lookup operation uses the entire recipient address +# once. Thus, some.domain.hierarchy is not looked up via +# its parent domains, nor is user+foo@domain looked up as +# user@domain. +# +# Results are the same as with indexed file lookups. +# +# CONFIGURATION PARAMETERS +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See +# postconf(5) for more details including examples. +# +# empty_address_recipient (MAILER-DAEMON) +# The recipient of mail addressed to the null +# address. +# +# parent_domain_matches_subdomains (see 'postconf -d' out- +# put) +# A list of Postfix features where the pattern "exam- +# ple.com" also matches subdomains of example.com, +# instead of requiring an explicit ".example.com" +# pattern. +# +# transport_maps (empty) +# Optional lookup tables with mappings from recipient +# address to (message delivery transport, next-hop +# destination). +# +# SEE ALSO +# trivial-rewrite(8), rewrite and resolve addresses +# master(5), master.cf file format +# postconf(5), configuration parameters +# postmap(1), Postfix lookup table manager +# +# README FILES +# Use "postconf readme_directory" or "postconf html_direc- +# tory" to locate this information. +# ADDRESS_REWRITING_README, address rewriting guide +# DATABASE_README, Postfix lookup table overview +# FILTER_README, external content filter +# +# LICENSE +# The Secure Mailer license must be distributed with this +# software. +# +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# +# TRANSPORT(5) diff --git a/virtual b/virtual new file mode 100644 index 0000000..89b37b9 --- /dev/null +++ b/virtual @@ -0,0 +1,329 @@ +# VIRTUAL(5) VIRTUAL(5) +# +# NAME +# virtual - Postfix virtual alias table format +# +# SYNOPSIS +# postmap /usr/local/etc/postfix/virtual +# +# postmap -q "string" /usr/local/etc/postfix/virtual +# +# postmap -q - /usr/local/etc/postfix/virtual