Service-Configs-FreeBSD/postfix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

main.cf add opendkim support

Browse Source
This commit is contained in:
PIVODEVAT
2025-09-25 03:48:00 +03:00
parent 61f90ee217
commit c2f7ea2203
12 changed files with 406 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
access
View File

@ -349,95 +349,101 @@
# recipient(s). When multiple REDIRECT actions fire, # recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect. # only the last one takes effect.
# #
# Note: this action overrides the FILTER action, and # Note 1: this action overrides the FILTER action,
# currently overrides all recipients of the message. # and currently overrides all recipients of the mes-
# sage.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# INFO optional text... # INFO optional text...
# Log an informational record with the optional text, # Log an informational record with the optional text,
# together with client information and if available, # together with client information and if available,
# with helo, sender, recipient and protocol informa- # with helo, sender, recipient and protocol informa-
# tion. # tion.
# #
# This feature is available in Postfix 3.0 and later. # This feature is available in Postfix 3.0 and later.
# #
# WARN optional text... # WARN optional text...
# Log a warning with the optional text, together with # Log a warning with the optional text, together with
# client information and if available, with helo, # client information and if available, with helo,
# sender, recipient and protocol information. # sender, recipient and protocol information.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# ENHANCED STATUS CODES # ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status # Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status # codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to # code is specified in an access table, it is subject to
# modification. The following transformations are needed # modification. The following transformations are needed
# when the same access table is used for client, helo, # when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen # sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT # regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command. # TO or other SMTP command.
# #
# o When a sender address matches a REJECT action, the # o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN # Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding # status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa. # sender DSN status, and vice versa.
# #
# o When non-address information matches a REJECT # o When non-address information matches a REJECT
# action (such as the HELO command argument or the # action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server # client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status # will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g., # into a generic non-address DSN status (e.g.,
# 4.0.0). # 4.0.0).
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli- # the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an # cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus, # entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done, # no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their # user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken # user@ and domain constituent parts, nor is user+foo broken
# up into user and foo. # up into user and foo.
# #
# Patterns are applied in the order as specified in the ta- # Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search # ble, until a pattern is found that matches the search
# string. # string.
# #
# Actions are the same as with indexed file lookups, with # Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from # the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on. # the pattern can be interpolated as $1, $2 and so on.
# #
# TCP-BASED TABLES # TCP-BASED TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip- # lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta- # tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including # ble(5). This feature is not available up to and including
# Postfix version 2.4. # Postfix version 2.4.
# #
# Each lookup operation uses the entire query string once. # Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire # Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire # client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network # mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken # search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is # up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo. # user+foo broken up into user and foo.
# #
# Actions are the same as with indexed file lookups. # Actions are the same as with indexed file lookups.
# #
# EXAMPLE # EXAMPLE
# The following example uses an indexed file, so that the # The following example uses an indexed file, so that the
# order of table entries does not matter. The example per- # order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects # mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup # all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf # tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on # -m" to find out what lookup tables Postfix supports on
# your system. # your system.
# #
# /usr/local/etc/postfix/main.cf: # /usr/local/etc/postfix/main.cf:
@ -448,11 +454,11 @@
# 1.2.3 REJECT # 1.2.3 REJECT
# 1.2.3.4 OK # 1.2.3.4 OK
# #
# Execute the command "postmap /usr/local/etc/postfix/access" after # Execute the command "postmap /usr/local/etc/postfix/access" after
# editing the file. # editing the file.
# #
# BUGS # BUGS
# The table format does not understand quoting conventions. # The table format does not understand quoting conventions.
# #
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table manager # postmap(1), Postfix lookup table manager
@ -461,13 +467,13 @@
# transport(5), transport:nexthop syntax # transport(5), transport:nexthop syntax
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control # SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

94
access.sample
View File

@ -349,95 +349,101 @@
# recipient(s). When multiple REDIRECT actions fire, # recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect. # only the last one takes effect.
# #
# Note: this action overrides the FILTER action, and # Note 1: this action overrides the FILTER action,
# currently overrides all recipients of the message. # and currently overrides all recipients of the mes-
# sage.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# INFO optional text... # INFO optional text...
# Log an informational record with the optional text, # Log an informational record with the optional text,
# together with client information and if available, # together with client information and if available,
# with helo, sender, recipient and protocol informa- # with helo, sender, recipient and protocol informa-
# tion. # tion.
# #
# This feature is available in Postfix 3.0 and later. # This feature is available in Postfix 3.0 and later.
# #
# WARN optional text... # WARN optional text...
# Log a warning with the optional text, together with # Log a warning with the optional text, together with
# client information and if available, with helo, # client information and if available, with helo,
# sender, recipient and protocol information. # sender, recipient and protocol information.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# ENHANCED STATUS CODES # ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status # Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status # codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to # code is specified in an access table, it is subject to
# modification. The following transformations are needed # modification. The following transformations are needed
# when the same access table is used for client, helo, # when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen # sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT # regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command. # TO or other SMTP command.
# #
# o When a sender address matches a REJECT action, the # o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN # Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding # status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa. # sender DSN status, and vice versa.
# #
# o When non-address information matches a REJECT # o When non-address information matches a REJECT
# action (such as the HELO command argument or the # action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server # client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status # will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g., # into a generic non-address DSN status (e.g.,
# 4.0.0). # 4.0.0).
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli- # the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an # cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus, # entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done, # no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their # user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken # user@ and domain constituent parts, nor is user+foo broken
# up into user and foo. # up into user and foo.
# #
# Patterns are applied in the order as specified in the ta- # Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search # ble, until a pattern is found that matches the search
# string. # string.
# #
# Actions are the same as with indexed file lookups, with # Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from # the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on. # the pattern can be interpolated as $1, $2 and so on.
# #
# TCP-BASED TABLES # TCP-BASED TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip- # lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta- # tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including # ble(5). This feature is not available up to and including
# Postfix version 2.4. # Postfix version 2.4.
# #
# Each lookup operation uses the entire query string once. # Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire # Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire # client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network # mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken # search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is # up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo. # user+foo broken up into user and foo.
# #
# Actions are the same as with indexed file lookups. # Actions are the same as with indexed file lookups.
# #
# EXAMPLE # EXAMPLE
# The following example uses an indexed file, so that the # The following example uses an indexed file, so that the
# order of table entries does not matter. The example per- # order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects # mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup # all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf # tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on # -m" to find out what lookup tables Postfix supports on
# your system. # your system.
# #
# /usr/local/etc/postfix/main.cf: # /usr/local/etc/postfix/main.cf:
@ -448,11 +454,11 @@
# 1.2.3 REJECT # 1.2.3 REJECT
# 1.2.3.4 OK # 1.2.3.4 OK
# #
# Execute the command "postmap /usr/local/etc/postfix/access" after # Execute the command "postmap /usr/local/etc/postfix/access" after
# editing the file. # editing the file.
# #
# BUGS # BUGS
# The table format does not understand quoting conventions. # The table format does not understand quoting conventions.
# #
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table manager # postmap(1), Postfix lookup table manager
@ -461,13 +467,13 @@
# transport(5), transport:nexthop syntax # transport(5), transport:nexthop syntax
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control # SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

124
aliases
View File

@ -44,30 +44,36 @@ decode: root
# SYNOPSIS # SYNOPSIS
# newaliases # newaliases
# #
# postalias -q name [file-type]:[file-name]
#
# DESCRIPTION # DESCRIPTION
# The optional aliases(5) table (alias_maps) redirects mail # The optional aliases(5) table (alias_maps) redirects mail
# for local recipients. The redirections are processed by # for local recipients. The redirections are processed by
# the Postfix local(8) delivery agent. # the Postfix local(8) delivery agent. This table is always
# searched with an email address localpart (no domain por-
# tion).
# #
# This is unlike virtual(5) aliasing (virtual_alias_maps) # This is unlike virtual(5) aliasing (virtual_alias_maps)
# which applies to all recipients: local(8), virtual, and # which applies to all recipients: local(8), virtual, and
# remote, and which is implemented by the cleanup(8) daemon. # remote, and which is implemented by the cleanup(8) daemon.
# That table is often searched with a full email address
# (including domain).
# #
# Normally, the aliases(5) table is specified as a text file # Normally, the aliases(5) table is specified as a text file
# that serves as input to the postalias(1) command. The # that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for # result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command # fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after # newaliases in order to rebuild the indexed file after
# changing the Postfix alias database. # changing the Postfix alias database.
# #
# When the table is provided via other means such as NIS, # When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary # LDAP or SQL, the same lookups are done as for ordinary
# indexed files. # indexed files.
# #
# Alternatively, the table can be provided as a regu- # Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular # lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a # expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR # slightly different way as described below under "REGULAR
# EXPRESSION TABLES". # EXPRESSION TABLES".
# #
# Users can control delivery of their own mail by setting up # Users can control delivery of their own mail by setting up
@ -81,63 +87,64 @@ decode: root
# #
# name: value1, value2, ... # name: value1, value2, ...
# #
# o Empty lines and whitespace-only lines are ignored, # o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character # as are lines whose first non-whitespace character
# is a `#'. # is a `#'.
# #
# o A logical line starts with non-whitespace text. A # o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi- # line that starts with whitespace continues a logi-
# cal line. # cal line.
# #
# The name is a local address (no domain part). Use double # The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such # quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to # as whitespace, `#', `:', or `@'. The name is folded to
# lowercase, in order to make database lookups case insensi- # lowercase, in order to make database lookups case insensi-
# tive. # tive.
# #
# In addition, when an alias exists for owner-name, this # In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv- # will override the envelope sender address, so that deliv-
# ery diagnostics are directed to owner-name, instead of the # ery diagnostics are directed to owner-name, instead of the
# originator of the message (for details, see # originator of the message (for details, see
# owner_request_special, expand_owner_alias and # owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct # reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who # delivery errors to the maintainer of a mailing list, who
# is in a better position to deal with mailing list delivery # is in a better position to deal with mailing list delivery
# problems than the originator of the undelivered mail. # problems than the originator of the undelivered mail.
# #
# The value contains one or more of the following: # The value contains one or more of the following:
# #
# address # address
# Mail is forwarded to address, which is compatible # Mail is forwarded to address, which is compatible
# with the RFC 822 standard. # with the RFC 822 standard.
# #
# /file/name # /file/name
# Mail is appended to /file/name. For details on how # Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE # a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8) # DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular # documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail, # files. For example, to dispose of unwanted mail,
# deflect it to /dev/null. # deflect it to /dev/null.
# #
# |command # |command
# Mail is piped into command. Commands that contain # Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be # special characters, such as whitespace, should be
# enclosed between double quotes. For details on how # enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV- # a command is executed see "EXTERNAL COMMAND DELIV-
# ERY" and "DELIVERY RIGHTS" in the local(8) documen- # ERY" and "DELIVERY RIGHTS" in the local(8) documen-
# tation. # tation.
# #
# When the command fails, a limited amount of command # When the command fails, a limited amount of command
# output is mailed back to the sender. The file # output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit # /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu- # status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to # late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole. # implement an expensive black hole.
# #
# :include:/file/name # :include:/file/name
# Mail is sent to the destinations listed in the # Mail is sent to the destinations listed in the
# named file. Lines in :include: files have the same # named file. Lines in :include: files have the same
# syntax as the right-hand side of alias entries. # syntax as the right-hand side of aliases(5)
# entries.
# #
# A destination can be any destination that is # A destination can be any destination that is
# described in this manual page. However, delivery to # described in this manual page. However, delivery to
@ -199,46 +206,49 @@ decode: root
# updated with "newaliases" or with "sendmail -bi". # updated with "newaliases" or with "sendmail -bi".
# #
# alias_maps (see 'postconf -d' output) # alias_maps (see 'postconf -d' output)
# Optional lookup tables with aliases that apply only # Optional lookup tables that are searched only with
# to local(8) recipients; this is unlike vir- # an email address localpart (no domain) and that
# tual_alias_maps that apply to all recipients: # apply only to local(8) recipients; this is unlike
# local(8), virtual, and remote. # virtual_alias_maps that are often searched with a
# full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote.
# #
# allow_mail_to_commands (alias, forward) # allow_mail_to_commands (alias, forward)
# Restrict local(8) mail delivery to external com- # Restrict local(8) mail delivery to external com-
# mands. # mands.
# #
# allow_mail_to_files (alias, forward) # allow_mail_to_files (alias, forward)
# Restrict local(8) mail delivery to external files. # Restrict local(8) mail delivery to external files.
# #
# expand_owner_alias (no) # expand_owner_alias (no)
# When delivering to an alias "aliasname" that has an # When delivering to an alias "aliasname" that has an
# "owner-aliasname" companion alias, set the envelope # "owner-aliasname" companion alias, set the envelope
# sender address to the expansion of the # sender address to the expansion of the
# "owner-aliasname" alias. # "owner-aliasname" alias.
# #
# propagate_unmatched_extensions (canonical, virtual) # propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten- # What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result. # sion from the lookup key to the lookup result.
# #
# owner_request_special (yes) # owner_request_special (yes)
# Enable special treatment for owner-listname entries # Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list- # in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when # name and listname-request address localparts when
# the recipient_delimiter is set to "-". # the recipient_delimiter is set to "-".
# #
# recipient_delimiter (empty) # recipient_delimiter (empty)
# The set of characters that can separate an email # The set of characters that can separate an email
# address localpart, user name, or a .forward file # address localpart, user name, or a .forward file
# name from its extension. # name from its extension.
# #
# Available in Postfix version 2.3 and later: # Available in Postfix version 2.3 and later:
# #
# frozen_delivered_to (yes) # frozen_delivered_to (yes)
# Update the local(8) delivery agent's idea of the # Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv- # Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery # ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address # attempt; do not update the Delivered-To: address
# while expanding aliases or .forward files. # while expanding aliases or .forward files.
# #
# STANDARDS # STANDARDS
@ -251,12 +261,12 @@ decode: root
# postconf(5), configuration parameters # postconf(5), configuration parameters
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

124
aliases.sample
View File

@ -44,30 +44,36 @@ decode: root
# SYNOPSIS # SYNOPSIS
# newaliases # newaliases
# #
# postalias -q name [file-type]:[file-name]
#
# DESCRIPTION # DESCRIPTION
# The optional aliases(5) table (alias_maps) redirects mail # The optional aliases(5) table (alias_maps) redirects mail
# for local recipients. The redirections are processed by # for local recipients. The redirections are processed by
# the Postfix local(8) delivery agent. # the Postfix local(8) delivery agent. This table is always
# searched with an email address localpart (no domain por-
# tion).
# #
# This is unlike virtual(5) aliasing (virtual_alias_maps) # This is unlike virtual(5) aliasing (virtual_alias_maps)
# which applies to all recipients: local(8), virtual, and # which applies to all recipients: local(8), virtual, and
# remote, and which is implemented by the cleanup(8) daemon. # remote, and which is implemented by the cleanup(8) daemon.
# That table is often searched with a full email address
# (including domain).
# #
# Normally, the aliases(5) table is specified as a text file # Normally, the aliases(5) table is specified as a text file
# that serves as input to the postalias(1) command. The # that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for # result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command # fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after # newaliases in order to rebuild the indexed file after
# changing the Postfix alias database. # changing the Postfix alias database.
# #
# When the table is provided via other means such as NIS, # When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary # LDAP or SQL, the same lookups are done as for ordinary
# indexed files. # indexed files.
# #
# Alternatively, the table can be provided as a regu- # Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular # lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a # expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR # slightly different way as described below under "REGULAR
# EXPRESSION TABLES". # EXPRESSION TABLES".
# #
# Users can control delivery of their own mail by setting up # Users can control delivery of their own mail by setting up
@ -81,63 +87,64 @@ decode: root
# #
# name: value1, value2, ... # name: value1, value2, ...
# #
# o Empty lines and whitespace-only lines are ignored, # o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character # as are lines whose first non-whitespace character
# is a `#'. # is a `#'.
# #
# o A logical line starts with non-whitespace text. A # o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi- # line that starts with whitespace continues a logi-
# cal line. # cal line.
# #
# The name is a local address (no domain part). Use double # The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such # quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to # as whitespace, `#', `:', or `@'. The name is folded to
# lowercase, in order to make database lookups case insensi- # lowercase, in order to make database lookups case insensi-
# tive. # tive.
# #
# In addition, when an alias exists for owner-name, this # In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv- # will override the envelope sender address, so that deliv-
# ery diagnostics are directed to owner-name, instead of the # ery diagnostics are directed to owner-name, instead of the
# originator of the message (for details, see # originator of the message (for details, see
# owner_request_special, expand_owner_alias and # owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct # reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who # delivery errors to the maintainer of a mailing list, who
# is in a better position to deal with mailing list delivery # is in a better position to deal with mailing list delivery
# problems than the originator of the undelivered mail. # problems than the originator of the undelivered mail.
# #
# The value contains one or more of the following: # The value contains one or more of the following:
# #
# address # address
# Mail is forwarded to address, which is compatible # Mail is forwarded to address, which is compatible
# with the RFC 822 standard. # with the RFC 822 standard.
# #
# /file/name # /file/name
# Mail is appended to /file/name. For details on how # Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE # a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8) # DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular # documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail, # files. For example, to dispose of unwanted mail,
# deflect it to /dev/null. # deflect it to /dev/null.
# #
# |command # |command
# Mail is piped into command. Commands that contain # Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be # special characters, such as whitespace, should be
# enclosed between double quotes. For details on how # enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV- # a command is executed see "EXTERNAL COMMAND DELIV-
# ERY" and "DELIVERY RIGHTS" in the local(8) documen- # ERY" and "DELIVERY RIGHTS" in the local(8) documen-
# tation. # tation.
# #
# When the command fails, a limited amount of command # When the command fails, a limited amount of command
# output is mailed back to the sender. The file # output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit # /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu- # status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to # late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole. # implement an expensive black hole.
# #
# :include:/file/name # :include:/file/name
# Mail is sent to the destinations listed in the # Mail is sent to the destinations listed in the
# named file. Lines in :include: files have the same # named file. Lines in :include: files have the same
# syntax as the right-hand side of alias entries. # syntax as the right-hand side of aliases(5)
# entries.
# #
# A destination can be any destination that is # A destination can be any destination that is
# described in this manual page. However, delivery to # described in this manual page. However, delivery to
@ -199,46 +206,49 @@ decode: root
# updated with "newaliases" or with "sendmail -bi". # updated with "newaliases" or with "sendmail -bi".
# #
# alias_maps (see 'postconf -d' output) # alias_maps (see 'postconf -d' output)
# Optional lookup tables with aliases that apply only # Optional lookup tables that are searched only with
# to local(8) recipients; this is unlike vir- # an email address localpart (no domain) and that
# tual_alias_maps that apply to all recipients: # apply only to local(8) recipients; this is unlike
# local(8), virtual, and remote. # virtual_alias_maps that are often searched with a
# full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote.
# #
# allow_mail_to_commands (alias, forward) # allow_mail_to_commands (alias, forward)
# Restrict local(8) mail delivery to external com- # Restrict local(8) mail delivery to external com-
# mands. # mands.
# #
# allow_mail_to_files (alias, forward) # allow_mail_to_files (alias, forward)
# Restrict local(8) mail delivery to external files. # Restrict local(8) mail delivery to external files.
# #
# expand_owner_alias (no) # expand_owner_alias (no)
# When delivering to an alias "aliasname" that has an # When delivering to an alias "aliasname" that has an
# "owner-aliasname" companion alias, set the envelope # "owner-aliasname" companion alias, set the envelope
# sender address to the expansion of the # sender address to the expansion of the
# "owner-aliasname" alias. # "owner-aliasname" alias.
# #
# propagate_unmatched_extensions (canonical, virtual) # propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten- # What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result. # sion from the lookup key to the lookup result.
# #
# owner_request_special (yes) # owner_request_special (yes)
# Enable special treatment for owner-listname entries # Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list- # in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when # name and listname-request address localparts when
# the recipient_delimiter is set to "-". # the recipient_delimiter is set to "-".
# #
# recipient_delimiter (empty) # recipient_delimiter (empty)
# The set of characters that can separate an email # The set of characters that can separate an email
# address localpart, user name, or a .forward file # address localpart, user name, or a .forward file
# name from its extension. # name from its extension.
# #
# Available in Postfix version 2.3 and later: # Available in Postfix version 2.3 and later:
# #
# frozen_delivered_to (yes) # frozen_delivered_to (yes)
# Update the local(8) delivery agent's idea of the # Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv- # Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery # ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address # attempt; do not update the Delivered-To: address
# while expanding aliases or .forward files. # while expanding aliases or .forward files.
# #
# STANDARDS # STANDARDS
@ -251,12 +261,12 @@ decode: root
# postconf(5), configuration parameters # postconf(5), configuration parameters
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

95
header_checks
View File

@ -346,10 +346,15 @@
# message is queued, it will be sent to the specified # message is queued, it will be sent to the specified
# address instead of the intended recipient(s). # address instead of the intended recipient(s).
# #
# Note: this action overrides the FILTER action, and # Note 1: this action overrides the FILTER action,
# affects all recipients of the message. If multiple # and affects all recipients of the message. If mul-
# REDIRECT actions fire, only the last one is exe- # tiple REDIRECT actions fire, only the last one is
# cuted. # executed.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
@ -357,34 +362,34 @@
# checks. # checks.
# #
# REPLACE text... # REPLACE text...
# Replace the current line with the specified text, # Replace the current line with the specified text,
# and inspect the next input line. # and inspect the next input line.
# #
# This feature is available in Postfix 2.2 and later. # This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and # The description below applies to Postfix 2.2.2 and
# later. # later.
# #
# Notes: # Notes:
# #
# o When replacing a message header line, the # o When replacing a message header line, the
# replacement text must begin with a valid # replacement text must begin with a valid
# header label. # header label.
# #
# o The replaced text remains part of the input # o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND # stream. Unlike the result from the PREPEND
# action, a replaced message header may be # action, a replaced message header may be
# subject to address rewriting and may affect # subject to address rewriting and may affect
# the way that Postfix adds missing message # the way that Postfix adds missing message
# headers. # headers.
# #
# REJECT optional text... # REJECT optional text...
# Reject the entire message. Do not inspect the # Reject the entire message. Do not inspect the
# remainder of the input message. Reply with # remainder of the input message. Reply with
# optional text... when the optional text is speci- # optional text... when the optional text is speci-
# fied, otherwise reply with a generic error message. # fied, otherwise reply with a generic error message.
# #
# Note: this action disables further header or # Note: this action disables further header or
# body_checks inspection of the current message and # body_checks inspection of the current message and
# affects all recipients. # affects all recipients.
# #
# Postfix version 2.3 and later support enhanced sta- # Postfix version 2.3 and later support enhanced sta-
@ -398,80 +403,80 @@
# STRIP optional text... # STRIP optional text...
# Log a "strip:" record with the optional text... (or # Log a "strip:" record with the optional text... (or
# log a generic text), delete the input line from the # log a generic text), delete the input line from the
# input, and inspect the next input line. See IGNORE # input, and inspect the next input line. See IGNORE
# for a silent alternative. # for a silent alternative.
# #
# This feature is available in Postfix 3.2 and later. # This feature is available in Postfix 3.2 and later.
# #
# WARN optional text... # WARN optional text...
# Log a "warning:" record with the optional text... # Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input # (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for # line. This action is useful for debugging and for
# testing a pattern before applying more drastic # testing a pattern before applying more drastic
# actions. # actions.
# #
# BUGS # BUGS
# Empty lines never match, because some map types mis-behave # Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation # when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future # may be removed for regular expression tables in a future
# release. # release.
# #
# Many people overlook the main limitations of header and # Many people overlook the main limitations of header and
# body_checks rules. # body_checks rules.
# #
# o These rules operate on one logical message header # o These rules operate on one logical message header
# or one body line at a time. A decision made for one # or one body line at a time. A decision made for one
# line is not carried over to the next line. # line is not carried over to the next line.
# #
# o If text in the message body is encoded (RFC 2045) # o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded # then the rules need to be specified for the encoded
# form. # form.
# #
# o Likewise, when message headers are encoded (RFC # o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the # 2047) then the rules need to be specified for the
# encoded form. # encoded form.
# #
# Message headers added by the cleanup(8) daemon itself are # Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers # excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:. # are From:, To:, Message-ID:, Date:.
# #
# Message headers deleted by the cleanup(8) daemon will be # Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con- # examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:. # tent-Length:, Return-Path:.
# #
# CONFIGURATION PARAMETERS # CONFIGURATION PARAMETERS
# body_checks (empty) # body_checks (empty)
# Optional lookup tables for content inspection as # Optional lookup tables for content inspection as
# specified in the body_checks(5) manual page. # specified in the body_checks(5) manual page.
# #
# body_checks_size_limit (51200) # body_checks_size_limit (51200)
# How much text in a message body segment (or attach- # How much text in a message body segment (or attach-
# ment, if you prefer to use that term) is subjected # ment, if you prefer to use that term) is subjected
# to body_checks inspection. # to body_checks inspection.
# #
# header_checks (empty) # header_checks (empty)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in # primary non-MIME message headers, as specified in
# the header_checks(5) manual page. # the header_checks(5) manual page.
# #
# mime_header_checks ($header_checks) # mime_header_checks ($header_checks)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# MIME related message headers, as described in the # MIME related message headers, as described in the
# header_checks(5) manual page. # header_checks(5) manual page.
# #
# nested_header_checks ($header_checks) # nested_header_checks ($header_checks)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as # non-MIME message headers in attached messages, as
# described in the header_checks(5) manual page. # described in the header_checks(5) manual page.
# #
# disable_mime_input_processing (no) # disable_mime_input_processing (no)
# Turn off MIME processing while receiving mail. # Turn off MIME processing while receiving mail.
# #
# EXAMPLES # EXAMPLES
# Header pattern to block attachments with bad file name # Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci- # extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern # fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the # into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID # [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings. # strings.
# #
@ -510,7 +515,7 @@
# RFC 2047, message header encoding for non-ASCII text # RFC 2047, message header encoding for non-ASCII text
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview # CONTENT_INSPECTION_README, Postfix content inspection overview
@ -518,7 +523,7 @@
# BACKSCATTER_README, blocking returned forged mail # BACKSCATTER_README, blocking returned forged mail
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

95
header_checks.sample
View File

@ -346,10 +346,15 @@
# message is queued, it will be sent to the specified # message is queued, it will be sent to the specified
# address instead of the intended recipient(s). # address instead of the intended recipient(s).
# #
# Note: this action overrides the FILTER action, and # Note 1: this action overrides the FILTER action,
# affects all recipients of the message. If multiple # and affects all recipients of the message. If mul-
# REDIRECT actions fire, only the last one is exe- # tiple REDIRECT actions fire, only the last one is
# cuted. # executed.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
@ -357,34 +362,34 @@
# checks. # checks.
# #
# REPLACE text... # REPLACE text...
# Replace the current line with the specified text, # Replace the current line with the specified text,
# and inspect the next input line. # and inspect the next input line.
# #
# This feature is available in Postfix 2.2 and later. # This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and # The description below applies to Postfix 2.2.2 and
# later. # later.
# #
# Notes: # Notes:
# #
# o When replacing a message header line, the # o When replacing a message header line, the
# replacement text must begin with a valid # replacement text must begin with a valid
# header label. # header label.
# #
# o The replaced text remains part of the input # o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND # stream. Unlike the result from the PREPEND
# action, a replaced message header may be # action, a replaced message header may be
# subject to address rewriting and may affect # subject to address rewriting and may affect
# the way that Postfix adds missing message # the way that Postfix adds missing message
# headers. # headers.
# #
# REJECT optional text... # REJECT optional text...
# Reject the entire message. Do not inspect the # Reject the entire message. Do not inspect the
# remainder of the input message. Reply with # remainder of the input message. Reply with
# optional text... when the optional text is speci- # optional text... when the optional text is speci-
# fied, otherwise reply with a generic error message. # fied, otherwise reply with a generic error message.
# #
# Note: this action disables further header or # Note: this action disables further header or
# body_checks inspection of the current message and # body_checks inspection of the current message and
# affects all recipients. # affects all recipients.
# #
# Postfix version 2.3 and later support enhanced sta- # Postfix version 2.3 and later support enhanced sta-
@ -398,80 +403,80 @@
# STRIP optional text... # STRIP optional text...
# Log a "strip:" record with the optional text... (or # Log a "strip:" record with the optional text... (or
# log a generic text), delete the input line from the # log a generic text), delete the input line from the
# input, and inspect the next input line. See IGNORE # input, and inspect the next input line. See IGNORE
# for a silent alternative. # for a silent alternative.
# #
# This feature is available in Postfix 3.2 and later. # This feature is available in Postfix 3.2 and later.
# #
# WARN optional text... # WARN optional text...
# Log a "warning:" record with the optional text... # Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input # (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for # line. This action is useful for debugging and for
# testing a pattern before applying more drastic # testing a pattern before applying more drastic
# actions. # actions.
# #
# BUGS # BUGS
# Empty lines never match, because some map types mis-behave # Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation # when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future # may be removed for regular expression tables in a future
# release. # release.
# #
# Many people overlook the main limitations of header and # Many people overlook the main limitations of header and
# body_checks rules. # body_checks rules.
# #
# o These rules operate on one logical message header # o These rules operate on one logical message header
# or one body line at a time. A decision made for one # or one body line at a time. A decision made for one
# line is not carried over to the next line. # line is not carried over to the next line.
# #
# o If text in the message body is encoded (RFC 2045) # o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded # then the rules need to be specified for the encoded
# form. # form.
# #
# o Likewise, when message headers are encoded (RFC # o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the # 2047) then the rules need to be specified for the
# encoded form. # encoded form.
# #
# Message headers added by the cleanup(8) daemon itself are # Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers # excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:. # are From:, To:, Message-ID:, Date:.
# #
# Message headers deleted by the cleanup(8) daemon will be # Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con- # examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:. # tent-Length:, Return-Path:.
# #
# CONFIGURATION PARAMETERS # CONFIGURATION PARAMETERS
# body_checks (empty) # body_checks (empty)
# Optional lookup tables for content inspection as # Optional lookup tables for content inspection as
# specified in the body_checks(5) manual page. # specified in the body_checks(5) manual page.
# #
# body_checks_size_limit (51200) # body_checks_size_limit (51200)
# How much text in a message body segment (or attach- # How much text in a message body segment (or attach-
# ment, if you prefer to use that term) is subjected # ment, if you prefer to use that term) is subjected
# to body_checks inspection. # to body_checks inspection.
# #
# header_checks (empty) # header_checks (empty)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in # primary non-MIME message headers, as specified in
# the header_checks(5) manual page. # the header_checks(5) manual page.
# #
# mime_header_checks ($header_checks) # mime_header_checks ($header_checks)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# MIME related message headers, as described in the # MIME related message headers, as described in the
# header_checks(5) manual page. # header_checks(5) manual page.
# #
# nested_header_checks ($header_checks) # nested_header_checks ($header_checks)
# Optional lookup tables for content inspection of # Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as # non-MIME message headers in attached messages, as
# described in the header_checks(5) manual page. # described in the header_checks(5) manual page.
# #
# disable_mime_input_processing (no) # disable_mime_input_processing (no)
# Turn off MIME processing while receiving mail. # Turn off MIME processing while receiving mail.
# #
# EXAMPLES # EXAMPLES
# Header pattern to block attachments with bad file name # Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci- # extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern # fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the # into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID # [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings. # strings.
# #
@ -510,7 +515,7 @@
# RFC 2047, message header encoding for non-ASCII text # RFC 2047, message header encoding for non-ASCII text
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview # CONTENT_INSPECTION_README, Postfix content inspection overview
@ -518,7 +523,7 @@
# BACKSCATTER_README, blocking returned forged mail # BACKSCATTER_README, blocking returned forged mail
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

6
main.cf
View File

@ -725,3 +725,9 @@ smtpd_recipient_restrictions =
meta_directory = /usr/local/libexec/postfix meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix shlib_directory = /usr/local/lib/postfix
# opendkim
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters

18
main.cf.default
View File

@ -168,6 +168,7 @@ fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes frozen_delivered_to = yes
full_name_encoding_charset = utf-8
hash_queue_depth = 1 hash_queue_depth = 1
hash_queue_names = deferred, defer hash_queue_names = deferred, defer
header_address_token_limit = 10240 header_address_token_limit = 10240
@ -313,6 +314,9 @@ lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_trust_anchor_file = lmtp_tls_trust_anchor_file =
lmtp_tls_verify_cert_match = hostname lmtp_tls_verify_cert_match = hostname
lmtp_tls_wrappermode = no lmtp_tls_wrappermode = no
lmtp_tlsrpt_enable = no
lmtp_tlsrpt_skip_reused_handshakes = yes
lmtp_tlsrpt_socket_name =
lmtp_transport_rate_delay = $default_transport_rate_delay lmtp_transport_rate_delay = $default_transport_rate_delay
lmtp_use_tls = no lmtp_use_tls = no
lmtp_xforward_timeout = 300s lmtp_xforward_timeout = 300s
@ -341,9 +345,9 @@ local_transport_rate_delay = $default_transport_rate_delay
luser_relay = luser_relay =
mail_name = Postfix mail_name = Postfix
mail_owner = postfix mail_owner = postfix
mail_release_date = 20241204 mail_release_date = 20250710
mail_spool_directory = /var/mail mail_spool_directory = /var/mail
mail_version = 3.9.1 mail_version = 3.10.3
mailbox_command = mailbox_command =
mailbox_command_maps = mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock mailbox_delivery_lock = flock, dotlock
@ -653,7 +657,7 @@ smtp_tls_cert_file =
smtp_tls_chain_files = smtp_tls_chain_files =
smtp_tls_ciphers = medium smtp_tls_ciphers = medium
smtp_tls_connection_reuse = no smtp_tls_connection_reuse = no
smtp_tls_dane_insecure_mx_policy = ${{$smtp_tls_security_level} == {dane} ? {dane} : {may}} smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_dcert_file = smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file = smtp_tls_eccert_file =
@ -682,6 +686,9 @@ smtp_tls_session_cache_timeout = 3600s
smtp_tls_trust_anchor_file = smtp_tls_trust_anchor_file =
smtp_tls_verify_cert_match = hostname smtp_tls_verify_cert_match = hostname
smtp_tls_wrappermode = no smtp_tls_wrappermode = no
smtp_tlsrpt_enable = no
smtp_tlsrpt_skip_reused_handshakes = yes
smtp_tlsrpt_socket_name =
smtp_transport_rate_delay = $default_transport_rate_delay smtp_transport_rate_delay = $default_transport_rate_delay
smtp_use_tls = no smtp_use_tls = no
smtp_xforward_timeout = 300s smtp_xforward_timeout = 300s
@ -720,6 +727,7 @@ smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}}
smtpd_hard_error_limit = ${stress?{1}:{20}} smtpd_hard_error_limit = ${stress?{1}:{20}}
smtpd_helo_required = no smtpd_helo_required = no
smtpd_helo_restrictions = smtpd_helo_restrictions =
smtpd_hide_client_session = no
smtpd_history_flush_threshold = 100 smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?{1}:{100}} smtpd_junk_command_limit = ${stress?{1}:{100}}
smtpd_log_access_permit_actions = smtpd_log_access_permit_actions =
@ -805,6 +813,7 @@ smtpd_upstream_proxy_timeout = 5s
smtpd_use_tls = no smtpd_use_tls = no
smtputf8_autodetect_classes = sendmail, verify smtputf8_autodetect_classes = sendmail, verify
smtputf8_enable = ${{$compatibility_level} <level {1} ? {no} : {yes}} smtputf8_enable = ${{$compatibility_level} <level {1} ? {no} : {yes}}
socketmap_max_reply_size = 100000
soft_bounce = no soft_bounce = no
stale_lock_time = 500s stale_lock_time = 500s
stress = stress =
@ -826,7 +835,7 @@ tls_config_name =
tls_daemon_random_bytes = 32 tls_daemon_random_bytes = 32
tls_dane_digests = sha512 sha256 tls_dane_digests = sha512 sha256
tls_disable_workarounds = tls_disable_workarounds =
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1 tls_eecdh_auto_curves = X25519 X448 prime256v1 secp384r1 secp521r1
tls_eecdh_strong_curve = prime256v1 tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1 tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = tls_export_cipherlist =
@ -843,6 +852,7 @@ tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom
tls_required_enable = yes
tls_server_sni_maps = tls_server_sni_maps =
tls_session_ticket_cipher = aes-256-cbc tls_session_ticket_cipher = aes-256-cbc
tls_ssl_options = tls_ssl_options =

6
main.cf.sample
View File

@ -9,7 +9,7 @@
# For common configuration examples, see BASIC_CONFIGURATION_README # For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use # and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to # the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # https://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
# #
# For best results, change no more than 2-3 parameters at a time, # For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change. # and test if Postfix still works after every change.
@ -31,7 +31,7 @@
# #
# The level below is what should be used with new (not upgrade) installs. # The level below is what should be used with new (not upgrade) installs.
# #
compatibility_level = 3.9 compatibility_level = 3.10
# SOFT BOUNCE # SOFT BOUNCE
# #
@ -685,5 +685,5 @@ inet_protocols = all
# smtp CA path (default to system-wide location) # smtp CA path (default to system-wide location)
smtp_tls_CApath = /etc/ssl/certs smtp_tls_CApath = /etc/ssl/certs
shlib_directory = /usr/local/lib/postfix
meta_directory = /usr/local/libexec/postfix meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix

6
master.cf.sample
View File

@ -1,7 +1,7 @@
# #
# Postfix master process configuration file. For details on the format # Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or # of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html). # on-line: https://www.postfix.org/master.5.html).
# #
# Do not forget to execute "postfix reload" after editing this file. # Do not forget to execute "postfix reload" after editing this file.
# #
@ -18,10 +18,12 @@ smtp inet n - n - - smtpd
#127.0.0.1:submission inet n - n - - smtpd #127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd #submission inet n - n - - smtpd
# -o syslog_name=postfix/submission # -o syslog_name=postfix/submission
# -o smtpd_forbid_unauth_pipelining=no
# -o smtpd_tls_security_level=encrypt # -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes # -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all # -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no # -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here, # Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -37,9 +39,11 @@ smtp inet n - n - - smtpd
#127.0.0.1:submissions inet n - n - - smtpd #127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd #submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions # -o syslog_name=postfix/submissions
# -o smtpd_forbid_unauth_pipelining=no
# -o smtpd_tls_wrappermode=yes # -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all # -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no # -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here, # Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"

40
virtual
View File

@ -14,10 +14,12 @@
# The optional virtual(5) alias table (virtual_alias_maps) # The optional virtual(5) alias table (virtual_alias_maps)
# applies to all recipients: local(8), virtual, and remote. # applies to all recipients: local(8), virtual, and remote.
# This feature is implemented in the Postfix cleanup(8) dae- # This feature is implemented in the Postfix cleanup(8) dae-
# mon before mail is queued. # mon before mail is queued. These tables are often queried
# with a full email address (including domain).
# #
# This is unlike the aliases(5) table (alias_maps) which # This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients. # applies only to local(8) recipients. That table is only
# queried with the email address localpart (no domain).
# #
# Virtual aliasing is recursive; to terminate recursion for # Virtual aliasing is recursive; to terminate recursion for
# a specific address, alias that address to itself. # a specific address, alias that address to itself.
@ -256,46 +258,48 @@
# command after a configuration change. # command after a configuration change.
# #
# virtual_alias_maps ($virtual_maps) # virtual_alias_maps ($virtual_maps)
# Optional lookup tables with aliases that apply to # Optional lookup tables that are often searched with
# all recipients: local(8), virtual, and remote; this # a full email address (including domain) and that
# is unlike alias_maps that apply only to local(8) # apply to all recipients: local(8), virtual, and
# recipients. # remote; this is unlike alias_maps that are only
# searched with an email address localpart (no
# domain) and that apply only to local(8) recipients.
# #
# virtual_alias_domains ($virtual_alias_maps) # virtual_alias_domains ($virtual_alias_maps)
# Postfix is the final destination for the specified # Postfix is the final destination for the specified
# list of virtual alias domains, that is, domains for # list of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in # which all addresses are aliased to addresses in
# other local or remote domains. # other local or remote domains.
# #
# propagate_unmatched_extensions (canonical, virtual) # propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten- # What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result. # sion from the lookup key to the lookup result.
# #
# Other parameters of interest: # Other parameters of interest:
# #
# inet_interfaces (all) # inet_interfaces (all)
# The local network interface addresses that this # The local network interface addresses that this
# mail system receives mail on. # mail system receives mail on.
# #
# mydestination ($myhostname, localhost.$mydomain, local- # mydestination ($myhostname, localhost.$mydomain, local-
# host) # host)
# The list of domains that are delivered via the # The list of domains that are delivered via the
# $local_transport mail delivery transport. # $local_transport mail delivery transport.
# #
# myorigin ($myhostname) # myorigin ($myhostname)
# The domain name that locally-posted mail appears to # The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv- # come from, and that locally posted mail is deliv-
# ered to. # ered to.
# #
# owner_request_special (yes) # owner_request_special (yes)
# Enable special treatment for owner-listname entries # Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list- # in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when # name and listname-request address localparts when
# the recipient_delimiter is set to "-". # the recipient_delimiter is set to "-".
# #
# proxy_interfaces (empty) # proxy_interfaces (empty)
# The remote network interface addresses that this # The remote network interface addresses that this
# mail system receives mail on by way of a proxy or # mail system receives mail on by way of a proxy or
# network address translation unit. # network address translation unit.
# #
# SEE ALSO # SEE ALSO
@ -305,14 +309,14 @@
# canonical(5), canonical address mapping # canonical(5), canonical address mapping
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide # ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide # VIRTUAL_README, domain hosting guide
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

40
virtual.sample
View File

@ -14,10 +14,12 @@
# The optional virtual(5) alias table (virtual_alias_maps) # The optional virtual(5) alias table (virtual_alias_maps)
# applies to all recipients: local(8), virtual, and remote. # applies to all recipients: local(8), virtual, and remote.
# This feature is implemented in the Postfix cleanup(8) dae- # This feature is implemented in the Postfix cleanup(8) dae-
# mon before mail is queued. # mon before mail is queued. These tables are often queried
# with a full email address (including domain).
# #
# This is unlike the aliases(5) table (alias_maps) which # This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients. # applies only to local(8) recipients. That table is only
# queried with the email address localpart (no domain).
# #
# Virtual aliasing is recursive; to terminate recursion for # Virtual aliasing is recursive; to terminate recursion for
# a specific address, alias that address to itself. # a specific address, alias that address to itself.
@ -256,46 +258,48 @@
# command after a configuration change. # command after a configuration change.
# #
# virtual_alias_maps ($virtual_maps) # virtual_alias_maps ($virtual_maps)
# Optional lookup tables with aliases that apply to # Optional lookup tables that are often searched with
# all recipients: local(8), virtual, and remote; this # a full email address (including domain) and that
# is unlike alias_maps that apply only to local(8) # apply to all recipients: local(8), virtual, and
# recipients. # remote; this is unlike alias_maps that are only
# searched with an email address localpart (no
# domain) and that apply only to local(8) recipients.
# #
# virtual_alias_domains ($virtual_alias_maps) # virtual_alias_domains ($virtual_alias_maps)
# Postfix is the final destination for the specified # Postfix is the final destination for the specified
# list of virtual alias domains, that is, domains for # list of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in # which all addresses are aliased to addresses in
# other local or remote domains. # other local or remote domains.
# #
# propagate_unmatched_extensions (canonical, virtual) # propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten- # What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result. # sion from the lookup key to the lookup result.
# #
# Other parameters of interest: # Other parameters of interest:
# #
# inet_interfaces (all) # inet_interfaces (all)
# The local network interface addresses that this # The local network interface addresses that this
# mail system receives mail on. # mail system receives mail on.
# #
# mydestination ($myhostname, localhost.$mydomain, local- # mydestination ($myhostname, localhost.$mydomain, local-
# host) # host)
# The list of domains that are delivered via the # The list of domains that are delivered via the
# $local_transport mail delivery transport. # $local_transport mail delivery transport.
# #
# myorigin ($myhostname) # myorigin ($myhostname)
# The domain name that locally-posted mail appears to # The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv- # come from, and that locally posted mail is deliv-
# ered to. # ered to.
# #
# owner_request_special (yes) # owner_request_special (yes)
# Enable special treatment for owner-listname entries # Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list- # in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when # name and listname-request address localparts when
# the recipient_delimiter is set to "-". # the recipient_delimiter is set to "-".
# #
# proxy_interfaces (empty) # proxy_interfaces (empty)
# The remote network interface addresses that this # The remote network interface addresses that this
# mail system receives mail on by way of a proxy or # mail system receives mail on by way of a proxy or
# network address translation unit. # network address translation unit.
# #
# SEE ALSO # SEE ALSO
@ -305,14 +309,14 @@
# canonical(5), canonical address mapping # canonical(5), canonical address mapping
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide # ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide # VIRTUAL_README, domain hosting guide
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)