Service-Configs-FreeBSD/postfix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

main.cf add opendkim support

Browse Source
This commit is contained in:
PIVODEVAT
2025-09-25 03:48:00 +03:00
parent 61f90ee217
commit c2f7ea2203
12 changed files with 406 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
access
View File

@ -349,95 +349,101 @@
# recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect.
#
# Note: this action overrides the FILTER action, and
# currently overrides all recipients of the message.
# Note 1: this action overrides the FILTER action,
# and currently overrides all recipients of the mes-
# sage.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
#
# This feature is available in Postfix 2.1 and later.
#
# INFO optional text...
# Log an informational record with the optional text,
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# tion.
#
# This feature is available in Postfix 3.0 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /usr/local/etc/postfix/main.cf:
@ -448,11 +454,11 @@
# 1.2.3 REJECT
# 1.2.3.4 OK
#
# Execute the command "postmap /usr/local/etc/postfix/access" after
# Execute the command "postmap /usr/local/etc/postfix/access" after
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
@ -461,13 +467,13 @@
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

94
access.sample
View File

@ -349,95 +349,101 @@
# recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect.
#
# Note: this action overrides the FILTER action, and
# currently overrides all recipients of the message.
# Note 1: this action overrides the FILTER action,
# and currently overrides all recipients of the mes-
# sage.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
#
# This feature is available in Postfix 2.1 and later.
#
# INFO optional text...
# Log an informational record with the optional text,
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# tion.
#
# This feature is available in Postfix 3.0 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /usr/local/etc/postfix/main.cf:
@ -448,11 +454,11 @@
# 1.2.3 REJECT
# 1.2.3.4 OK
#
# Execute the command "postmap /usr/local/etc/postfix/access" after
# Execute the command "postmap /usr/local/etc/postfix/access" after
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
@ -461,13 +467,13 @@
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

124
aliases
View File

@ -44,30 +44,36 @@ decode: root
# SYNOPSIS
# newaliases
#
# postalias -q name [file-type]:[file-name]
#
# DESCRIPTION
# The optional aliases(5) table (alias_maps) redirects mail
# for local recipients. The redirections are processed by
# the Postfix local(8) delivery agent.
# the Postfix local(8) delivery agent. This table is always
# searched with an email address localpart (no domain por-
# tion).
#
# This is unlike virtual(5) aliasing (virtual_alias_maps)
# which applies to all recipients: local(8), virtual, and
# remote, and which is implemented by the cleanup(8) daemon.
# That table is often searched with a full email address
# (including domain).
#
# Normally, the aliases(5) table is specified as a text file
# that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after
# that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after
# changing the Postfix alias database.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR
# EXPRESSION TABLES".
#
# Users can control delivery of their own mail by setting up
@ -81,63 +87,64 @@ decode: root
#
# name: value1, value2, ...
#
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to
# The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to
# lowercase, in order to make database lookups case insensi-
# tive.
#
# In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv-
# In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv-
# ery diagnostics are directed to owner-name, instead of the
# originator of the message (for details, see
# owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who
# originator of the message (for details, see
# owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who
# is in a better position to deal with mailing list delivery
# problems than the originator of the undelivered mail.
#
# The value contains one or more of the following:
#
# address
# Mail is forwarded to address, which is compatible
# Mail is forwarded to address, which is compatible
# with the RFC 822 standard.
#
# /file/name
# Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail,
# Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail,
# deflect it to /dev/null.
#
# |command
# Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be
# enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV-
# Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be
# enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV-
# ERY" and "DELIVERY RIGHTS" in the local(8) documen-
# tation.
#
# When the command fails, a limited amount of command
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole.
#
# :include:/file/name
# Mail is sent to the destinations listed in the
# Mail is sent to the destinations listed in the
# named file. Lines in :include: files have the same
# syntax as the right-hand side of alias entries.
# syntax as the right-hand side of aliases(5)
# entries.
#
# A destination can be any destination that is
# described in this manual page. However, delivery to
@ -199,46 +206,49 @@ decode: root
# updated with "newaliases" or with "sendmail -bi".
#
# alias_maps (see 'postconf -d' output)
# Optional lookup tables with aliases that apply only
# to local(8) recipients; this is unlike vir-
# tual_alias_maps that apply to all recipients:
# local(8), virtual, and remote.
# Optional lookup tables that are searched only with
# an email address localpart (no domain) and that
# apply only to local(8) recipients; this is unlike
# virtual_alias_maps that are often searched with a
# full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote.
#
# allow_mail_to_commands (alias, forward)
# Restrict local(8) mail delivery to external com-
# Restrict local(8) mail delivery to external com-
# mands.
#
# allow_mail_to_files (alias, forward)
# Restrict local(8) mail delivery to external files.
# Restrict local(8) mail delivery to external files.
#
# expand_owner_alias (no)
# When delivering to an alias "aliasname" that has an
# "owner-aliasname" companion alias, set the envelope
# sender address to the expansion of the
# sender address to the expansion of the
# "owner-aliasname" alias.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# recipient_delimiter (empty)
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# name from its extension.
#
# Available in Postfix version 2.3 and later:
#
# frozen_delivered_to (yes)
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# while expanding aliases or .forward files.
#
# STANDARDS
@ -251,12 +261,12 @@ decode: root
# postconf(5), configuration parameters
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

124
aliases.sample
View File

@ -44,30 +44,36 @@ decode: root
# SYNOPSIS
# newaliases
#
# postalias -q name [file-type]:[file-name]
#
# DESCRIPTION
# The optional aliases(5) table (alias_maps) redirects mail
# for local recipients. The redirections are processed by
# the Postfix local(8) delivery agent.
# the Postfix local(8) delivery agent. This table is always
# searched with an email address localpart (no domain por-
# tion).
#
# This is unlike virtual(5) aliasing (virtual_alias_maps)
# which applies to all recipients: local(8), virtual, and
# remote, and which is implemented by the cleanup(8) daemon.
# That table is often searched with a full email address
# (including domain).
#
# Normally, the aliases(5) table is specified as a text file
# that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after
# that serves as input to the postalias(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast lookup by the mail system. Execute the command
# newaliases in order to rebuild the indexed file after
# changing the Postfix alias database.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions. In this case, the lookups are done in a
# slightly different way as described below under "REGULAR
# EXPRESSION TABLES".
#
# Users can control delivery of their own mail by setting up
@ -81,63 +87,64 @@ decode: root
#
# name: value1, value2, ...
#
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to
# The name is a local address (no domain part). Use double
# quotes when the name contains any special characters such
# as whitespace, `#', `:', or `@'. The name is folded to
# lowercase, in order to make database lookups case insensi-
# tive.
#
# In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv-
# In addition, when an alias exists for owner-name, this
# will override the envelope sender address, so that deliv-
# ery diagnostics are directed to owner-name, instead of the
# originator of the message (for details, see
# owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who
# originator of the message (for details, see
# owner_request_special, expand_owner_alias and
# reset_owner_alias). This is typically used to direct
# delivery errors to the maintainer of a mailing list, who
# is in a better position to deal with mailing list delivery
# problems than the originator of the undelivered mail.
#
# The value contains one or more of the following:
#
# address
# Mail is forwarded to address, which is compatible
# Mail is forwarded to address, which is compatible
# with the RFC 822 standard.
#
# /file/name
# Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail,
# Mail is appended to /file/name. For details on how
# a file is written see the sections "EXTERNAL FILE
# DELIVERY" and "DELIVERY RIGHTS" in the local(8)
# documentation. Delivery is not limited to regular
# files. For example, to dispose of unwanted mail,
# deflect it to /dev/null.
#
# |command
# Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be
# enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV-
# Mail is piped into command. Commands that contain
# special characters, such as whitespace, should be
# enclosed between double quotes. For details on how
# a command is executed see "EXTERNAL COMMAND DELIV-
# ERY" and "DELIVERY RIGHTS" in the local(8) documen-
# tation.
#
# When the command fails, a limited amount of command
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
# status codes. For example, use "|exit 67" to simu-
# late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole.
#
# :include:/file/name
# Mail is sent to the destinations listed in the
# Mail is sent to the destinations listed in the
# named file. Lines in :include: files have the same
# syntax as the right-hand side of alias entries.
# syntax as the right-hand side of aliases(5)
# entries.
#
# A destination can be any destination that is
# described in this manual page. However, delivery to
@ -199,46 +206,49 @@ decode: root
# updated with "newaliases" or with "sendmail -bi".
#
# alias_maps (see 'postconf -d' output)
# Optional lookup tables with aliases that apply only
# to local(8) recipients; this is unlike vir-
# tual_alias_maps that apply to all recipients:
# local(8), virtual, and remote.
# Optional lookup tables that are searched only with
# an email address localpart (no domain) and that
# apply only to local(8) recipients; this is unlike
# virtual_alias_maps that are often searched with a
# full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote.
#
# allow_mail_to_commands (alias, forward)
# Restrict local(8) mail delivery to external com-
# Restrict local(8) mail delivery to external com-
# mands.
#
# allow_mail_to_files (alias, forward)
# Restrict local(8) mail delivery to external files.
# Restrict local(8) mail delivery to external files.
#
# expand_owner_alias (no)
# When delivering to an alias "aliasname" that has an
# "owner-aliasname" companion alias, set the envelope
# sender address to the expansion of the
# sender address to the expansion of the
# "owner-aliasname" alias.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# recipient_delimiter (empty)
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# name from its extension.
#
# Available in Postfix version 2.3 and later:
#
# frozen_delivered_to (yes)
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# while expanding aliases or .forward files.
#
# STANDARDS
@ -251,12 +261,12 @@ decode: root
# postconf(5), configuration parameters
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

95
header_checks
View File

@ -346,10 +346,15 @@
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
# Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple
# REDIRECT actions fire, only the last one is exe-
# cuted.
# Note 1: this action overrides the FILTER action,
# and affects all recipients of the message. If mul-
# tiple REDIRECT actions fire, only the last one is
# executed.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
#
# This feature is available in Postfix 2.1 and later.
#
@ -357,34 +362,34 @@
# checks.
#
# REPLACE text...
# Replace the current line with the specified text,
# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and
# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
# o When replacing a message header line, the
# replacement text must begin with a valid
# o When replacing a message header line, the
# replacement text must begin with a valid
# header label.
#
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
# Reject the entire message. Do not inspect the
# remainder of the input message. Reply with
# optional text... when the optional text is speci-
# Reject the entire message. Do not inspect the
# remainder of the input message. Reply with
# optional text... when the optional text is speci-
# fied, otherwise reply with a generic error message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
@ -398,80 +403,80 @@
# STRIP optional text...
# Log a "strip:" record with the optional text... (or
# log a generic text), delete the input line from the
# input, and inspect the next input line. See IGNORE
# input, and inspect the next input line. See IGNORE
# for a silent alternative.
#
# This feature is available in Postfix 3.2 and later.
#
# WARN optional text...
# Log a "warning:" record with the optional text...
# Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# actions.
#
# BUGS
# Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# release.
#
# Many people overlook the main limitations of header and
# Many people overlook the main limitations of header and
# body_checks rules.
#
# o These rules operate on one logical message header
# o These rules operate on one logical message header
# or one body line at a time. A decision made for one
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# encoded form.
#
# Message headers added by the cleanup(8) daemon itself are
# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
# Message headers deleted by the cleanup(8) daemon will be
# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# CONFIGURATION PARAMETERS
# body_checks (empty)
# Optional lookup tables for content inspection as
# Optional lookup tables for content inspection as
# specified in the body_checks(5) manual page.
#
# body_checks_size_limit (51200)
# How much text in a message body segment (or attach-
# ment, if you prefer to use that term) is subjected
# ment, if you prefer to use that term) is subjected
# to body_checks inspection.
#
# header_checks (empty)
# Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in
# Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in
# the header_checks(5) manual page.
#
# mime_header_checks ($header_checks)
# Optional lookup tables for content inspection of
# MIME related message headers, as described in the
# Optional lookup tables for content inspection of
# MIME related message headers, as described in the
# header_checks(5) manual page.
#
# nested_header_checks ($header_checks)
# Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as
# Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as
# described in the header_checks(5) manual page.
#
# disable_mime_input_processing (no)
# Turn off MIME processing while receiving mail.
#
# EXAMPLES
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings.
#
@ -510,7 +515,7 @@
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
@ -518,7 +523,7 @@
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

95
header_checks.sample
View File

@ -346,10 +346,15 @@
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
# Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple
# REDIRECT actions fire, only the last one is exe-
# cuted.
# Note 1: this action overrides the FILTER action,
# and affects all recipients of the message. If mul-
# tiple REDIRECT actions fire, only the last one is
# executed.
#
# Note 2: a REDIRECT address is subject to canonical-
# ization (add missing domain) but NOT subject to
# canonical, masquerade, bcc, or virtual alias map-
# ping.
#
# This feature is available in Postfix 2.1 and later.
#
@ -357,34 +362,34 @@
# checks.
#
# REPLACE text...
# Replace the current line with the specified text,
# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and
# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
# o When replacing a message header line, the
# replacement text must begin with a valid
# o When replacing a message header line, the
# replacement text must begin with a valid
# header label.
#
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
# Reject the entire message. Do not inspect the
# remainder of the input message. Reply with
# optional text... when the optional text is speci-
# Reject the entire message. Do not inspect the
# remainder of the input message. Reply with
# optional text... when the optional text is speci-
# fied, otherwise reply with a generic error message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
@ -398,80 +403,80 @@
# STRIP optional text...
# Log a "strip:" record with the optional text... (or
# log a generic text), delete the input line from the
# input, and inspect the next input line. See IGNORE
# input, and inspect the next input line. See IGNORE
# for a silent alternative.
#
# This feature is available in Postfix 3.2 and later.
#
# WARN optional text...
# Log a "warning:" record with the optional text...
# Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# actions.
#
# BUGS
# Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# release.
#
# Many people overlook the main limitations of header and
# Many people overlook the main limitations of header and
# body_checks rules.
#
# o These rules operate on one logical message header
# o These rules operate on one logical message header
# or one body line at a time. A decision made for one
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# encoded form.
#
# Message headers added by the cleanup(8) daemon itself are
# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
# Message headers deleted by the cleanup(8) daemon will be
# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# CONFIGURATION PARAMETERS
# body_checks (empty)
# Optional lookup tables for content inspection as
# Optional lookup tables for content inspection as
# specified in the body_checks(5) manual page.
#
# body_checks_size_limit (51200)
# How much text in a message body segment (or attach-
# ment, if you prefer to use that term) is subjected
# ment, if you prefer to use that term) is subjected
# to body_checks inspection.
#
# header_checks (empty)
# Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in
# Optional lookup tables for content inspection of
# primary non-MIME message headers, as specified in
# the header_checks(5) manual page.
#
# mime_header_checks ($header_checks)
# Optional lookup tables for content inspection of
# MIME related message headers, as described in the
# Optional lookup tables for content inspection of
# MIME related message headers, as described in the
# header_checks(5) manual page.
#
# nested_header_checks ($header_checks)
# Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as
# Optional lookup tables for content inspection of
# non-MIME message headers in attached messages, as
# described in the header_checks(5) manual page.
#
# disable_mime_input_processing (no)
# Turn off MIME processing while receiving mail.
#
# EXAMPLES
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings.
#
@ -510,7 +515,7 @@
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
@ -518,7 +523,7 @@
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

6
main.cf
View File

@ -725,3 +725,9 @@ smtpd_recipient_restrictions =
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
# opendkim
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters

18
main.cf.default
View File

@ -168,6 +168,7 @@ fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
full_name_encoding_charset = utf-8
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
@ -313,6 +314,9 @@ lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_trust_anchor_file =
lmtp_tls_verify_cert_match = hostname
lmtp_tls_wrappermode = no
lmtp_tlsrpt_enable = no
lmtp_tlsrpt_skip_reused_handshakes = yes
lmtp_tlsrpt_socket_name =
lmtp_transport_rate_delay = $default_transport_rate_delay
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
@ -341,9 +345,9 @@ local_transport_rate_delay = $default_transport_rate_delay
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20241204
mail_release_date = 20250710
mail_spool_directory = /var/mail
mail_version = 3.9.1
mail_version = 3.10.3
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock
@ -653,7 +657,7 @@ smtp_tls_cert_file =
smtp_tls_chain_files =
smtp_tls_ciphers = medium
smtp_tls_connection_reuse = no
smtp_tls_dane_insecure_mx_policy = ${{$smtp_tls_security_level} == {dane} ? {dane} : {may}}
smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
@ -682,6 +686,9 @@ smtp_tls_session_cache_timeout = 3600s
smtp_tls_trust_anchor_file =
smtp_tls_verify_cert_match = hostname
smtp_tls_wrappermode = no
smtp_tlsrpt_enable = no
smtp_tlsrpt_skip_reused_handshakes = yes
smtp_tlsrpt_socket_name =
smtp_transport_rate_delay = $default_transport_rate_delay
smtp_use_tls = no
smtp_xforward_timeout = 300s
@ -720,6 +727,7 @@ smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}}
smtpd_hard_error_limit = ${stress?{1}:{20}}
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_hide_client_session = no
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?{1}:{100}}
smtpd_log_access_permit_actions =
@ -805,6 +813,7 @@ smtpd_upstream_proxy_timeout = 5s
smtpd_use_tls = no
smtputf8_autodetect_classes = sendmail, verify
smtputf8_enable = ${{$compatibility_level} <level {1} ? {no} : {yes}}
socketmap_max_reply_size = 100000
soft_bounce = no
stale_lock_time = 500s
stress =
@ -826,7 +835,7 @@ tls_config_name =
tls_daemon_random_bytes = 32
tls_dane_digests = sha512 sha256
tls_disable_workarounds =
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp384r1 secp521r1
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist =
@ -843,6 +852,7 @@ tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
tls_required_enable = yes
tls_server_sni_maps =
tls_session_ticket_cipher = aes-256-cbc
tls_ssl_options =

6
main.cf.sample
View File

@ -9,7 +9,7 @@
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
# https://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
@ -31,7 +31,7 @@
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3.9
compatibility_level = 3.10
# SOFT BOUNCE
#
@ -685,5 +685,5 @@ inet_protocols = all
# smtp CA path (default to system-wide location)
smtp_tls_CApath = /etc/ssl/certs
shlib_directory = /usr/local/lib/postfix
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix

6
master.cf.sample
View File

@ -1,7 +1,7 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
# on-line: https://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
@ -18,10 +18,12 @@ smtp inet n - n - - smtpd
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_forbid_unauth_pipelining=no
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -37,9 +39,11 @@ smtp inet n - n - - smtpd
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_forbid_unauth_pipelining=no
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"

40
virtual
View File

@ -14,10 +14,12 @@
# The optional virtual(5) alias table (virtual_alias_maps)
# applies to all recipients: local(8), virtual, and remote.
# This feature is implemented in the Postfix cleanup(8) dae-
# mon before mail is queued.
# mon before mail is queued. These tables are often queried
# with a full email address (including domain).
#
# This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients.
# This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients. That table is only
# queried with the email address localpart (no domain).
#
# Virtual aliasing is recursive; to terminate recursion for
# a specific address, alias that address to itself.
@ -256,46 +258,48 @@
# command after a configuration change.
#
# virtual_alias_maps ($virtual_maps)
# Optional lookup tables with aliases that apply to
# all recipients: local(8), virtual, and remote; this
# is unlike alias_maps that apply only to local(8)
# recipients.
# Optional lookup tables that are often searched with
# a full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote; this is unlike alias_maps that are only
# searched with an email address localpart (no
# domain) and that apply only to local(8) recipients.
#
# virtual_alias_domains ($virtual_alias_maps)
# Postfix is the final destination for the specified
# Postfix is the final destination for the specified
# list of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in
# which all addresses are aliased to addresses in
# other local or remote domains.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The local network interface addresses that this
# The local network interface addresses that this
# mail system receives mail on.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# proxy_interfaces (empty)
# The remote network interface addresses that this
# mail system receives mail on by way of a proxy or
# The remote network interface addresses that this
# mail system receives mail on by way of a proxy or
# network address translation unit.
#
# SEE ALSO
@ -305,14 +309,14 @@
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

40
virtual.sample
View File

@ -14,10 +14,12 @@
# The optional virtual(5) alias table (virtual_alias_maps)
# applies to all recipients: local(8), virtual, and remote.
# This feature is implemented in the Postfix cleanup(8) dae-
# mon before mail is queued.
# mon before mail is queued. These tables are often queried
# with a full email address (including domain).
#
# This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients.
# This is unlike the aliases(5) table (alias_maps) which
# applies only to local(8) recipients. That table is only
# queried with the email address localpart (no domain).
#
# Virtual aliasing is recursive; to terminate recursion for
# a specific address, alias that address to itself.
@ -256,46 +258,48 @@
# command after a configuration change.
#
# virtual_alias_maps ($virtual_maps)
# Optional lookup tables with aliases that apply to
# all recipients: local(8), virtual, and remote; this
# is unlike alias_maps that apply only to local(8)
# recipients.
# Optional lookup tables that are often searched with
# a full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote; this is unlike alias_maps that are only
# searched with an email address localpart (no
# domain) and that apply only to local(8) recipients.
#
# virtual_alias_domains ($virtual_alias_maps)
# Postfix is the final destination for the specified
# Postfix is the final destination for the specified
# list of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in
# which all addresses are aliased to addresses in
# other local or remote domains.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The local network interface addresses that this
# The local network interface addresses that this
# mail system receives mail on.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# proxy_interfaces (empty)
# The remote network interface addresses that this
# mail system receives mail on by way of a proxy or
# The remote network interface addresses that this
# mail system receives mail on by way of a proxy or
# network address translation unit.
#
# SEE ALSO
@ -305,14 +309,14 @@
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)