br0tkasten/ansible-role-mailserver
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix

Browse Source
This commit is contained in:
arne
2024-05-18 13:18:39 +02:00
parent ebf5f9116c
commit d41fe37318
14 changed files with 468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
templates/postfix/main.cf Normal file
View File

@ -0,0 +1,93 @@
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
setgid_group = postdrop
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
compatibility_level = 2
myhostname = mail.{{ domain }}
mydomain = {{ domain }}
myorigin = $mydomain
relay_domains = $mydestination
mynetworks_style = host
mynetworks = 127.0.0.0/8 10.3.0.0/24 37.221.196.144/32
smtpd_banner = $myhostname ESMTP
smtpd_tls_dh1024_param_file = /etc/ssl/private/dh1024.pem
smtpd_tls_dh512_param_file = /etc/ssl/private/dh512.pem
smtpd_tls_eecdh_grade = strong
tls_preempt_cipherlist = yes
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = /etc/ssl/private/mailcert.pem
smtpd_tls_key_file = /etc/ssl/private/mailkey.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
alias_maps = pgsql:/etc/postfix/pgsql-aliases.cf
alias_database = $alias_maps
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:127.0.0.1:6222
broken_sasl_auth_clients = yes
receive_override_options = no_address_mappings
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
recipient_delimiter = +
virtual_transport = dovecot
virtual_alias_maps = pgsql:/etc/postfix/pgsql-aliases.cf
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-domains.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-maildir.cf
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:5525,
check_policy_service unix:private/spfpolicy,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix/sample
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
message_size_limit = 20480000
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5

55
templates/postfix/master.cf Normal file
View File

@ -0,0 +1,55 @@
smtp inet n - n - - smtpd
-o content_filter=scan:127.0.0.1:10025
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=spamassassin
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
spamassassin
unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
spfpolicy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/bin/postfix-policyd-spf-perl
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
# flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

6
templates/postfix/pgsql-aliases.cf Normal file
View File

@ -0,0 +1,6 @@
hosts = db.lxc.br0tkasten.de
user = mail
password = ienohSe4
dbname = users
query = SELECT realuser FROM users WHERE userid='%s'

6
templates/postfix/pgsql-domains.cf Normal file
View File

@ -0,0 +1,6 @@
hosts = db.lxc.br0tkasten.de
user = mail
password = ienohSe4
dbname = users
query = SELECT domain FROM users WHERE domain='%s'

6
templates/postfix/pgsql-maildir.cf Normal file
View File

@ -0,0 +1,6 @@
hosts = db.lxc.br0tkasten.de
user = mail
password = ienohSe4
dbname = users
query = SELECT home FROM users WHERE userid='%u' AND domain='%d'