74 lines
2.1 KiB
Bash
Executable file
74 lines
2.1 KiB
Bash
Executable file
#!/bin/sh
|
|
cat > /etc/postfix/main.cf << MAINCF
|
|
# FQDN of system !reverse DNS!
|
|
myhostname = $HOSTNAME
|
|
|
|
# aliases
|
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
recipient_delimiter = +
|
|
|
|
smtpd_relay_restictions =
|
|
|
|
smtpd_recipient_restrictions =
|
|
# white/blacklists
|
|
check_recipient_access hash:/etc/postfix/access_recipient
|
|
check_sender_access hash:/etc/postfix/access_sender,
|
|
check_helo_access hash:/etc/postfix/access_helo,
|
|
check_client_access cidr:/etc/postfix/access_client,
|
|
# deny mails for nonexistend recipients
|
|
reject_non_fqdn_sender,
|
|
reject_non_fqdn_recipient,
|
|
reject_unknown_sender_domain,
|
|
reject_unknown_recipient_domain,
|
|
# allow mails of our users
|
|
permit_sasl_authenticated,
|
|
permit_mynetworks,
|
|
# deny mails to external destinations
|
|
reject_unauth_destination,
|
|
# check against RBL
|
|
reject_rbl_client zen.spamhaus.org,
|
|
reject_rbl_client ix.dnsbl.manitu.net,
|
|
# check greylisting
|
|
check_policy_service inet:postgrey:25
|
|
# check if the user exists in dovecot
|
|
reject_unverified_recipient,
|
|
# let it out
|
|
permit
|
|
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_path= inet:dovecot:100
|
|
smtpd_sasl_type = dovecot
|
|
|
|
# out
|
|
smtp_tls_security_level = may
|
|
|
|
# in
|
|
smtpd_tls_security_level = may
|
|
smtpd_tls_cert_file = $TLS_CERT
|
|
smtpd_tls_CAfile = $TLS_CHAIN
|
|
smtpd_tls_key_file = $TLS_KEY
|
|
|
|
smtpd_tls_dh1024_param_file = /etc/postfix/dh-params/2048.pem
|
|
smtpd_tls_dh512_param_file = /etc/postfix/dh-params/512.pem
|
|
smtpd_tls_eecdh_grade = strong
|
|
tls_preempt_cipherlist = yes
|
|
|
|
smtpd_tls_auth_only = yes
|
|
|
|
# for lmtp relaying to dovecot
|
|
relay_domains = hash:/etc/postfix/relay_domains
|
|
MAINCF
|
|
|
|
[ -e /etc/postfix/relay_domains ] && rm /etc/postfix/relay_domains
|
|
for virtual_host in $VIRTUAL_HOSTS;do
|
|
echo "$virtual_host lmtp:[dovecot]" >> /etc/postfix/relay_domains
|
|
done
|
|
postmap /etc/postfix/relay_domains
|
|
|
|
[ -e /etc/postfix/dh_512.pem ] || openssl gendh -out /etc/postfix/dh-params/512.pem -2 512
|
|
[ -e /etc/postfix/dh_2048.pem ] || openssl gendh -out /etc/postfix/dh-params/2048.pem -2 2048
|
|
|
|
postmap /etc/postfix/virtual
|
|
/usr/lib/postfix/master -c /etc/postfix -d
|