[Postfix] Add comments to config files, cleanup a bit
This commit is contained in:
andryyy
@@ -1,32 +1,47 @@
|
||||
# inter-mx with postscreen on 25/tcp
|
||||
smtp inet n - n - 1 postscreen
|
||||
smtpd pass - - n - - smtpd
|
||||
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
|
||||
-o smtpd_sasl_auth_enable=no
|
||||
-o smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
|
||||
|
||||
# smtpd tls-wrapped (smtps) on 465/tcp
|
||||
smtps inet n - n - - smtpd
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
||||
-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
|
||||
-o tls_preempt_cipherlist=yes
|
||||
|
||||
# smtpd with starttls on 587/tcp
|
||||
submission inet n - n - - smtpd
|
||||
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
||||
-o smtpd_enforce_tls=yes
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
|
||||
-o tls_preempt_cipherlist=yes
|
||||
|
||||
# used by SOGo
|
||||
# smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function
|
||||
588 inet n - n - - smtpd
|
||||
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
||||
-o smtpd_tls_auth_only=no
|
||||
-o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
|
||||
|
||||
# used to reinject quarantine mails
|
||||
590 inet n - n - - smtpd
|
||||
-o smtpd_client_restrictions=permit_mynetworks,reject
|
||||
-o smtpd_tls_auth_only=no
|
||||
-o smtpd_milters=
|
||||
-o non_smtpd_milters=
|
||||
|
||||
# enforced smtp connector
|
||||
smtp_enforced_tls unix - - n - - smtp
|
||||
-o smtp_tls_security_level=encrypt
|
||||
-o syslog_name=enforced-tls-smtp
|
||||
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
|
||||
|
||||
# smtp connector used, when a transport map matched
|
||||
# this helps to have different sasl maps than we have with sender dependent transport maps
|
||||
smtp_via_transport_maps unix - - n - - smtp
|
||||
-o smtp_sasl_password_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
|
||||
|
||||
@@ -63,6 +78,7 @@ maildrop unix - n n - - pipe flags=DRhu
|
||||
# end whitelist_fwd
|
||||
|
||||
# start watchdog-specific
|
||||
# logs to local7 (hidden)
|
||||
589 inet n - n - - smtpd
|
||||
-o smtpd_client_restrictions=permit_mynetworks,reject
|
||||
-o syslog_name=watchdog
|
||||
|
||||
Reference in New Issue
Block a user