diff options
| -rw-r--r-- | etc/postfix/aliases | 124 | ||||
| -rw-r--r-- | etc/postfix/main.cf | 4 | ||||
| -rw-r--r-- | etc/postfix/master.cf | 6 |
3 files changed, 74 insertions, 60 deletions
diff --git a/etc/postfix/aliases b/etc/postfix/aliases index a4c4f8a0..3e6ad4d9 100644 --- a/etc/postfix/aliases +++ b/etc/postfix/aliases @@ -45,30 +45,36 @@ decode: root # SYNOPSIS # newaliases # +# postalias -q name [file-type]:[file-name] +# # DESCRIPTION # The optional aliases(5) table (alias_maps) redirects mail # for local recipients. The redirections are processed by -# the Postfix local(8) delivery agent. +# the Postfix local(8) delivery agent. This table is always +# searched with an email address localpart (no domain por- +# tion). # # This is unlike virtual(5) aliasing (virtual_alias_maps) # which applies to all recipients: local(8), virtual, and # remote, and which is implemented by the cleanup(8) daemon. +# That table is often searched with a full email address +# (including domain). # # Normally, the aliases(5) table is specified as a text file -# that serves as input to the postalias(1) command. The -# result, an indexed file in dbm or db format, is used for -# fast lookup by the mail system. Execute the command -# newaliases in order to rebuild the indexed file after +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after # changing the Postfix alias database. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regu- -# lar-expression map where patterns are given as regular -# expressions. In this case, the lookups are done in a -# slightly different way as described below under "REGULAR +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR # EXPRESSION TABLES". # # Users can control delivery of their own mail by setting up @@ -82,63 +88,64 @@ decode: root # # name: value1, value2, ... # -# o Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # -# o A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # -# The name is a local address (no domain part). Use double -# quotes when the name contains any special characters such -# as whitespace, `#', `:', or `@'. The name is folded to +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to # lowercase, in order to make database lookups case insensi- # tive. # -# In addition, when an alias exists for owner-name, this -# will override the envelope sender address, so that deliv- +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- # ery diagnostics are directed to owner-name, instead of the -# originator of the message (for details, see -# owner_request_special, expand_owner_alias and -# reset_owner_alias). This is typically used to direct -# delivery errors to the maintainer of a mailing list, who +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who # is in a better position to deal with mailing list delivery # problems than the originator of the undelivered mail. # # The value contains one or more of the following: # # address -# Mail is forwarded to address, which is compatible +# Mail is forwarded to address, which is compatible # with the RFC 822 standard. # # /file/name -# Mail is appended to /file/name. For details on how -# a file is written see the sections "EXTERNAL FILE -# DELIVERY" and "DELIVERY RIGHTS" in the local(8) -# documentation. Delivery is not limited to regular -# files. For example, to dispose of unwanted mail, +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, # deflect it to /dev/null. # # |command -# Mail is piped into command. Commands that contain -# special characters, such as whitespace, should be -# enclosed between double quotes. For details on how -# a command is executed see "EXTERNAL COMMAND DELIV- +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- # ERY" and "DELIVERY RIGHTS" in the local(8) documen- # tation. # # When the command fails, a limited amount of command -# output is mailed back to the sender. The file -# /usr/include/sysexits.h defines the expected exit -# status codes. For example, use "|exit 67" to simu- -# late a "user unknown" error, and "|exit 0" to +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to # implement an expensive black hole. # # :include:/file/name -# Mail is sent to the destinations listed in the +# Mail is sent to the destinations listed in the # named file. Lines in :include: files have the same -# syntax as the right-hand side of alias entries. +# syntax as the right-hand side of aliases(5) +# entries. # # A destination can be any destination that is # described in this manual page. However, delivery to @@ -200,46 +207,49 @@ decode: root # updated with "newaliases" or with "sendmail -bi". # # alias_maps (see 'postconf -d' output) -# Optional lookup tables with aliases that apply only -# to local(8) recipients; this is unlike vir- -# tual_alias_maps that apply to all recipients: -# local(8), virtual, and remote. +# Optional lookup tables that are searched only with +# an email address localpart (no domain) and that +# apply only to local(8) recipients; this is unlike +# virtual_alias_maps that are often searched with a +# full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote. # # allow_mail_to_commands (alias, forward) -# Restrict local(8) mail delivery to external com- +# Restrict local(8) mail delivery to external com- # mands. # # allow_mail_to_files (alias, forward) -# Restrict local(8) mail delivery to external files. +# Restrict local(8) mail delivery to external files. # # expand_owner_alias (no) # When delivering to an alias "aliasname" that has an # "owner-aliasname" companion alias, set the envelope -# sender address to the expansion of the +# sender address to the expansion of the # "owner-aliasname" alias. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # recipient_delimiter (empty) -# The set of characters that can separate an email -# address localpart, user name, or a .forward file +# The set of characters that can separate an email +# address localpart, user name, or a .forward file # name from its extension. # # Available in Postfix version 2.3 and later: # # frozen_delivered_to (yes) -# Update the local(8) delivery agent's idea of the -# Delivered-To: address (see prepend_deliv- -# ered_header) only once, at the start of a delivery -# attempt; do not update the Delivered-To: address +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address # while expanding aliases or .forward files. # # STANDARDS @@ -252,12 +262,12 @@ decode: root # postconf(5), configuration parameters # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index fe83cc82..0d45fedd 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -67,7 +67,7 @@ smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc. # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. +# https://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -89,7 +89,7 @@ smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc. # # The level below is what should be used with new (not upgrade) installs. # -compatibility_level = 3.9 +compatibility_level = 3.10 # SOFT BOUNCE # diff --git a/etc/postfix/master.cf b/etc/postfix/master.cf index 46ed0b73..00bb1250 100644 --- a/etc/postfix/master.cf +++ b/etc/postfix/master.cf @@ -4,7 +4,7 @@ # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or -# on-line: http://www.postfix.org/master.5.html). +# on-line: https://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # @@ -21,10 +21,12 @@ smtp inet n - n - - smtpd #127.0.0.1:submission inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission +# -o smtpd_forbid_unauth_pipelining=no -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes # -o local_header_rewrite_clients=static:all +# -o smtpd_hide_client_session=yes -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd_<xxx>_restrictions here, # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" @@ -40,9 +42,11 @@ submission inet n - n - - smtpd #127.0.0.1:submissions inet n - n - - smtpd submissions inet n - n - - smtpd -o syslog_name=postfix/submissions +# -o smtpd_forbid_unauth_pipelining=no -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o local_header_rewrite_clients=static:all +# -o smtpd_hide_client_session=yes -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd_<xxx>_restrictions here, # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" |