diff --git a/public/fs/etc/postfix/main-cf.sh b/public/fs/etc/postfix/main-cf.sh new file mode 100755 index 0000000..811f7d7 --- /dev/null +++ b/public/fs/etc/postfix/main-cf.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -eu + +source /root/config/private/fs/etc/server.domains + +sed -e 's/@server_domains@/'"${server_domains}"'/g' "$1" diff --git a/public/fs/etc/postfix/main.cf.in b/public/fs/etc/postfix/main.cf.in new file mode 100644 index 0000000..04ca90e --- /dev/null +++ b/public/fs/etc/postfix/main.cf.in @@ -0,0 +1,62 @@ +# chain +myhostname = mail.culturestrings.org +mydomain = culturestrings.org +myorigin = $mydomain +mydestination = $mydomain, localhost.$mydomain, localhost, @server_domains@ + +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases + +compatibility_level = 2 + +relayhost = +mynetworks = 127.0.0.0/8 +inet_interfaces = all + +home_mailbox = Maildir/ +mailbox_size_limit = 0 +recipient_delimiter = + + +queue_directory = /var/spool/postfix +command_directory = /usr/sbin +daemon_directory = /usr/lib/postfix/bin/ +data_directory = /var/lib/postfix + +html_directory = /usr/share/doc/packages/postfix-doc/html +manpage_directory = /usr/share/man +sample_directory = /usr/share/doc/packages/postfix-doc/samples +readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES +mail_spool_directory = /var/mail + + +# tls ... +tls_random_source = dev:/dev/urandom + +smtp_tls_loglevel = 3 +smtp_tls_security_level = encrypt + +smtp_tls_CApath = /etc/ssl/certs +smtp_tls_CAfile = /home/webroot/letsencrypt/ssl/cert.pem + +smtpd_tls_key_file = /etc/postfix/ssl/certs/culturestrings.org/ssl/privkey.pem +smtpd_tls_cert_file = /etc/postfix/ssl/certs/culturestrings.org/ssl/fullchain.pem + +smtpd_tls_loglevel = 3 +smtpd_tls_security_level = may +smtpd_tls_session_cache_timeout = 3600s + +smtpd_use_tls = yes +smtpd_tls_auth_only = yes +smtpd_tls_received_header = yes + +smtpd_tls_CApath = /etc/ssl/certs +smtpd_tls_CAfile = /home/webroot/letsencrypt/ssl/cert.pem + +meta_directory = /usr/lib/postfix +setgid_group = maildrop +newaliases_path = /usr/bin/newaliases +mailq_path = /usr/bin/mailq +sendmail_path = /usr/sbin/sendmail +mail_owner = postfix +shlib_directory = /usr/lib/postfix +inet_protocols = ipv4 diff --git a/public/fs/etc/postfix/master.cf b/public/fs/etc/postfix/master.cf new file mode 100644 index 0000000..618f023 --- /dev/null +++ b/public/fs/etc/postfix/master.cf @@ -0,0 +1,43 @@ +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== + +smtp inet n - n - - smtpd +smtp unix - - n - - smtp + +relay unix - - n - - smtp + -o syslog_name=postfix/$service_name + + +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +tlsmgr unix - - n 1000? 1 tlsmgr + + +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush + + +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap + + +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard + + +local unix - n n - - local +virtual unix - n n - - virtual + + +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache