dépôts
/
lhc
/
ateliers.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Correction : postgrey : socket dans le chroot de postfix.
[lhc/ateliers.git]
/
etc
/
postfix
/
main.cf
diff --git
a/etc/postfix/main.cf
b/etc/postfix/main.cf
index
68b34a4
..
b5d3da3
100644
(file)
--- a/
etc/postfix/main.cf
+++ b/
etc/postfix/main.cf
@@
-1,7
+1,11
@@
# DOC: http://postfix.traduc.org/index.php/TLS_README.html
# DOC: http://postfix.traduc.org/index.php/TLS_README.html
-alias_database = hash:/etc/postfix/aliases
-alias_maps = hash:/etc/postfix/aliases
+alias_database =
+ hash:/etc/postfix/aliases
+ hash:/etc/mail/sympa/aliases
+alias_maps =
+ hash:/etc/postfix/aliases
+ hash:/etc/mail/sympa/aliases
append_dot_mydomain = no
# NOTE: appending .domain is the MUA's job.
biff = no
append_dot_mydomain = no
# NOTE: appending .domain is the MUA's job.
biff = no
@@
-27,7
+31,8
@@
maximal_queue_lifetime = 5d
message_size_limit = 20480000
mime_header_checks =
milter_header_checks =
message_size_limit = 20480000
mime_header_checks =
milter_header_checks =
-mynetworks = 127.0.0.0/8 #, [::1]/128
+mynetworks = 127.0.0.0/8
+ #[::1]/128
nested_header_checks =
non_smtpd_milters =
parent_domain_matches_subdomains =
nested_header_checks =
non_smtpd_milters =
parent_domain_matches_subdomains =
@@
-57,7
+62,8
@@
recipient_delimiter = +
# NOTE: séparateur entre le nom d’utilisateur et les extensions d’adresse.
#relayhost =
relay_clientcerts = hash:/etc/postfix/$mydomain/smtpd/relay_clientcerts
# NOTE: séparateur entre le nom d’utilisateur et les extensions d’adresse.
#relayhost =
relay_clientcerts = hash:/etc/postfix/$mydomain/smtpd/relay_clientcerts
-relay_domains = $mydestination
+relay_domains =
+ $mydestination
# NOTE: ajouter les domaines pour lesquels on est backup MX ici, pas dans mydestination ou virtual_alias...
smtp_body_checks =
#smtp_cname_overrides_servername = no
# NOTE: ajouter les domaines pour lesquels on est backup MX ici, pas dans mydestination ou virtual_alias...
smtp_body_checks =
#smtp_cname_overrides_servername = no
@@
-128,7
+134,7
@@
smtpd_recipient_restrictions =
permit_sasl_authenticated
reject_unauth_destination
# NOTE: ne pas passer par SPFCheck / Postgrey si le mail n'est pas pour nous ou quelqu'un pour lequel on tient lieu de backup_mx
permit_sasl_authenticated
reject_unauth_destination
# NOTE: ne pas passer par SPFCheck / Postgrey si le mail n'est pas pour nous ou quelqu'un pour lequel on tient lieu de backup_mx
- check_policy_service
inet:127.0.0.1:10023
+ check_policy_service
unix:postgrey/socket
# NOTE: Postgrey (greylisting)
check_policy_service unix:private/spfcheck
permit_auth_destination
# NOTE: Postgrey (greylisting)
check_policy_service unix:private/spfcheck
permit_auth_destination
@@
-156,16
+162,16
@@
smtpd_sender_restrictions =
permit
smtpd_starttls_timeout = 300s
#smtpd_tls_always_issue_session_ids = yes
permit
smtpd_starttls_timeout = 300s
#smtpd_tls_always_issue_session_ids = yes
-smtpd_tls_CAfile = /etc/postfix/$mydomain/
x509/smtpd
/ca/crt.pem
-smtpd_tls_CApath = /etc/postfix/$mydomain/
x509/smtpd
/ca/
+smtpd_tls_CAfile = /etc/postfix/$mydomain/
smtpd/x509
/ca/crt.pem
+smtpd_tls_CApath = /etc/postfix/$mydomain/
smtpd/x509
/ca/
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
# NOTE: pas d'AUTH SASL sans TLS
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
# NOTE: pas d'AUTH SASL sans TLS
smtpd_tls_ccert_verifydepth = 5
-smtpd_tls_cert_file = /etc/postfix/$mydomain/
x509/smtpd
/crt+crl.self-signed.pem
+smtpd_tls_cert_file = /etc/postfix/$mydomain/
smtpd/x509
/crt+crl.self-signed.pem
smtpd_tls_ciphers = high
smtpd_tls_fingerprint_digest = sha512
smtpd_tls_ciphers = high
smtpd_tls_fingerprint_digest = sha512
-smtpd_tls_key_file = /etc/postfix/$mydomain/
x509/smtpd
/key.pem
+smtpd_tls_key_file = /etc/postfix/$mydomain/
smtpd/x509
/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1
@@
-180,6
+186,8
@@
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
#smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
#smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
+sympa_destination_recipient_limit = 1
+sympabounce_destination_recipient_limit = 1
#tls_high_cipherlist = AES256-SHA
# NOTE: postconf(5) déconseille de changer ceci
#tls_random_bytes = 32
#tls_high_cipherlist = AES256-SHA
# NOTE: postconf(5) déconseille de changer ceci
#tls_random_bytes = 32
@@
-189,10
+197,16
@@
strict_rfc821_envelopes = yes
#tls_random_reseed_period = 3600s
#tls_random_source = dev:/dev/urandom
# NOTE: non-blocking
#tls_random_reseed_period = 3600s
#tls_random_source = dev:/dev/urandom
# NOTE: non-blocking
-transport_maps = hash:/etc/postfix/$mydomain/transport
+transport_maps =
+ hash:/etc/postfix/$mydomain/transport
+ hash:/etc/postfix/$mydomain/transport-pending-transition-from-lautrenet
+ regexp:/etc/sympa/transport
#virtual_alias_domains =
virtual_alias_maps =
hash:/etc/postfix/$mydomain/virtual_alias
#virtual_alias_domains =
virtual_alias_maps =
hash:/etc/postfix/$mydomain/virtual_alias
+ hash:/etc/postfix/$mydomain/virtual_alias-pending-transition-from-lautrenet
+ hash:/etc/postfix/cyclocoop.org/virtual_alias
+ regexp:/etc/sympa/virtual_alias
# NOTE: do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# NOTE: do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#