X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fpostfix%2Fmain.cf;h=01456c19987d268936eee2c6393e0976462bf26a;hb=3a63c7ca9ba39be7a75670d4148f92f8e2eb35a6;hp=3dac1eec6027a9c047813f59af57d6836c097a6a;hpb=f6488dca3163e1ca5870485351fdec671bec000f;p=lhc%2Fateliers.git diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index 3dac1ee..01456c1 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -1,10 +1,11 @@ # DOC: http://postfix.traduc.org/index.php/TLS_README.html -alias_database = hash:/etc/aliases - # NOTE: fichier de hash contenant une table d’alias mail. - # Celle-ci est éditable dans /etc/aliases, puis (indispensable) - # regénérée en hash grâce à la commande newaliases qui produit /etc/aliases.db -alias_maps = hash:/etc/aliases +alias_database = + hash:/etc/postfix/aliases + hash:/etc/mail/sympa/aliases +alias_maps = + hash:/etc/postfix/aliases + hash:/etc/mail/sympa/aliases append_dot_mydomain = no # NOTE: appending .domain is the MUA's job. biff = no @@ -31,8 +32,8 @@ message_size_limit = 20480000 mime_header_checks = milter_header_checks = mynetworks = 127.0.0.0/8 #, [::1]/128 -non_smtpd_milters = nested_header_checks = +non_smtpd_milters = parent_domain_matches_subdomains = #debug_peer_list #fast_flush_domains @@ -60,7 +61,8 @@ recipient_delimiter = + # NOTE: séparateur entre le nom d’utilisateur et les extensions d’adresse. #relayhost = relay_clientcerts = hash:/etc/postfix/$mydomain/smtpd/relay_clientcerts -relay_domains = $mydestination +relay_domains = + $mydestination # NOTE: ajouter les domaines pour lesquels on est backup MX ici, pas dans mydestination ou virtual_alias... smtp_body_checks = #smtp_cname_overrides_servername = no @@ -131,7 +133,7 @@ smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination # NOTE: ne pas passer par SPFCheck / Postgrey si le mail n'est pas pour nous ou quelqu'un pour lequel on tient lieu de backup_mx - check_policy_service inet:127.0.0.1:10023 + check_policy_service unix:/run/postgrey/socket # NOTE: Postgrey (greylisting) check_policy_service unix:private/spfcheck permit_auth_destination @@ -156,19 +158,19 @@ smtpd_sender_restrictions = reject_unauth_pipelining reject_non_fqdn_sender #reject_unknown_sender_domain - permit + reject smtpd_starttls_timeout = 300s #smtpd_tls_always_issue_session_ids = yes -smtpd_tls_CAfile = /etc/postfix/$mydomain/x509/smtpd/ca/crt.pem -smtpd_tls_CApath = /etc/postfix/$mydomain/x509/smtpd/ca/ +smtpd_tls_CAfile = /etc/postfix/$mydomain/smtpd/x509/ca/crt.pem +smtpd_tls_CApath = /etc/postfix/$mydomain/smtpd/x509/ca/ smtpd_tls_ask_ccert = no smtpd_tls_auth_only = yes # NOTE: pas d'AUTH SASL sans TLS smtpd_tls_ccert_verifydepth = 5 -smtpd_tls_cert_file = /etc/postfix/$mydomain/x509/smtpd/crt+crl.self-signed.pem +smtpd_tls_cert_file = /etc/postfix/$mydomain/smtpd/x509/crt+crl.self-signed.pem smtpd_tls_ciphers = high smtpd_tls_fingerprint_digest = sha512 -smtpd_tls_key_file = /etc/postfix/$mydomain/x509/smtpd/key.pem +smtpd_tls_key_file = /etc/postfix/$mydomain/smtpd/x509/key.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = TLSv1 @@ -183,6 +185,8 @@ smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache #smtpd_tls_session_cache_timeout = 3600s strict_rfc821_envelopes = yes +sympa_destination_recipient_limit = 1 +sympabounce_destination_recipient_limit = 1 #tls_high_cipherlist = AES256-SHA # NOTE: postconf(5) déconseille de changer ceci #tls_random_bytes = 32 @@ -192,10 +196,16 @@ strict_rfc821_envelopes = yes #tls_random_reseed_period = 3600s #tls_random_source = dev:/dev/urandom # NOTE: non-blocking -transport_maps = hash:/etc/postfix/$mydomain/transport +transport_maps = + hash:/etc/postfix/$mydomain/transport + hash:/etc/postfix/$mydomain/transport-pending-transition-from-lautrenet + regexp:/etc/sympa/transport #virtual_alias_domains = virtual_alias_maps = hash:/etc/postfix/$mydomain/virtual_alias + hash:/etc/postfix/$mydomain/virtual_alias-pending-transition-from-lautrenet + hash:/etc/postfix/cyclocoop.org/virtual_alias + regexp:/etc/sympa/virtual_alias # NOTE: do not specify virtual alias domain names in the main.cf # mydestination or relay_domains configuration parameters. #