Modifications : etc/amavis/50-user - Mise en place DKIM

author Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>

Fri, 21 Oct 2016 14:50:52 +0000 (16:50 +0200)

committer Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>

Fri, 21 Oct 2016 15:01:54 +0000 (17:01 +0200)
author Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
Fri, 21 Oct 2016 14:50:52 +0000 (16:50 +0200)
committer Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
Fri, 21 Oct 2016 15:01:54 +0000 (17:01 +0200)
diff --git a/etc/amavis/50-user b/etc/amavis/50-user

index 85fc782..c60c5eb 100644 (file)
--- a/etc/amavis/50-user
+++ b/etc/amavis/50-user
@@ -4,11 +4,12 @@ use strict;
  @local_domains_acl =
   ( ".heureux-cyclage.org"
   , ".cyclocoop.org"
+ , ".wiklou.org"
   );
  $max_servers = 2;
  
  ## LOGGING AND DEBUGGING
-$log_level = 1;
+$log_level = 2;
  # $logfile = undef;
  $do_syslog = 1;
  $syslog_ident = 'amavis';
@@ -20,14 +21,48 @@ $syslog_facility = 'mail';
  # $log_recip_templ = ... built-in default at the end of file amavisd
  # $log_templ = $log_short_templ;
  
-## MTA INTERFACE - INPUT
+## MTA INTERFACE
  $protocol = 'LMTP';
  @inet_acl = qw( 127.0.0.1 );
-$inet_socket_port = 10024;
+@mynetworks = qw(127.0.0.0/8 ::1/128);
+$inet_socket_port = [10024, 10026];
  
-## MTA INTERFACE - OUTPUT
-$notify_method  = 'smtp:[127.0.0.1]:10025';
-$forward_method = 'smtp:[127.0.0.1]:10025';
+$interface_policy{'10024'} = 'Net2Loc';
+$policy_bank{'Net2Loc'} = {
+       forward_method => 'smtp:[127.0.0.1]:10025',
+       notify_method  => 'smtp:[127.0.0.1]:10025',
+ };
+@dkim_signature_options_bysender_maps = (
+       { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } }
+ );
+
+dkim_key('wiklou.org', 'wiklou', '/var/lib/amavis/dkim/wiklou.org.pem');
+dkim_key('heureux-cyclage.org', 'heureux-cyclage', '/var/lib/amavis/dkim/heureux-cyclage.org.pem');
+
+$interface_policy{'10026'} = 'Loc2Net';
+$policy_bank{'Loc2Net'} = {
+       forward_method => 'smtp:[127.0.0.1]:10027',
+       notify_method  => 'smtp:[127.0.0.1]:10027',
+       originating => 1,
+       enable_dkim_signing => 1,
+       smtpd_greeting_banner =>
+        '${helo-name} ${protocol} ${product} Loc2Net service ready',
+       archive_quarantine_to_maps   => [],
+       banned_files_lovers_maps     => [1],
+       bounce_killer_score          => 0,
+       bypass_banned_checks_maps    => [1],
+       bypass_decode_parts          => 1,
+       bypass_header_checks_maps    => [1],
+       bypass_spam_checks_maps      => [1],
+       bypass_virus_checks_maps     => [1],
+       mynetworks_maps              => [],
+       os_fingerprint_method        => undef,
+       penpals_bonus_score          => undef,
+       remove_existing_spam_headers => undef,
+       remove_existing_x_scanned_headers => undef,
+       signed_header_fields         => { 'Sender' => 1 },
+       spam_lovers_maps             => [1],
+ };
  
  ## MODIFICATIONS TO PASSED MAIL
  #$prefer_our_added_header_fields{lc('X-CRM114-CacheID')} = 0;
@@ -54,11 +89,9 @@ $bad_header_quarantine_method = undef;
  $bad_header_quarantine_to = undef;
  $spam_quarantine_method = undef;
  $spam_quarantine_to = undef;
+$sa_spam_subject_tag = undef;
  $virus_quarantine_method = undef;
  $virus_quarantine_to = undef;
  $final_banned_destiny = D_PASS; # (defaults to D_BOUNCE)
  $final_spam_destiny = D_PASS; # (defaults to D_BOUNCE)
  $final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
-
-#------------ Do not modify anything below this line -------------
-1;  # ensure a defined return
diff --git a/etc/postfix/master.cf b/etc/postfix/master.cf

index b0ccd97..600ffe4 100644 (file)
--- a/etc/postfix/master.cf
+++ b/etc/postfix/master.cf
@@ -5,15 +5,23 @@
  # service type  private unpriv  chroot  wakeup  maxproc command + args
  #               (yes)   (yes)   (yes)   (never) (100)
  # ==========================================================================
+
+amavis    unix  -       -       n        -      2       lmtp
+  -o lmtp_data_done_timeout=1200
+  -o lmtp_send_xforward_command=yes
+  -o lmtp_tls_note_starttls_offer=no
+
+#
+## Net2Loc: envoi vers amavis
+###
  smtp      inet  n       -       -       -       -       smtpd
    -o cleanup_service_name=pre-amavis-cleanup
    -o content_filter=amavis:[127.0.0.1]:10024
    -o smtpd_sender_restrictions=reject_unauth_pipelining,reject_non_fqdn_sender,permit
    -o receive_override_options=no_address_mappings
-amavis    unix  -       -       n        -      2       lmtp
-  -o lmtp_data_done_timeout=1200
-  -o lmtp_send_xforward_command=yes
-  -o lmtp_tls_note_starttls_offer=no
+#
+## Net2Loc: réception d’amavis
+###
  127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o cleanup_service_name=post-amavis-cleanup
    -o content_filter=
@@ -37,23 +45,18 @@ amavis    unix  -       -       n        -      2       lmtp
    -o smtpd_sender_restrictions=
    -o smtpd_soft_error_limit=1001
    -o strict_rfc821_envelopes=yes
-submission inet n       -       -       -       -       smtpd
+
+
+
+#
+## Loc2Net: envoi vers amavis
+###
+pickup    fifo  n       -       -       60      1       pickup
+  -o content_filter=amavis:[127.0.0.1]:10026
    -o cleanup_service_name=no-amavis-cleanup
-  #-o cleanup_service_name=pre-amavis-cleanup
-  #-o content_filter=amavis:[127.0.0.1]:10024
-  -o milter_macro_daemon_name=ORIGINATING
-  -o receive_override_options=no_address_mappings
-  -o smtpd_sender_restrictions=permit_tls_clientcerts,reject
-  -o smtpd_tls_ask_ccert=yes
-  -o smtpd_tls_auth_only=yes
-  -o smtpd_tls_ccert_verifydepth=2
-  -o smtpd_tls_loglevel=1
-  -o smtpd_tls_req_ccert=yes
-  -o smtpd_tls_security_level=encrypt
  smtps     inet  n       -       -       -       -       smtpd
+  -o content_filter=amavis:[127.0.0.1]:10026
    -o cleanup_service_name=no-amavis-cleanup
-  #-o cleanup_service_name=pre-amavis-cleanup
-  #-o content_filter=amavis:[127.0.0.1]:10024
    -o milter_macro_daemon_name=ORIGINATING
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sasl_auth_enable=yes
@@ -64,11 +67,48 @@ smtps     inet  n       -       -       -       -       smtpd
    -o smtpd_tls_req_ccert=no
    -o smtpd_tls_security_level=encrypt
    -o smtpd_tls_wrappermode=yes
-#628      inet  n       -       -       -       -       qmqpd
-pickup    fifo  n       -       -       60      1       pickup
+submission inet n       -       -       -       -       smtpd
+  -o content_filter=amavis:[127.0.0.1]:10026
    -o cleanup_service_name=no-amavis-cleanup
-  #-o cleanup_service_name=pre-amavis-cleanup
-  #-o content_filter=amavis:[127.0.0.1]:10024
+  -o milter_macro_daemon_name=ORIGINATING
+  -o receive_override_options=no_address_mappings
+  -o smtpd_sender_restrictions=permit_tls_clientcerts,reject
+  -o smtpd_tls_ask_ccert=yes
+  -o smtpd_tls_auth_only=yes
+  -o smtpd_tls_ccert_verifydepth=2
+  -o smtpd_tls_loglevel=1
+  -o smtpd_tls_req_ccert=yes
+  -o smtpd_tls_security_level=encrypt
+#
+## Loc2Net: réception d’amavis
+###
+127.0.0.1:10027 inet n  -       n       -       -       smtpd
+  -o cleanup_service_name=post-amavis-cleanup
+  -o content_filter=
+  -o local_header_rewrite_clients=
+  -o local_recipient_maps=
+  -o mynetworks=127.0.0.0/8
+  -o receive_override_options=no_header_body_checks,no_milters,no_unknown_recipient_checks
+  -o relay_recipient_maps=
+  -o smtpd_client_connection_count_limit=0
+  -o smtpd_client_connection_rate_limit=0
+  -o smtpd_client_restrictions=permit_mynetworks,reject
+  -o smtpd_data_restrictions=reject_unauth_pipelining
+  -o smtpd_delay_reject=no
+  -o smtpd_end_of_data_restrictions=
+  -o smtpd_error_sleep_time=0
+  -o smtpd_hard_error_limit=1000
+  -o smtpd_helo_restrictions=
+  -o smtpd_milters=
+  #-o smtpd_sender_restrictions=permit_mynetworks,reject
+  -o smtpd_recipient_restrictions=permit
+  -o smtpd_restriction_classes=
+  -o smtpd_soft_error_limit=1001
+  -o strict_rfc821_envelopes=yes
+
+
+
+#628      inet  n       -       -       -       -       qmqpd
  no-amavis-cleanup unix  n -   -       -       0       cleanup
  pre-amavis-cleanup unix n -   -       -       0       cleanup
    -o virtual_alias_maps=
@@ -81,6 +121,8 @@ qmgr      fifo  n       -       n       300     1       qmgr
  #qmgr     fifo  n       -       -       300     1       oqmgr
  tlsmgr    unix  -       -       -       1000?   1       tlsmgr
  rewrite   unix  -       -       -       -       -       trivial-rewrite
+local     unix  -       n       n       -       -       local
+  -o cleanup_service_name=no-amavis-cleanup
  bounce    unix  -       -       -       -       0       bounce
    -o cleanup_service_name=no-amavis-cleanup
  defer     unix  -       -       -       -       0       bounce
@@ -101,8 +143,6 @@ showq     unix  n       -       -       -       -       showq
  error     unix  -       -       -       -       -       error
  retry     unix  -       -       -       -       -       error
  discard   unix  -       -       -       -       -       discard
-local     unix  -       n       n       -       -       local
-  -o cleanup_service_name=no-amavis-cleanup
  virtual   unix  -       n       n       -       -       virtual
  lmtp      unix  -       -       -       -       -       lmtp
  anvil     unix  -       -       -       -       1       anvil
author	Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
	Fri, 21 Oct 2016 14:50:52 +0000 (16:50 +0200)
committer	Ludovic CHEVALIER <ludovic.chevalier@heureux-cyclage.org>
	Fri, 21 Oct 2016 15:01:54 +0000 (17:01 +0200)
etc/amavis/50-user		patch \| blob \| history
etc/postfix/master.cf		patch \| blob \| history