From 97a28e8679b645710a7439a48a216935b6bc9163 Mon Sep 17 00:00:00 2001 From: Ludovic CHEVALIER Date: Fri, 21 Oct 2016 16:50:52 +0200 Subject: [PATCH] =?utf8?q?Modifications=C2=A0:=20=20=20=20=20=20=20=20=20e?= =?utf8?q?tc/amavis/50-user=20-=20Mise=20en=20place=20DKIM?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- etc/amavis/50-user | 51 ++++++++++++++++++++----- etc/postfix/master.cf | 88 +++++++++++++++++++++++++++++++------------ 2 files changed, 106 insertions(+), 33 deletions(-) diff --git a/etc/amavis/50-user b/etc/amavis/50-user index 85fc782..c60c5eb 100644 --- a/etc/amavis/50-user +++ b/etc/amavis/50-user @@ -4,11 +4,12 @@ use strict; @local_domains_acl = ( ".heureux-cyclage.org" , ".cyclocoop.org" + , ".wiklou.org" ); $max_servers = 2; ## LOGGING AND DEBUGGING -$log_level = 1; +$log_level = 2; # $logfile = undef; $do_syslog = 1; $syslog_ident = 'amavis'; @@ -20,14 +21,48 @@ $syslog_facility = 'mail'; # $log_recip_templ = ... built-in default at the end of file amavisd # $log_templ = $log_short_templ; -## MTA INTERFACE - INPUT +## MTA INTERFACE $protocol = 'LMTP'; @inet_acl = qw( 127.0.0.1 ); -$inet_socket_port = 10024; +@mynetworks = qw(127.0.0.0/8 ::1/128); +$inet_socket_port = [10024, 10026]; -## MTA INTERFACE - OUTPUT -$notify_method = 'smtp:[127.0.0.1]:10025'; -$forward_method = 'smtp:[127.0.0.1]:10025'; +$interface_policy{'10024'} = 'Net2Loc'; +$policy_bank{'Net2Loc'} = { + forward_method => 'smtp:[127.0.0.1]:10025', + notify_method => 'smtp:[127.0.0.1]:10025', + }; +@dkim_signature_options_bysender_maps = ( + { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } + ); + +dkim_key('wiklou.org', 'wiklou', '/var/lib/amavis/dkim/wiklou.org.pem'); +dkim_key('heureux-cyclage.org', 'heureux-cyclage', '/var/lib/amavis/dkim/heureux-cyclage.org.pem'); + +$interface_policy{'10026'} = 'Loc2Net'; +$policy_bank{'Loc2Net'} = { + forward_method => 'smtp:[127.0.0.1]:10027', + notify_method => 'smtp:[127.0.0.1]:10027', + originating => 1, + enable_dkim_signing => 1, + smtpd_greeting_banner => + '${helo-name} ${protocol} ${product} Loc2Net service ready', + archive_quarantine_to_maps => [], + banned_files_lovers_maps => [1], + bounce_killer_score => 0, + bypass_banned_checks_maps => [1], + bypass_decode_parts => 1, + bypass_header_checks_maps => [1], + bypass_spam_checks_maps => [1], + bypass_virus_checks_maps => [1], + mynetworks_maps => [], + os_fingerprint_method => undef, + penpals_bonus_score => undef, + remove_existing_spam_headers => undef, + remove_existing_x_scanned_headers => undef, + signed_header_fields => { 'Sender' => 1 }, + spam_lovers_maps => [1], + }; ## MODIFICATIONS TO PASSED MAIL #$prefer_our_added_header_fields{lc('X-CRM114-CacheID')} = 0; @@ -54,11 +89,9 @@ $bad_header_quarantine_method = undef; $bad_header_quarantine_to = undef; $spam_quarantine_method = undef; $spam_quarantine_to = undef; +$sa_spam_subject_tag = undef; $virus_quarantine_method = undef; $virus_quarantine_to = undef; $final_banned_destiny = D_PASS; # (defaults to D_BOUNCE) $final_spam_destiny = D_PASS; # (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS) - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/etc/postfix/master.cf b/etc/postfix/master.cf index b0ccd97..600ffe4 100644 --- a/etc/postfix/master.cf +++ b/etc/postfix/master.cf @@ -5,15 +5,23 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== + +amavis unix - - n - 2 lmtp + -o lmtp_data_done_timeout=1200 + -o lmtp_send_xforward_command=yes + -o lmtp_tls_note_starttls_offer=no + +# +## Net2Loc: envoi vers amavis +### smtp inet n - - - - smtpd -o cleanup_service_name=pre-amavis-cleanup -o content_filter=amavis:[127.0.0.1]:10024 -o smtpd_sender_restrictions=reject_unauth_pipelining,reject_non_fqdn_sender,permit -o receive_override_options=no_address_mappings -amavis unix - - n - 2 lmtp - -o lmtp_data_done_timeout=1200 - -o lmtp_send_xforward_command=yes - -o lmtp_tls_note_starttls_offer=no +# +## Net2Loc: réception d’amavis +### 127.0.0.1:10025 inet n - n - - smtpd -o cleanup_service_name=post-amavis-cleanup -o content_filter= @@ -37,23 +45,18 @@ amavis unix - - n - 2 lmtp -o smtpd_sender_restrictions= -o smtpd_soft_error_limit=1001 -o strict_rfc821_envelopes=yes -submission inet n - - - - smtpd + + + +# +## Loc2Net: envoi vers amavis +### +pickup fifo n - - 60 1 pickup + -o content_filter=amavis:[127.0.0.1]:10026 -o cleanup_service_name=no-amavis-cleanup - #-o cleanup_service_name=pre-amavis-cleanup - #-o content_filter=amavis:[127.0.0.1]:10024 - -o milter_macro_daemon_name=ORIGINATING - -o receive_override_options=no_address_mappings - -o smtpd_sender_restrictions=permit_tls_clientcerts,reject - -o smtpd_tls_ask_ccert=yes - -o smtpd_tls_auth_only=yes - -o smtpd_tls_ccert_verifydepth=2 - -o smtpd_tls_loglevel=1 - -o smtpd_tls_req_ccert=yes - -o smtpd_tls_security_level=encrypt smtps inet n - - - - smtpd + -o content_filter=amavis:[127.0.0.1]:10026 -o cleanup_service_name=no-amavis-cleanup - #-o cleanup_service_name=pre-amavis-cleanup - #-o content_filter=amavis:[127.0.0.1]:10024 -o milter_macro_daemon_name=ORIGINATING -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_auth_enable=yes @@ -64,11 +67,48 @@ smtps inet n - - - - smtpd -o smtpd_tls_req_ccert=no -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=yes -#628 inet n - - - - qmqpd -pickup fifo n - - 60 1 pickup +submission inet n - - - - smtpd + -o content_filter=amavis:[127.0.0.1]:10026 -o cleanup_service_name=no-amavis-cleanup - #-o cleanup_service_name=pre-amavis-cleanup - #-o content_filter=amavis:[127.0.0.1]:10024 + -o milter_macro_daemon_name=ORIGINATING + -o receive_override_options=no_address_mappings + -o smtpd_sender_restrictions=permit_tls_clientcerts,reject + -o smtpd_tls_ask_ccert=yes + -o smtpd_tls_auth_only=yes + -o smtpd_tls_ccert_verifydepth=2 + -o smtpd_tls_loglevel=1 + -o smtpd_tls_req_ccert=yes + -o smtpd_tls_security_level=encrypt +# +## Loc2Net: réception d’amavis +### +127.0.0.1:10027 inet n - n - - smtpd + -o cleanup_service_name=post-amavis-cleanup + -o content_filter= + -o local_header_rewrite_clients= + -o local_recipient_maps= + -o mynetworks=127.0.0.0/8 + -o receive_override_options=no_header_body_checks,no_milters,no_unknown_recipient_checks + -o relay_recipient_maps= + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_delay_reject=no + -o smtpd_end_of_data_restrictions= + -o smtpd_error_sleep_time=0 + -o smtpd_hard_error_limit=1000 + -o smtpd_helo_restrictions= + -o smtpd_milters= + #-o smtpd_sender_restrictions=permit_mynetworks,reject + -o smtpd_recipient_restrictions=permit + -o smtpd_restriction_classes= + -o smtpd_soft_error_limit=1001 + -o strict_rfc821_envelopes=yes + + + +#628 inet n - - - - qmqpd no-amavis-cleanup unix n - - - 0 cleanup pre-amavis-cleanup unix n - - - 0 cleanup -o virtual_alias_maps= @@ -81,6 +121,8 @@ qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite +local unix - n n - - local + -o cleanup_service_name=no-amavis-cleanup bounce unix - - - - 0 bounce -o cleanup_service_name=no-amavis-cleanup defer unix - - - - 0 bounce @@ -101,8 +143,6 @@ showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard -local unix - n n - - local - -o cleanup_service_name=no-amavis-cleanup virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil -- 2.20.1