blob: cc35fe52094278694d3ed1b2de041c4d4b271358 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# Please be sure to read the /usr/share/doc/postfix/README.MDK file
# to learn about differences from stock postfix to Mandriva package.
# This file contains only the parameters changed from a default install
# see /etc/postfix/main.cf.dist for a commented, fuller version of this file.
# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = <%= lib_dir %>/postfix/
data_directory = /var/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
<% if all_tags.include?('postfix::simple_relay') %>
relayhost = <%= domain %>
<%- end -%>
# User configurable parameters
<% if all_tags.include?('postfix::simple_relay') %>
inet_interfaces = localhost
<% else %>
inet_interfaces = all
<% end %>
inet_protocols = all
mynetworks_style = host
myhostname = <%= fqdn %>
mydomain = <%= domain %>
myorigin = $mydomain
<%- if all_tags.include?('postfix::server::secondary') -%>
relay_domains = <%= domain %>,
ml.<%= domain %>,
group.<%= domain %>
<%- end -%>
mydestination = <%= fqdn %>
<%- if classes.include?('sympa::server') -%>
ml.<%= domain %>
<%- end -%>
<%- if all_tags.include?('postfix::server::primary') -%>
virtual_mailbox_domains = <%= domain %>,
group.<%= domain %>
# postfix complain if not set
# Mar 22 23:51:20 alamut postfix/virtual[22952]: fatal: bad string length 0 < 1: virtual_mailbox_base =
virtual_mailbox_base = /var/lib/mail
# local_recipient_maps is disabled, as we need to route all
# non local email to ryu as long as mageia ml are hosted
# there. Hence the use of fallback_transport , but this is
# taken in account only of local_recipient_maps is empty
local_recipient_maps =
# route ml to ryu ( ml being mageia-*@mageia )
fallback_transport_maps = regexp:/etc/postfix/transport_regexp
# needed by sympa to handle bounce, according to the doc
recipient_delimiter = +
alias_maps = hash:/etc/postfix/aliases
virtual_alias_maps = ldap:/etc/postfix/ldap_aliases.conf
ldap:/etc/postfix/group_aliases.conf
hash:/etc/postfix/virtual_aliases
<%- if classes.include?('sympa::server') -%>
regexp:/etc/postfix/sympa_aliases
<%- end -%>
<%- end -%>
<%- if all_tags.include?('postfix::server') -%>
transport_maps = regexp:/etc/postfix/transport_regexp
content_filter = smtp-filter:[127.0.0.1]:10025
<%- end -%>
<%- if classes.include?('sympa::server') -%>
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
<%- end -%>
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
# disabled for the time being, as the certificate do not exist
# FIXME create the cert in puppet
smtpd_use_tls = no
#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
#smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
#smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
<%- if all_tags.include?('postfix::server') -%>
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_data_restrictions = permit_mynetworks
reject_unauth_pipelining
reject_multi_recipient_bounce
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_non_fqdn_sender
# not done yet, not sure if we need to offer this kind of service
# permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_helo_hostname
reject_unknown_sender_domain
reject_unknown_client
<%- if classes.include?('postgrey') -%>
check_policy_service unix:extern/postgrey/socket
<%- end -%>
<%- end -%>
|
