blob: 40e5d352e9c989f3b2525997f1cf51612f7a0a3e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# Please be sure to read the /usr/share/doc/postfix/README.MDK file
# to learn about differences from stock postfix to Mandriva package.
# This file contains only the parameters changed from a default install
# see /etc/postfix/main.cf.dist for a commented, fuller version of this file.
# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
meta_directory = /etc/postfix
shlib_directory = /usr/lib64
compatibility_level = 2
data_directory = /var/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
<% if all_tags.include?('postfix::simple_relay') || all_tags.include?('postfix::server::secondary') %>
relayhost = sucuk.<%= domain %>
<%- end -%>
# User configurable parameters
<% if all_tags.include?('postfix::simple_relay') %>
inet_interfaces = localhost
<% else %>
inet_interfaces = all
<% end %>
inet_protocols = all
<% if @hostname == 'neru' then %>
# We do not have a reverse on ipv6 :(
smtp_address_preference = ipv4
<%- end -%>
# FIXME Do not hardcode this
mynetworks = 212.85.158.144/28 [2a02:2178:2:7::]/64 127.0.0.1 163.172.148.228 [2001:bc8:4400:2800::4115]
myhostname = <%= fqdn %>
mydomain = <%= domain %>
myorigin = $mydomain
<%- if all_tags.include?('postfix::server::secondary') -%>
relay_domains = <%= domain %>,
ml.<%= domain %>,
group.<%= domain %>
<%- end -%>
mydestination = <%= fqdn %>
ml.<%= domain %>
<%- if all_tags.include?('postfix::server::primary') -%>
virtual_mailbox_domains = <%= domain %>,
group.<%= domain %>
# postfix complain if not set
# Mar 22 23:51:20 alamut postfix/virtual[22952]: fatal: bad string length 0 < 1: virtual_mailbox_base =
virtual_mailbox_base = /var/lib/mail
# local_recipient_maps is disabled, as we need to route all
# non local email to ryu as long as mageia ml are hosted
# there. Hence the use of fallback_transport , but this is
# taken in account only of local_recipient_maps is empty
local_recipient_maps =
# route ml to ryu ( ml being mageia-*@mageia )
fallback_transport_maps = regexp:/etc/postfix/transport_regexp
# needed by sympa to handle bounce, according to the doc
recipient_delimiter = +
alias_maps = hash:/etc/postfix/aliases
virtual_alias_maps = ldap:/etc/postfix/ldap_aliases.conf
ldap:/etc/postfix/group_aliases.conf
hash:/etc/postfix/virtual_aliases
<%- if classes.include?('sympa::server') -%>
regexp:/etc/postfix/sympa_aliases
<%- end -%>
<% else %>
<%- if classes.include?('sympa::server') -%>
virtual_alias_maps = regexp:/etc/postfix/sympa_aliases
<%- end -%>
<%- end -%>
<%- if all_tags.include?('postfix::server') -%>
transport_maps = regexp:/etc/postfix/transport_regexp
content_filter = smtp-filter:[127.0.0.1]:10025
<%- end -%>
<%- if classes.include?('sympa::server') -%>
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
<%- end -%>
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
# disabled for the time being, as the certificate do not exist
# FIXME create the cert in puppet
smtpd_use_tls = no
#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
#smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
#smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
<%- if all_tags.include?('postfix::server') -%>
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_data_restrictions = permit_mynetworks
reject_unauth_pipelining
reject_multi_recipient_bounce
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_non_fqdn_sender
# not done yet, not sure if we need to offer this kind of service
# permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_helo_hostname
reject_unknown_sender_domain
reject_unknown_client
<%- if classes.include?('postgrey') -%>
check_policy_service unix:extern/postgrey/socket
<%- end -%>
check_sender_access hash:/etc/postfix/access
<%- end -%>
|
