From: Frank Brehm Date: Thu, 8 Apr 2021 19:19:03 +0000 (+0200) Subject: committing changes in /etc made by "apt install -y postfix procmail postfix-mysql... X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=7a9dda483f6a572d633a157f2d20aa3e49aafd38;p=config%2Fhelga-hetzner%2Fetc.git committing changes in /etc made by "apt install -y postfix procmail postfix-mysql postfix-pcre postfix-sqlite postfix-cdb mailutils" Package changes: +guile-2.2-libs 2.2.4+1-2+deb10u1 amd64 +libcdb1 0.78+b1 amd64 +libfribidi0 1.0.5-3.1+deb10u1 amd64 +libgc1c2 1:7.6.4-0.4 amd64 +libgsasl7 1.8.0-8+b2 amd64 +libkyotocabinet16v5 1.2.76-4.2+b1 amd64 +libltdl7 2.4.6-9 amd64 +libmailutils5 1:3.5-4 amd64 +libmariadb3 1:10.3.27-0+deb10u1 amd64 +libntlm0 1.5-1+deb10u1 amd64 +libpython2.7 2.7.16-2+deb10u1 amd64 +mailutils 1:3.5-4 amd64 +mailutils-common 1:3.5-4 all +postfix 3.4.14-0+deb10u1 amd64 +postfix-cdb 3.4.14-0+deb10u1 amd64 +postfix-mysql 3.4.14-0+deb10u1 amd64 +postfix-pcre 3.4.14-0+deb10u1 amd64 +postfix-sqlite 3.4.14-0+deb10u1 amd64 +procmail 3.22-26 amd64 +ssl-cert 1.0.39 all --- diff --git a/.etckeeper b/.etckeeper index d109d27..8cba3ff 100755 --- a/.etckeeper +++ b/.etckeeper @@ -25,11 +25,12 @@ mkdir -p './initramfs-tools/scripts/panic' mkdir -p './kernel/install.d' mkdir -p './opt' mkdir -p './perl/CPAN' +mkdir -p './postfix/dynamicmaps.cf.d' +mkdir -p './postfix/sasl' mkdir -p './qemu/fsfreeze-hook.d' mkdir -p './salt/proxy.d' mkdir -p './security/limits.d' mkdir -p './security/namespace.d' -mkdir -p './ssl/private' mkdir -p './systemd/network' mkdir -p './systemd/user' mkdir -p './tmpfiles.d' @@ -49,6 +50,8 @@ maybe chmod 0755 'X11/xkb' maybe chmod 0755 'acpi' maybe chmod 0755 'acpi/events' maybe chmod 0644 'adduser.conf' +maybe chmod 0644 'aliases' +maybe chmod 0644 'aliases.db' maybe chmod 0755 'alternatives' maybe chmod 0644 'alternatives/README' maybe chmod 0755 'apm' @@ -386,6 +389,7 @@ maybe chmod 0755 'init.d/mdadm' maybe chmod 0755 'init.d/mdadm-waitidle' maybe chmod 0755 'init.d/mysql' maybe chmod 0755 'init.d/networking' +maybe chmod 0755 'init.d/postfix' maybe chmod 0755 'init.d/procps' maybe chmod 0755 'init.d/qemu-guest-agent' maybe chmod 0755 'init.d/rsync' @@ -416,6 +420,7 @@ maybe chmod 0644 'inputrc' maybe chmod 0755 'insserv.conf.d' maybe chmod 0644 'insserv.conf.d/bind9' maybe chmod 0644 'insserv.conf.d/mariadb' +maybe chmod 0644 'insserv.conf.d/postfix' maybe chmod 0755 'iproute2' maybe chmod 0644 'iproute2/bpf_pinning' maybe chmod 0644 'iproute2/ematch_map' @@ -498,6 +503,7 @@ maybe chmod 0644 'magic' maybe chmod 0644 'magic.mime' maybe chmod 0644 'mailcap' maybe chmod 0644 'mailcap.order' +maybe chmod 0644 'mailname' maybe chmod 0644 'manpath.config' maybe chmod 0755 'mdadm' maybe chmod 0644 'mdadm/mdadm.conf' @@ -527,6 +533,7 @@ maybe chmod 0644 'nanorc' maybe chmod 0755 'network' maybe chmod 0755 'network/if-down.d' maybe chmod 0755 'network/if-down.d/bind9' +maybe chmod 0755 'network/if-down.d/postfix' maybe chmod 0755 'network/if-post-down.d' maybe chmod 0755 'network/if-post-down.d/chrony' maybe chmod 0755 'network/if-pre-up.d' @@ -535,6 +542,7 @@ maybe chmod 0755 'network/if-up.d' maybe chmod 0755 'network/if-up.d/bind9' maybe chmod 0755 'network/if-up.d/chrony' maybe chmod 0755 'network/if-up.d/ethtool' +maybe chmod 0755 'network/if-up.d/postfix' maybe chmod 0644 'network/interfaces' maybe chmod 0755 'network/interfaces.d' maybe chmod 0644 'network/interfaces.d/50-cloud-init' @@ -570,13 +578,31 @@ maybe chmod 0755 'perl' maybe chmod 0755 'perl/CPAN' maybe chmod 0755 'perl/Net' maybe chmod 0644 'perl/Net/libnet.cfg' +maybe chmod 0755 'postfix' +maybe chmod 0644 'postfix/dynamicmaps.cf' +maybe chmod 0755 'postfix/dynamicmaps.cf.d' +maybe chmod 0644 'postfix/main.cf' +maybe chmod 0644 'postfix/main.cf.proto' +maybe chmod 0644 'postfix/master.cf' +maybe chmod 0644 'postfix/master.cf.proto' +maybe chmod 0755 'postfix/post-install' +maybe chmod 0644 'postfix/postfix-files' +maybe chmod 0755 'postfix/postfix-files.d' +maybe chmod 0644 'postfix/postfix-files.d/cdb.files' +maybe chmod 0644 'postfix/postfix-files.d/mysql.files' +maybe chmod 0644 'postfix/postfix-files.d/pcre.files' +maybe chmod 0644 'postfix/postfix-files.d/sqlite.files' +maybe chmod 0755 'postfix/postfix-script' +maybe chmod 0755 'postfix/sasl' maybe chmod 0755 'ppp' maybe chmod 0755 'ppp/ip-down.d' maybe chmod 0755 'ppp/ip-down.d/bind9' maybe chmod 0755 'ppp/ip-down.d/chrony' +maybe chmod 0755 'ppp/ip-down.d/postfix' maybe chmod 0755 'ppp/ip-up.d' maybe chmod 0755 'ppp/ip-up.d/bind9' maybe chmod 0755 'ppp/ip-up.d/chrony' +maybe chmod 0755 'ppp/ip-up.d/postfix' maybe chmod 0644 'profile' maybe chmod 0755 'profile.d' maybe chmod 0644 'profile.d/Z99-cloud-locale-test.sh' @@ -606,6 +632,9 @@ maybe chmod 0755 'rc6.d' maybe chmod 0755 'rcS.d' maybe chmod 0644 'reportbug.conf' maybe chmod 0644 'resolv.conf' +maybe chmod 0755 'resolvconf' +maybe chmod 0755 'resolvconf/update-libc.d' +maybe chmod 0755 'resolvconf/update-libc.d/postfix' maybe chmod 0644 'rpc' maybe chmod 0644 'rsyslog.conf' maybe chmod 0755 'rsyslog.d' @@ -613,6 +642,7 @@ maybe chmod 0644 'rsyslog.d/21-cloudinit.conf' maybe chmod 0644 'rsyslog.d/60-default.conf' maybe chmod 0644 'rsyslog.d/60-mail.conf' maybe chmod 0644 'rsyslog.d/70-fb.conf' +maybe chmod 0644 'rsyslog.d/postfix.conf' maybe chmod 0755 'salt' maybe chmod 0644 'salt/minion' maybe chmod 0755 'salt/minion.d' @@ -667,8 +697,12 @@ maybe chmod 0644 'ssh/sshd_config' maybe chmod 0755 'ssl' maybe chmod 0755 'ssl/certs' maybe chmod 0644 'ssl/certs/ca-certificates.crt' +maybe chmod 0644 'ssl/certs/ssl-cert-snakeoil.pem' maybe chmod 0644 'ssl/openssl.cnf' -maybe chmod 0700 'ssl/private' +maybe chgrp 'ssl-cert' 'ssl/private' +maybe chmod 0710 'ssl/private' +maybe chgrp 'ssl-cert' 'ssl/private/ssl-cert-snakeoil.key' +maybe chmod 0640 'ssl/private/ssl-cert-snakeoil.key' maybe chmod 0644 'subgid' maybe chmod 0644 'subgid-' maybe chmod 0644 'subuid' @@ -714,6 +748,7 @@ maybe chmod 0755 'ufw' maybe chmod 0755 'ufw/applications.d' maybe chmod 0644 'ufw/applications.d/bind9' maybe chmod 0644 'ufw/applications.d/openssh-server' +maybe chmod 0644 'ufw/applications.d/postfix' maybe chmod 0755 'update-motd.d' maybe chmod 0755 'update-motd.d/10-uname' maybe chmod 0644 'updatedb.conf' diff --git a/aliases b/aliases new file mode 100644 index 0000000..93a3249 --- /dev/null +++ b/aliases @@ -0,0 +1,2 @@ +# See man 5 aliases for format +postmaster: root diff --git a/aliases.db b/aliases.db new file mode 100644 index 0000000..063bb0c Binary files /dev/null and b/aliases.db differ diff --git a/alternatives/dotlock b/alternatives/dotlock new file mode 120000 index 0000000..423e888 --- /dev/null +++ b/alternatives/dotlock @@ -0,0 +1 @@ +/usr/bin/dotlock.mailutils \ No newline at end of file diff --git a/alternatives/dotlock.1.gz b/alternatives/dotlock.1.gz new file mode 120000 index 0000000..48fb595 --- /dev/null +++ b/alternatives/dotlock.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/dotlock.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/frm b/alternatives/frm new file mode 120000 index 0000000..def5353 --- /dev/null +++ b/alternatives/frm @@ -0,0 +1 @@ +/usr/bin/frm.mailutils \ No newline at end of file diff --git a/alternatives/frm.1.gz b/alternatives/frm.1.gz new file mode 120000 index 0000000..ec4c491 --- /dev/null +++ b/alternatives/frm.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/frm.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/from b/alternatives/from index 3ee6643..f4e6cdc 120000 --- a/alternatives/from +++ b/alternatives/from @@ -1 +1 @@ -/usr/bin/bsd-from \ No newline at end of file +/usr/bin/from.mailutils \ No newline at end of file diff --git a/alternatives/from.1.gz b/alternatives/from.1.gz index 9c0d8d3..d20001a 120000 --- a/alternatives/from.1.gz +++ b/alternatives/from.1.gz @@ -1 +1 @@ -/usr/share/man/man1/bsd-from.1.gz \ No newline at end of file +/usr/share/man/man1/from.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/mail b/alternatives/mail new file mode 120000 index 0000000..e4c7643 --- /dev/null +++ b/alternatives/mail @@ -0,0 +1 @@ +/usr/bin/mail.mailutils \ No newline at end of file diff --git a/alternatives/mail.1.gz b/alternatives/mail.1.gz new file mode 120000 index 0000000..b8055c8 --- /dev/null +++ b/alternatives/mail.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/mail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/mailx b/alternatives/mailx new file mode 120000 index 0000000..e4c7643 --- /dev/null +++ b/alternatives/mailx @@ -0,0 +1 @@ +/usr/bin/mail.mailutils \ No newline at end of file diff --git a/alternatives/mailx.1.gz b/alternatives/mailx.1.gz new file mode 120000 index 0000000..b8055c8 --- /dev/null +++ b/alternatives/mailx.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/mail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/messages b/alternatives/messages new file mode 120000 index 0000000..e66edd3 --- /dev/null +++ b/alternatives/messages @@ -0,0 +1 @@ +/usr/bin/messages.mailutils \ No newline at end of file diff --git a/alternatives/messages.1.gz b/alternatives/messages.1.gz new file mode 120000 index 0000000..8884760 --- /dev/null +++ b/alternatives/messages.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/messages.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/movemail b/alternatives/movemail new file mode 120000 index 0000000..8d4efb3 --- /dev/null +++ b/alternatives/movemail @@ -0,0 +1 @@ +/usr/bin/movemail.mailutils \ No newline at end of file diff --git a/alternatives/movemail.1.gz b/alternatives/movemail.1.gz new file mode 120000 index 0000000..32b3520 --- /dev/null +++ b/alternatives/movemail.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/movemail.mailutils.1.gz \ No newline at end of file diff --git a/alternatives/readmsg b/alternatives/readmsg new file mode 120000 index 0000000..99bcf73 --- /dev/null +++ b/alternatives/readmsg @@ -0,0 +1 @@ +/usr/bin/readmsg.mailutils \ No newline at end of file diff --git a/alternatives/readmsg.1.gz b/alternatives/readmsg.1.gz new file mode 120000 index 0000000..322d3a6 --- /dev/null +++ b/alternatives/readmsg.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/readmsg.mailutils.1.gz \ No newline at end of file diff --git a/group b/group index 92720ca..b65a40c 100644 --- a/group +++ b/group @@ -53,3 +53,6 @@ bind:x:112: mlocate:x:113:frank _chrony:x:114: mysql:x:115: +ssl-cert:x:116: +postfix:x:117: +postdrop:x:118: diff --git a/group- b/group- index 6b7ad5a..f11c28c 100644 --- a/group- +++ b/group- @@ -52,3 +52,6 @@ systemd-coredump:x:999: bind:x:112: mlocate:x:113:frank _chrony:x:114: +mysql:x:115: +ssl-cert:x:116: +postfix:x:117: diff --git a/gshadow b/gshadow index 14b46ac..12761ad 100644 --- a/gshadow +++ b/gshadow @@ -53,3 +53,6 @@ bind:!:: mlocate:!::frank _chrony:!:: mysql:!:: +ssl-cert:!:: +postfix:!:: +postdrop:!:: diff --git a/gshadow- b/gshadow- index 208dd1c..26df94b 100644 --- a/gshadow- +++ b/gshadow- @@ -52,3 +52,6 @@ systemd-coredump:!!:: bind:!:: mlocate:!::frank _chrony:!:: +mysql:!:: +ssl-cert:!:: +postfix:!:: diff --git a/init.d/postfix b/init.d/postfix new file mode 100755 index 0000000..d8da282 --- /dev/null +++ b/init.d/postfix @@ -0,0 +1,136 @@ +#!/bin/sh -e + +# Start or stop Postfix +# +# LaMont Jones +# based on sendmail's init.d script + +### BEGIN INIT INFO +# Provides: postfix mail-transport-agent +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: postgresql mysql clamav-daemon postgrey spamassassin saslauthd dovecot +# Should-Stop: postgresql mysql clamav-daemon postgrey spamassassin saslauthd dovecot +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Postfix Mail Transport Agent +# Description: postfix is a Mail Transport agent +### END INIT INFO + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/postfix +NAME=Postfix +TZ= +unset TZ + +test -x $DAEMON && test -f /etc/postfix/main.cf || exit 0 + +. /lib/lsb/init-functions +#DISTRO=$(lsb_release -is 2>/dev/null || echo Debian) + +enabled_instances() { + postmulti -l -a | awk '($3=="y") { print $1}' +} + +running() { + INSTANCE="$1" + if [ "X$INSTANCE" = X ]; then + POSTMULTI="" + else + POSTMULTI="postmulti -i $INSTANCE -x " + fi + POSTCONF="${POSTMULTI} postconf" + + daemon_directory=$($POSTCONF -hx daemon_directory 2>/dev/null || echo /usr/lib/postfix/sbin) + if ! ${POSTMULTI} $daemon_directory/master -t 2>/dev/null ; then + echo y + fi +} + +case "$1" in + start) + log_daemon_msg "Starting Postfix Mail Transport Agent" postfix + RET=0 + # for all instances that are not already running, handle chroot setup if needed, and start + for INSTANCE in $(enabled_instances); do + RUNNING=$(running $INSTANCE) + if [ "X$RUNNING" = X ]; then + /usr/lib/postfix/configure-instance.sh $INSTANCE + CMD="/usr/sbin/postmulti -- -i $INSTANCE -x ${DAEMON}" + if ! start-stop-daemon --start --exec $CMD quiet-quick-start; then + RET=1 + fi + fi + done + log_end_msg $RET + ;; + + stop) + log_daemon_msg "Stopping Postfix Mail Transport Agent" postfix + RET=0 + # for all instances that are not already running, handle chroot setup if needed, and start + for INSTANCE in $(enabled_instances); do + RUNNING=$(running $INSTANCE) + if [ "X$RUNNING" != X ]; then + CMD="/usr/sbin/postmulti -i $INSTANCE -x ${DAEMON}" + if ! ${CMD} quiet-stop; then + RET=1 + fi + fi + done + log_end_msg $RET + ;; + + restart) + $0 stop + $0 start + ;; + + force-reload|reload) + log_action_begin_msg "Reloading Postfix configuration" + if ${DAEMON} quiet-reload; then + log_action_end_msg 0 + else + log_action_end_msg 1 + fi + ;; + + status) + ALL=1 + ANY=0 + # for all instances that are not already running, handle chroot setup if needed, and start + for INSTANCE in $(enabled_instances); do + RUNNING=$(running $INSTANCE) + if [ "X$RUNNING" != X ]; then + ANY=1 + else + ALL=0 + fi + done + # handle the case when postmulti returns *no* configured instances + if [ $ANY = 0 ]; then + ALL=0 + fi + if [ $ALL = 1 ]; then + log_success_msg "postfix is running" + exit 0 + elif [ $ANY = 1 ]; then + log_success_msg "some postfix instances are running" + exit 0 + else + log_success_msg "postfix is not running" + exit 3 + fi + ;; + + flush|check|abort) + ${DAEMON} $1 + ;; + + *) + log_action_msg "Usage: /etc/init.d/postfix {start|stop|restart|reload|flush|check|abort|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/insserv.conf.d/postfix b/insserv.conf.d/postfix new file mode 100644 index 0000000..ddd0034 --- /dev/null +++ b/insserv.conf.d/postfix @@ -0,0 +1 @@ +$mail-transport-agent postfix diff --git a/mailname b/mailname new file mode 100644 index 0000000..a9868dd --- /dev/null +++ b/mailname @@ -0,0 +1 @@ +helga.uhu-banane.de diff --git a/network/if-down.d/postfix b/network/if-down.d/postfix new file mode 100755 index 0000000..4101554 --- /dev/null +++ b/network/if-down.d/postfix @@ -0,0 +1,34 @@ +#!/bin/sh -e + +# Called when an interface disconnects +# Written by LaMont Jones + +# start or reload Postfix as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/lib/postfix ]; then + exit 0 +fi + +RUNNING="" +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -f /var/spool/postfix/pid/master.pid ]; then + pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid) + exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///') + if [ "X$exe" = "Xmaster" ]; then + RUNNING="y" + fi +fi + +if [ ! -x /sbin/resolvconf ]; then + f=/etc/resolv.conf + if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then + exit 0 + fi + if [ -n "$RUNNING" ]; then + service postfix reload >/dev/null 2>&1 + fi +fi + +exit 0 diff --git a/network/if-up.d/postfix b/network/if-up.d/postfix new file mode 100755 index 0000000..f1203ff --- /dev/null +++ b/network/if-up.d/postfix @@ -0,0 +1,43 @@ +#!/bin/sh -e +# Called when a new interface comes up +# Written by LaMont Jones + +# don't bother to restart postfix when lo is configured. +if [ "$IFACE" = "lo" ]; then + exit 0 +fi + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/lib/postfix ]; then + exit 0 +fi + +RUNNING="" +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -f /var/spool/postfix/pid/master.pid ]; then + pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid) + exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///') + if [ "X$exe" = "Xmaster" ]; then + RUNNING="y" + fi +fi + +# start or reload Postfix as needed +if [ ! -x /sbin/resolvconf ]; then + f=/etc/resolv.conf + if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then + exit 0 + fi + if [ -n "$RUNNING" ]; then + service postfix reload >/dev/null 2>&1 + fi +fi + +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -n "$RUNNING" ]; then + if [ -x /usr/sbin/sendmail ]; then + /usr/sbin/sendmail -q >/dev/null 2>&1 + fi +fi diff --git a/passwd b/passwd index e523770..c5a9945 100644 --- a/passwd +++ b/passwd @@ -27,3 +27,4 @@ bind:x:106:112::/var/cache/bind:/usr/sbin/nologin _chrony:x:107:114:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash mysql:x:108:115:MySQL Server,,,:/nonexistent:/bin/false +postfix:x:109:117::/var/spool/postfix:/usr/sbin/nologin diff --git a/passwd- b/passwd- index 036cb92..c5a9945 100644 --- a/passwd- +++ b/passwd- @@ -26,4 +26,5 @@ systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin bind:x:106:112::/var/cache/bind:/usr/sbin/nologin _chrony:x:107:114:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash -mysql:x:108:115::/nonexistent:/bin/false +mysql:x:108:115:MySQL Server,,,:/nonexistent:/bin/false +postfix:x:109:117::/var/spool/postfix:/usr/sbin/nologin diff --git a/postfix/dynamicmaps.cf b/postfix/dynamicmaps.cf new file mode 100644 index 0000000..dade696 --- /dev/null +++ b/postfix/dynamicmaps.cf @@ -0,0 +1,5 @@ +# dict-type so-name (pathname) dict-function mkmap-function +cdb postfix-cdb.so dict_cdb_open mkmap_cdb_open +mysql postfix-mysql.so dict_mysql_open +pcre postfix-pcre.so dict_pcre_open +sqlite postfix-sqlite.so dict_sqlite_open diff --git a/postfix/main.cf b/postfix/main.cf new file mode 100644 index 0000000..8623373 --- /dev/null +++ b/postfix/main.cf @@ -0,0 +1,48 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + + + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myhostname = helga.uhu-banane.de +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +myorigin = /etc/mailname +mydestination = $myhostname, helga.uhu-banane.de, localhost.uhu-banane.de, , localhost +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_command = procmail -a "$EXTENSION" +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +inet_protocols = all diff --git a/postfix/main.cf.proto b/postfix/main.cf.proto new file mode 100644 index 0000000..8cc6f01 --- /dev/null +++ b/postfix/main.cf.proto @@ -0,0 +1,684 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +compatibility_level = 2 + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +#queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/lib/postfix/sbin + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +#mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +# Debian GNU/Linux specific: Specifying a file name will cause the +# first line of that file to be used as the name. The Debian default +# is /etc/mailname. +# +#myorigin = /etc/mailname +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table +mynetworks = 127.0.0.0/8 + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /usr/bin/procmail +#mailbox_command = /usr/bin/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) + + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +#debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen session, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = + +# readme_directory: The location of the Postfix README files. +# +readme_directory = +inet_protocols = ipv4 diff --git a/postfix/makedefs.out b/postfix/makedefs.out new file mode 120000 index 0000000..c8ae63e --- /dev/null +++ b/postfix/makedefs.out @@ -0,0 +1 @@ +/usr/share/postfix/makedefs.out \ No newline at end of file diff --git a/postfix/master.cf b/postfix/master.cf new file mode 100644 index 0000000..ea53632 --- /dev/null +++ b/postfix/master.cf @@ -0,0 +1,127 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/postfix/master.cf.proto b/postfix/master.cf.proto new file mode 100644 index 0000000..ea53632 --- /dev/null +++ b/postfix/master.cf.proto @@ -0,0 +1,127 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/postfix/post-install b/postfix/post-install new file mode 100755 index 0000000..975266b --- /dev/null +++ b/postfix/post-install @@ -0,0 +1,925 @@ +#!/bin/sh + +# To view the formatted manual page of this file, type: +# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man + +#++ +# NAME +# post-install +# SUMMARY +# Postfix post-installation script +# SYNOPSIS +# postfix post-install [name=value] command ... +# DESCRIPTION +# The post-install script performs the finishing touch of a Postfix +# installation, after the executable programs and configuration +# files are installed. Usage is one of the following: +# .IP o +# While installing Postfix from source code on the local machine, the +# script is run by the postfix-install script to update selected file +# or directory permissions and to update Postfix configuration files. +# .IP o +# While installing Postfix from a pre-built package, the script is run +# by the package management procedure to set all file or directory +# permissions and to update Postfix configuration files. +# .IP o +# The script can be used to change installation parameter settings such +# as mail_owner or setgid_group after Postfix is already installed. +# .IP o +# The script can be used to upgrade configuration files and to upgrade +# file/directory permissions of a secondary Postfix instance. +# .IP o +# At Postfix start-up time, the script is run from "postfix check" to +# create missing queue directories. +# .PP +# The post-install script is controlled by installation parameters. +# Specific parameters are described at the end of this document. +# All installation parameters must be specified ahead of time via +# one of the methods described below. +# +# Arguments +# .IP create-missing +# Create missing queue directories with ownerships and permissions +# according to the contents of $meta_directory/postfix-files +# and optionally in $meta_directory/postfix-files.d/*, using +# the mail_owner and setgid_group parameter settings from the +# command line, process environment or from the installed +# main.cf file. +# +# This is required at Postfix start-up time. +# .IP set-permissions +# Set all file/directory ownerships and permissions according to the +# contents of $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when installing Postfix from a pre-built package, +# or when changing the mail_owner or setgid_group installation parameter +# settings after Postfix is already installed. +# .IP upgrade-permissions +# Update ownership and permission of existing files/directories as +# specified in $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-configuration +# Edit the installed main.cf and master.cf files, in order to account +# for missing services and to fix deprecated parameter settings. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-source +# Short-hand for: upgrade-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from source code. +# .IP upgrade-package +# Short-hand for: set-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from a pre-built package. +# .IP first-install-reminder +# Remind the user that they still need to configure main.cf and the +# aliases file, and that newaliases still needs to be run. +# +# This is recommended when Postfix is installed for the first time. +# MULTIPLE POSTFIX INSTANCES +# .ad +# .fi +# Multiple Postfix instances on the same machine can share command and +# daemon program files but must have separate configuration and queue +# directories. +# +# To create a secondary Postfix installation on the same machine, +# copy the configuration files from the primary Postfix instance to +# a secondary configuration directory and execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# queue_directory=secondary-queue-directory \e +# .br +# create-missing +# .PP +# This creates secondary Postfix queue directories, sets their access +# permissions, and saves the specified installation parameters to the +# secondary main.cf file. +# +# Be sure to list the secondary configuration directory in the +# alternate_config_directories parameter in the primary main.cf file. +# +# To upgrade a secondary Postfix installation on the same machine, +# execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# upgrade-permissions upgrade-configuration +# INSTALLATION PARAMETER INPUT METHODS +# .ad +# .fi +# Parameter settings can be specified through a variety of +# mechanisms. In order of decreasing precedence these are: +# .IP "command line" +# Parameter settings can be given as name=value arguments on +# the post-install command line. These have the highest precedence. +# Settings that override the installed main.cf file are saved. +# .IP "process environment" +# Parameter settings can be given as name=value environment +# variables. +# Settings that override the installed main.cf file are saved. +# .IP "installed configuration files" +# If a parameter is not specified via the command line or via the +# process environment, post-install will attempt to extract its +# value from the already installed Postfix main.cf configuration file. +# These settings have the lowest precedence. +# INSTALLATION PARAMETER DESCRIPTION +# .ad +# .fi +# The description of installation parameters is as follows: +# .IP config_directory +# The directory for Postfix configuration files. +# .IP daemon_directory +# The directory for Postfix daemon programs. This directory +# should not be in the command search path of any users. +# .IP command_directory +# The directory for Postfix administrative commands. This +# directory should be in the command search path of adminstrative users. +# .IP queue_directory +# The directory for Postfix queues. +# .IP data_directory +# The directory for Postfix writable data files (caches, etc.). +# .IP sendmail_path +# The full pathname for the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# .IP newaliases_path +# The full pathname for the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases +# for the Postfix local delivery agent. +# .IP mailq_path +# The full pathname for the Postfix mailq command. +# This is the Sendmail-compatible command to list the mail queue. +# .IP mail_owner +# The owner of the Postfix queue. Its numerical user ID and group ID +# must not be used by any other accounts on the system. +# .IP setgid_group +# The group for mail submission and for queue management commands. +# Its numerical group ID must not be used by any other accounts on the +# system, not even by the mail_owner account. +# .IP html_directory +# The directory for the Postfix HTML files. +# .IP manpage_directory +# The directory for the Postfix on-line manual pages. +# .IP sample_directory +# The directory for the Postfix sample configuration files. +# This feature is obsolete as of Postfix 2.1. +# .IP readme_directory +# The directory for the Postfix README files. +# .IP shlib_directory +# The directory for the Postfix shared-library files, and for +# the Postfix dabatase plugin files with a relative pathname +# in the file dynamicmaps.cf. +# .IP meta_directory +# The directory for non-executable files that are shared +# among multiple Postfix instances, such as postfix-files, +# dynamicmaps.cf, as well as the multi-instance template files +# main.cf.proto and master.cf.proto. +# SEE ALSO +# postfix-install(1) Postfix primary installation script. +# FILES +# $config_directory/main.cf, Postfix installation parameters. +# $meta_directory/postfix-files, installation control file. +# $meta_directory/postfix-files.d/*, optional control files. +# $config_directory/install.cf, obsolete configuration file. +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +#-- + +umask 022 + +PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd +SHELL=/bin/sh +IFS=" +" +BACKUP_IFS="$IFS" +debug=: +#debug=echo +MOST_PARAMETERS="command_directory daemon_directory data_directory + html_directory mail_owner mailq_path manpage_directory + newaliases_path queue_directory readme_directory sample_directory + sendmail_path setgid_group shlib_directory meta_directory" +NON_SHARED="config_directory queue_directory data_directory" + +USAGE="Usage: $0 [name=value] command + create-missing Create missing queue directories. + upgrade-source When installing or upgrading from source code. + upgrade-package When installing or upgrading from pre-built package. + first-install-reminder Remind of mandatory first-time configuration steps. + name=value Specify an installation parameter". + +# Process command-line options and parameter settings. Work around +# brain damaged shells. "IFS=value command" should not make the +# IFS=value setting permanent. But some broken standard allows it. + +create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder= +obsolete=; keep_list=; + +for arg +do + case $arg in + *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'" + exit 1;; + *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; + create-missing) create=1;; + set-perm*) create=1; set_perms=1;; + upgrade-perm*) create=1; upgrade_perms=1;; + upgrade-conf*) upgrade_conf=1;; + upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;; + upgrade-package) create=1; upgrade_conf=1; set_perms=1;; + first-install*) first_install_reminder=1;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; + esac + shift +done + +# Sanity checks. + +test -n "$create$upgrade_conf$first_install_reminder" || { + echo "$0: Error: $USAGE" 1>&2 + exit 1 +} + +# Bootstrapping problem. + +if [ -n "$command_directory" ] +then + POSTCONF="$command_directory/postconf" +else + POSTCONF="postconf" +fi + +$POSTCONF -d mail_version >/dev/null 2>/dev/null || { + echo $0: Error: no $POSTCONF command found. 1>&2 + echo Re-run this command as $0 command_directory=/some/where. 1>&2 + exit 1 +} + +# Also used to require license etc. files only in the default instance. + +def_config_directory=`$POSTCONF -d -h config_directory` || exit 1 +test -n "$config_directory" || + config_directory="$def_config_directory" + +test -d "$config_directory" || { + echo $0: Error: $config_directory is not a directory. 1>&2 + exit 1 +} + +# If this is a secondary instance, don't touch shared files. +# XXX Solaris does not have "test -e". + +instances=`test ! -f $def_config_directory/main.cf || + $POSTCONF -c $def_config_directory -h multi_instance_directories | + sed 's/,/ /'` || exit 1 + +update_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") update_shared_files=; break;; + esac +done + +test -f $meta_directory/postfix-files || { + echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2 + exit 1 +} + +# SunOS5 fmt(1) truncates lines > 1000 characters. + +fake_fmt() { + sed ' + :top + /^\( *\)\([^ ][^ ]*\) */{ + s//\1\2\ +\1/ + P + D + b top + } + ' | fmt +} + +case `uname -s` in +HP-UX*) FMT=cat;; +SunOS*) FMT=fake_fmt;; + *) FMT=fmt;; +esac + +# If a parameter is not set via the command line or environment, +# try to use settings from installed configuration files. + +# Extract parameter settings from the obsolete install.cf file, as +# a transitional aid. + +grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || { + test -f $config_directory/install.cf && { + for name in sendmail_path newaliases_path mailq_path setgid manpages + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \ + || exit 1 + done + : ${setgid_group=$setgid} + : ${manpage_directory=$manpages} + } +} + +# Extract parameter settings from the installed main.cf file. + +test -f $config_directory/main.cf && { + for name in $MOST_PARAMETERS + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1 + done +} + +# Sanity checks + +case $manpage_directory in + no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;; +esac + +case $setgid_group in + no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;; +esac + +for path in "$daemon_directory" "$command_directory" "$queue_directory" \ + "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \ + "$meta_directory" +do + case "$path" in + /*) ;; + *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;; + esac +done + +for path in "$html_directory" "$readme_directory" "$shlib_directory" +do + case "$path" in + /*) ;; + no) ;; + *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;; + esac +done + +# Find out what parameters were not specified via command line, +# via environment, or via installed configuration files. + +missing= +for name in $MOST_PARAMETERS +do + eval test -n \"\$$name\" || missing="$missing $name" +done + +# All parameters must be specified at this point. + +test -n "$non_interactive" -a -n "$missing" && { + cat <&2 +$0: Error: some required installation parameters are not defined. + +- Either the parameters need to be given in the $config_directory/main.cf +file from a recent Postfix installation, + +- Or the parameters need to be specified through the process +environment. + +- Or the parameters need to be specified as name=value arguments +on the $0 command line, + +The following parameters were missing: + + $missing + +EOF + exit 1 +} + +POSTCONF="$command_directory/postconf" + +# Save settings, allowing command line/environment override. + +# Undo MAIL_VERSION expansion at the end of a parameter value. If +# someone really wants the expanded mail version in main.cf, then +# we're sorry. + +# Confine side effects from mail_version unexpansion within a subshell. + +(case "$mail_version" in +"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1 +esac + +for name in $MOST_PARAMETERS +do + eval junk=\$$name + case "$junk" in + *"$mail_version"*) + case "$pattern" in + "") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1 + esac + val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1 + eval ${name}='"$val"' + esac +done + +# XXX Maybe update main.cf only with first install, upgrade, set +# permissions, and what else? Should there be a warning otherwise? + +override= +for name in $MOST_PARAMETERS +do + eval junk=\"\$$name\" + test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || { + override=1 + break + } +done + +test -n "$override" && { + $POSTCONF -c $config_directory -e \ + "daemon_directory = $daemon_directory" \ + "command_directory = $command_directory" \ + "queue_directory = $queue_directory" \ + "data_directory = $data_directory" \ + "mail_owner = $mail_owner" \ + "setgid_group = $setgid_group" \ + "sendmail_path = $sendmail_path" \ + "mailq_path = $mailq_path" \ + "newaliases_path = $newaliases_path" \ + "html_directory = $html_directory" \ + "manpage_directory = $manpage_directory" \ + "sample_directory = $sample_directory" \ + "readme_directory = $readme_directory" \ + "shlib_directory = $shlib_directory" \ + "meta_directory = $meta_directory" \ + || exit 1 +} || exit 0) || exit 1 + +# Use file/directory status information in $meta_directory/postfix-files. + +test -n "$create" && { + postfix_files_d=$meta_directory/postfix-files.d + for postfix_file in $meta_directory/postfix-files \ + `test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }` + do + exec <$postfix_file || exit 1 + while IFS=: read path type owner group mode flags junk + do + IFS="$BACKUP_IFS" + set_permission= + # Skip comments. Skip shared files, if updating a secondary instance. + case $path in + [$]*) case "$update_shared_files" in + 1) $debug keep non-shared or shared $path;; + *) non_shared= + for name in $NON_SHARED + do + case $path in + "\$$name"*) non_shared=1; break;; + esac + done + case "$non_shared" in + 1) $debug keep non-shared $path;; + *) $debug skip shared $path; continue;; + esac;; + esac;; + *) continue;; + esac + # Skip hard links and symbolic links. + case $type in + [hl]) continue;; + [df]) ;; + *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;; + esac + # Expand $name, and canonicalize null fields. + for name in path owner group flags + do + eval junk=\${$name} + case $junk in + [$]*) eval $name=$junk;; + -) eval $name=;; + *) ;; + esac + done + # Skip uninstalled files. + case $path in + no|no/*) continue;; + esac + # Pick up the flags. + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac + case $flags in *c*) create_flag=1;; *) create_flag=;; esac + case $flags in *r*) recursive="-R";; *) recursive=;; esac + case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac + case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \ + "$def_config_directory" && continue;; esac + # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e". + if [ -n "$obsolete_flag" ] + then + test -r $path -a "$type" != "d" && obsolete="$obsolete $path" + continue; + else + keep_list="$keep_list $path" + fi + # Create missing directories with proper owner/group/mode settings. + if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ] + then + mkdir $path || exit 1 + set_permission=1 + # Update all owner/group/mode settings. + elif [ -n "$set_perms" ] + then + set_permission=1 + # Update obsolete owner/group/mode settings. + elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ] + then + set_permission=1 + fi + test -n "$set_permission" && { + chown $recursive $owner $path || exit 1 + test -z "$group" || chgrp $recursive $group $path || exit 1 + # Don't "chmod -R"; queue file status is encoded in mode bits. + if [ "$type" = "d" -a -n "$recursive" ] + then + find $path -type d -exec chmod $mode "{}" ";" + else + chmod $mode $path + fi || exit 1 + } + done + IFS="$BACKUP_IFS" + done +} + +# Upgrade existing Postfix configuration files if necessary. + +test -n "$upgrade_conf" && { + + # Postfix 2.0. + # Add missing relay service to master.cf. + + grep '^relay' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for relay service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for flush service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for trace service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for verify service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting verify process limit to 1 + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the pickup service unprivileged + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the $name service public + ed $config_directory/master.cf </dev/null) || missing="$missing defer" + (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" + test -n "$missing" && { + echo fixing main.cf hash_queue_names for missing $missing + $POSTCONF -c $config_directory -e hash_queue_names="$found$missing" || + exit 1 + } + + # Turn on safety nets for new features that could bounce mail that + # would be accepted by a previous Postfix version. + + # [The "unknown_local_recipient_reject_code = 450" safety net, + # introduced with Postfix 2.0 and deleted after Postfix 2.3.] + + # Postfix 2.0. + # Add missing proxymap service to master.cf. + + grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxymap service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for anvil service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for scache service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for discard service + cat >>$config_directory/master.cf <unix service. + + grep "^tlsmgr[ ]*fifo[ ]" \ + $config_directory/master.cf >/dev/null && { + echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for retry service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxywrite service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting proxywrite process limit to 1 + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service + cat >>$config_directory/master.cf <&2 + echo Do not run directly. 1>&2 + exit 1 +esac + +LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" +INFO="$LOGGER -p info" +WARN="$LOGGER -p warn" +ERROR="$LOGGER -p error" +FATAL="$LOGGER -p fatal" +PANIC="$LOGGER -p panic" + +if [ "X${1#quiet-}" != "X${1}" ]; then + INFO=: + x=${1#quiet-} + shift + set -- $x "$@" +fi + +umask 022 +SHELL=/bin/sh + +# +# Can't do much without these in place. +# +cd $command_directory || { + $FATAL no Postfix command directory $command_directory! + exit 1 +} +cd $daemon_directory || { + $FATAL no Postfix daemon directory $daemon_directory! + exit 1 +} +test -f master || { + $FATAL no Postfix master program $daemon_directory/master! + exit 1 +} +cd $config_directory || { + $FATAL no Postfix configuration directory $config_directory! + exit 1 +} +case $shlib_directory in +no) ;; + *) cd $shlib_directory || { + $FATAL no Postfix shared-library directory $shlib_directory! + exit 1 + } +esac +cd $meta_directory || { + $FATAL no Postfix meta directory $meta_directory! + exit 1 +} +cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 +} +def_config_directory=`$command_directory/postconf -dh config_directory` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +# If this is a secondary instance, don't touch shared files. + +instances=`test ! -f $def_config_directory/main.cf || + $command_directory/postconf -c $def_config_directory \ + -h multi_instance_directories | sed 's/,/ /'` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +check_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") check_shared_files=; break;; + esac +done + +# +# Parse JCL +# +case $1 in + +start_msg) + + echo "Start postfix" + ;; + +stop_msg) + + echo "Stop postfix" + ;; + +quick-start) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + $daemon_directory/postfix-script quick-check || { + $FATAL Postfix integrity check failed! + exit 1 + } + $INFO starting the Postfix mail system + $daemon_directory/master & + ;; + +start|start-fg) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + if [ -f $queue_directory/quick-start ] + then + rm -f $queue_directory/quick-start + else + $daemon_directory/postfix-script check-fatal || { + $FATAL Postfix integrity check failed! + exit 1 + } + # Foreground this so it can be stopped. All inodes are cached. + $daemon_directory/postfix-script check-warn + fi + $INFO starting the Postfix mail system || exit 1 + case $1 in + start) + # NOTE: wait in foreground process to get the initialization status. + $daemon_directory/master -w || { + $FATAL "mail system startup failed" + exit 1 + } + ;; + start-fg) + # Foreground start-up is incompatible with multi-instance mode. + # Use "exec $daemon_directory/master" only if PID == 1. + # Otherwise, doing so would break process group management, + # and "postfix stop" would kill too many processes. + case $instances in + "") case $$ in + 1) exec $daemon_directory/master -i + $FATAL "cannot start-fg the master daemon" + exit 1;; + *) $daemon_directory/master -s;; + esac + ;; + *) $FATAL "start-fg does not support multi_instance_directories" + exit 1 + ;; + esac + ;; + esac + ;; + +drain) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO stopping the Postfix mail system + kill -9 `sed 1q pid/master.pid` + ;; + +quick-stop) + + $daemon_directory/postfix-script stop + touch $queue_directory/quick-start + ;; + +stop) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO stopping the Postfix mail system + kill `sed 1q pid/master.pid` + for i in 5 4 3 2 1 + do + $daemon_directory/master -t && exit 0 + $INFO waiting for the Postfix mail system to terminate + sleep 1 + done + $WARN stopping the Postfix mail system with force + pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && + kill -9 -$pid + ;; + +abort) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO aborting the Postfix mail system + kill `sed 1q pid/master.pid` + ;; + +reload) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO refreshing the Postfix mail system + $command_directory/postsuper active || exit 1 + kill -HUP `sed 1q pid/master.pid` + $command_directory/postsuper & + ;; + +flush) + + cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 + } + $command_directory/postqueue -f + ;; + +check) + + $daemon_directory/postfix-script check-fatal || exit 1 + $daemon_directory/postfix-script check-warn + exit 0 + ;; + +status) + + $daemon_directory/master -t 2>/dev/null && { + $INFO the Postfix mail system is not running + exit 1 + } + $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid` + exit 0 + ;; + +quick-check) + # This command is NOT part of the public interface. + + $SHELL $daemon_directory/post-install create-missing || { + $WARN unable to create missing queue directories + exit 1 + } + + # Look for incomplete installations. + + test -f $config_directory/master.cf || { + $FATAL no $config_directory/master.cf file found + exit 1 + } + exit 0 + ;; + +check-fatal) + # This command is NOT part of the public interface. + + $daemon_directory/postfix-script quick-check + + maillog_file=`$command_directory/postconf -h maillog_file` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 + } + test -n "$maillog_file" && { + $command_directory/postconf -M postlog/unix-dgram 2>/dev/null \ + | grep . >/dev/null || { + $FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'" + exit 1 + } + } + + # See if all queue files are in the right place. This is slow. + # We must scan all queues for mis-named queue files before the + # mail system can run. + + $command_directory/postsuper || exit 1 + exit 0 + ;; + +check-warn) + # This command is NOT part of the public interface. + + # Check Postfix root-owned directory owner/permissions. + + find $queue_directory/. $queue_directory/pid \ + -prune ! -user root \ + -exec $WARN not owned by root: {} \; + + find $queue_directory/. $queue_directory/pid \ + -prune \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix root-owned directory tree owner/permissions. + + todo="$config_directory/." + test -n "$check_shared_files" && { + todo="$daemon_directory/. $meta_directory/. $todo" + test "$shlib_directory" = "no" || + todo="$shlib_directory/. $todo" + } + todo=`echo "$todo" | tr ' ' '\12' | sort -u` + + find $todo ! -user root \ + -exec $WARN not owned by root: {} \; + + # Handle symlinks separately + find -L $todo \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + find $todo -type l | while read f; do \ + readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \ + done; \ + + # Check Postfix mail_owner-owned directory tree owner/permissions. + + find $data_directory/. ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + find $data_directory/. \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix mail_owner-owned directory tree owner. + + find `ls -d $queue_directory/* | \ + egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ + ! \( -type p -o -type s \) ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + # WARNING: this should not descend into the maildrop directory. + # maildrop is the least trusted Postfix directory. + + find $queue_directory/maildrop -prune ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \; + + # Check Postfix setgid_group-owned directory and file group/permissions. + + todo="$queue_directory/public $queue_directory/maildrop" + test -n "$check_shared_files" && + todo="$command_directory/postqueue $command_directory/postdrop $todo" + + find $todo \ + -prune ! -group $setgid_group \ + -exec $WARN not owned by group $setgid_group: {} \; + + test -n "$check_shared_files" && + find $command_directory/postqueue $command_directory/postdrop \ + -prune ! -perm -02111 \ + -exec $WARN not set-gid or not owner+group+world executable: {} \; + + # Check non-Postfix root-owned directory tree owner/content. + + for dir in bin etc lib sbin usr + do + test -d $dir && { + find $dir ! -user root \ + -exec $WARN not owned by root: $queue_directory/{} \; + + find $dir -type f -print | while read path + do + test -f /$path && { + cmp -s $path /$path || + $WARN $queue_directory/$path and /$path differ + } + done + } + done + + find corrupt -type f -exec $WARN damaged message: {} \; + + # Check for non-Postfix MTA remnants. + + test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \ + -f /usr/lib/sendmail && { + cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { + $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ + $WARN Replace one by a symbolic link to the other + } + } + exit 0 + ;; + +set-permissions|upgrade-configuration) + $daemon_directory/post-install create-missing "$@" + ;; + +post-install) + # Currently not part of the public interface. + shift + $daemon_directory/post-install "$@" + ;; + +tls) + shift + $daemon_directory/postfix-tls-script "$@" + ;; + +/*) + # Currently not part of the public interface. + "$@" + ;; + +logrotate) + case $# in + 1) ;; + *) $FATAL "usage postfix $1 (no arguments)"; exit 1;; + esac + for name in maillog_file maillog_file_compressor \ + maillog_file_rotate_suffix + do + value="`$command_directory/postconf -h $name`" + case "$value" in + "") $FATAL "empty '$name' parameter value - logfile rotation failed" + exit 1;; + esac + eval $name='"$value"'; + done + + case "$maillog_file" in + /dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;; + esac + + errors=`( + suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1 + mv "$maillog_file" "$maillog_file.$suffix" || exit 1 + $daemon_directory/master -t 2>/dev/null || + kill -HUP \`sed 1q pid/master.pid\` || exit 1 + sleep 1 + "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1 + ) 2>&1` || { + $FATAL "logfile '$maillog_file' rotation failed: $errors" + exit 1 + } + ;; + +*) + $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)" + exit 1 + ;; + +esac diff --git a/ppp/ip-down.d/postfix b/ppp/ip-down.d/postfix new file mode 100755 index 0000000..4101554 --- /dev/null +++ b/ppp/ip-down.d/postfix @@ -0,0 +1,34 @@ +#!/bin/sh -e + +# Called when an interface disconnects +# Written by LaMont Jones + +# start or reload Postfix as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/lib/postfix ]; then + exit 0 +fi + +RUNNING="" +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -f /var/spool/postfix/pid/master.pid ]; then + pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid) + exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///') + if [ "X$exe" = "Xmaster" ]; then + RUNNING="y" + fi +fi + +if [ ! -x /sbin/resolvconf ]; then + f=/etc/resolv.conf + if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then + exit 0 + fi + if [ -n "$RUNNING" ]; then + service postfix reload >/dev/null 2>&1 + fi +fi + +exit 0 diff --git a/ppp/ip-up.d/postfix b/ppp/ip-up.d/postfix new file mode 100755 index 0000000..f1203ff --- /dev/null +++ b/ppp/ip-up.d/postfix @@ -0,0 +1,43 @@ +#!/bin/sh -e +# Called when a new interface comes up +# Written by LaMont Jones + +# don't bother to restart postfix when lo is configured. +if [ "$IFACE" = "lo" ]; then + exit 0 +fi + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/lib/postfix ]; then + exit 0 +fi + +RUNNING="" +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -f /var/spool/postfix/pid/master.pid ]; then + pid=$(sed 's/ //g' /var/spool/postfix/pid/master.pid) + exe=$(ls -l /proc/$pid/exe 2>/dev/null | sed 's/.* //;s/.*\///') + if [ "X$exe" = "Xmaster" ]; then + RUNNING="y" + fi +fi + +# start or reload Postfix as needed +if [ ! -x /sbin/resolvconf ]; then + f=/etc/resolv.conf + if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then + exit 0 + fi + if [ -n "$RUNNING" ]; then + service postfix reload >/dev/null 2>&1 + fi +fi + +# If master is running, force a queue run to unload any mail that is +# hanging around. Yes, sendmail is a symlink... +if [ -n "$RUNNING" ]; then + if [ -x /usr/sbin/sendmail ]; then + /usr/sbin/sendmail -q >/dev/null 2>&1 + fi +fi diff --git a/rc0.d/K01postfix b/rc0.d/K01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc0.d/K01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc1.d/K01postfix b/rc1.d/K01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc1.d/K01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc2.d/S01postfix b/rc2.d/S01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc2.d/S01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc3.d/S01postfix b/rc3.d/S01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc3.d/S01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc4.d/S01postfix b/rc4.d/S01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc4.d/S01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc5.d/S01postfix b/rc5.d/S01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc5.d/S01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc6.d/K01postfix b/rc6.d/K01postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc6.d/K01postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/resolvconf/update-libc.d/postfix b/resolvconf/update-libc.d/postfix new file mode 100755 index 0000000..1db67d2 --- /dev/null +++ b/resolvconf/update-libc.d/postfix @@ -0,0 +1,13 @@ +#!/bin/sh -e + +# we only need to copy this in if the service is already running. +# if it's not running, it'll get picked up by the init script on start. +/usr/sbin/service postfix status >/dev/null 2>&1 || exit 0 + +QUEUEDIR="$(/usr/sbin/postconf -hx queue_directory 2>/dev/null || true)" +if [ -n "$QUEUEDIR" ]; then + cp /etc/resolv.conf ${QUEUEDIR}/etc/resolv.conf + /usr/sbin/service postfix reload >/dev/null 2>&1 || exit 0 +fi + +exit 0 diff --git a/rsyslog.d/postfix.conf b/rsyslog.d/postfix.conf new file mode 100644 index 0000000..7b5d9b0 --- /dev/null +++ b/rsyslog.d/postfix.conf @@ -0,0 +1,4 @@ +# Create an additional socket in postfix's chroot in order not to break +# mail logging when rsyslog is restarted. If the directory is missing, +# rsyslog will silently skip creating the socket. +$AddUnixListenSocket /var/spool/postfix/dev/log diff --git a/shadow b/shadow index 1001fb7..2e1c244 100644 --- a/shadow +++ b/shadow @@ -27,3 +27,4 @@ bind:*:18724:0:99999:7::: _chrony:*:18724:0:99999:7::: frank:$6$viYRDmzFELF5pfeZ$5RbMmTp6m9ddM/PneWLQxNBPmk1S3VDCSMGHacsZQkzaPil449Ln01NmpsSCYVlqWjF2uzpxmMSUxbRwnigo6.:18725:0:99999:7::: mysql:!:18725:0:99999:7::: +postfix:*:18725:0:99999:7::: diff --git a/shadow- b/shadow- index 1001fb7..2e1c244 100644 --- a/shadow- +++ b/shadow- @@ -27,3 +27,4 @@ bind:*:18724:0:99999:7::: _chrony:*:18724:0:99999:7::: frank:$6$viYRDmzFELF5pfeZ$5RbMmTp6m9ddM/PneWLQxNBPmk1S3VDCSMGHacsZQkzaPil449Ln01NmpsSCYVlqWjF2uzpxmMSUxbRwnigo6.:18725:0:99999:7::: mysql:!:18725:0:99999:7::: +postfix:*:18725:0:99999:7::: diff --git a/ssl/certs/c699ba1e b/ssl/certs/c699ba1e new file mode 120000 index 0000000..e78b135 --- /dev/null +++ b/ssl/certs/c699ba1e @@ -0,0 +1 @@ +ssl-cert-snakeoil.pem \ No newline at end of file diff --git a/ssl/certs/ssl-cert-snakeoil.pem b/ssl/certs/ssl-cert-snakeoil.pem new file mode 100644 index 0000000..16f692d --- /dev/null +++ b/ssl/certs/ssl-cert-snakeoil.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIUSt78w3HY+QVL5dFlah8QZ7qp7rkwDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTaGVsZ2EudWh1LWJhbmFuZS5kZTAeFw0yMTA0MDgxOTE4 +NTFaFw0zMTA0MDYxOTE4NTFaMB4xHDAaBgNVBAMME2hlbGdhLnVodS1iYW5hbmUu +ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm8gsWVi9hpA31NYSn +rC/ALHns+YIiHHIDWjg5bgMaNms3g2Opn2EjuhX4H3Eg/relg1oSiwH7UK9GgPwP +gHdOQI13VWl4XdwGh316IoV+EGsZ14FZ/zS5W5OyiXrp69MJkb6+VinecJ/0PMCM +7s45y7zQGbP4/IueD6JD/G6M0gmtPgL4NA7CZKTlkqVGHm1BAYAuuAnMdPMuunrx ++OMXQM2qDxtCvsz3QiOSPAr5vyOnmeWIqIHZj3FfMtLizBTKA2W9CiKx0IjDrdSr +nLyInyWI3oGfCSmIYi/vsq+KZ1ANqzW6KTjhHm3zmjRcbDEA5M7+RfGHK4EHcyoe +3an3AgMBAAGjLTArMAkGA1UdEwQCMAAwHgYDVR0RBBcwFYITaGVsZ2EudWh1LWJh +bmFuZS5kZTANBgkqhkiG9w0BAQsFAAOCAQEAEixPM0mOvsFB9JkW4XsgATgp2d6q +ohdZscxJJu+1nB2IundF13gR3S8Z/IOVFf/6EZmX04vM6Wz8/ULdq127NzhWu+3I +x2SsSDWD5cy0I18Eebaema0MTH2pTDSjLSR2YWQdt93uXTfEoUzk+Asp+ZwNfCFJ +6Rh5D1L1I3C2R9ckzL3vv4y59ht842dDR9wFk7xWmAbH6aYE48JvLk7S/S2AX5W9 +bhpkCfVnw2eGtzO+NAMrvRWGrI1AR3cskJo8rXr1Nu0s3I3nX43dc+T/F0FyrMR1 +RmaT5xJPKlO8Q8MQK07HnXuaKEV/4WHiLrHTWI2c4stdBGV0sdF0pOgPBw== +-----END CERTIFICATE----- diff --git a/ssl/private/ssl-cert-snakeoil.key b/ssl/private/ssl-cert-snakeoil.key new file mode 100644 index 0000000..0442771 --- /dev/null +++ b/ssl/private/ssl-cert-snakeoil.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDm8gsWVi9hpA31 +NYSnrC/ALHns+YIiHHIDWjg5bgMaNms3g2Opn2EjuhX4H3Eg/relg1oSiwH7UK9G +gPwPgHdOQI13VWl4XdwGh316IoV+EGsZ14FZ/zS5W5OyiXrp69MJkb6+VinecJ/0 +PMCM7s45y7zQGbP4/IueD6JD/G6M0gmtPgL4NA7CZKTlkqVGHm1BAYAuuAnMdPMu +unrx+OMXQM2qDxtCvsz3QiOSPAr5vyOnmeWIqIHZj3FfMtLizBTKA2W9CiKx0IjD +rdSrnLyInyWI3oGfCSmIYi/vsq+KZ1ANqzW6KTjhHm3zmjRcbDEA5M7+RfGHK4EH +cyoe3an3AgMBAAECggEBAKxg27+3YrRZtIVjhfl1P0sMp5EnB2gYnU09SRwsrioh +llOgQYJ5URNOsVk7dsBu/3qOGWwfz8HbDojse7fCZsrEyhLZcNkEDdfdx92i6MsY +zChEv+sB30O/Q/YOQe1aNXI+FAaT37qFjA7MTdij4tAm727Q0JG3Rysadj6Sq511 +OcDMGRm32xHp0thFlMgDN8ODPpJK0U73MT98qmNb1uo2sw/eUaHBBwEFtq1FvAzx +tul+T4xBBGCgoXFTKGLpUrSK/Ok6ya5C5LYhhrWAz2UBGas7zxlj/64d4N0/N20J +29aCcKC0b7k26m4I00Cxq+UJGhpJ6FqGwH/NbPtZgbECgYEA/HhVvfErI1lDy0K5 +UGOFmFvGnKxmhJby4CPc50NgJAI9tLe11WbWti0XeBsMp0b0V3dn1iwCmrTkt/1i +W7Hvf30sPQUsqFR7gp7G4TkLiB/fRF0EdXdPsdCpEAP5ot9VDlciIasc9HLP7647 +Wfgg73w/LJy/ZIT2w6RvzSrzRH8CgYEA6iyqYWoGIvQVvFriA3DJiM3KMB9f5gGb +Ntx3kalsx5H/QTWJqxe3FHXqmBuCon1ob/29Vx0MpAxaSYDwbVy9V5LNMpZSJ/W9 +d1jCGo+8NoTpsMguFTvnXnirND3Cr5DHByJYqfOmpiZgRIAPrnB47fgcS26VL2W3 +uwNeZf9I/okCgYEAnJnbvVy5gEyfU5YIsod413+d25LIaFflQQidvkk5ejx1oAIP +5NXMOuYPV62XlK7bYuGq49sapnGsKUAfYXcmcnLnHNZ309XLYsMv44Xp1D7I03PL +Dz25jjc6lreQgel7rdB4WF/2Lt6EgkwVfoH9k+8ClJ6JzUT4d3Qo8R9CE+sCgYAY +Sz/10TkHwUjL/KW786SE08ypB2g8hWgj3eVtsCT/406W5kX9AP3WWpFW7Gu2Dcqa +67kL45CfKETpoT3QKrHd9vXgzKWDTcQ1MHkaplTBVzKjS3E0dL2BGIWyasHa0utC ++zY1k3hzfkG4eYym7TYugfH1hWhmvWe9OBFABab9+QKBgDcsl6JsgCy0+bpUe14w +uDeOorFzylOYyVi4P11Mr7wko8w393r6oGu2QVCO8AfpRCBLFIDWFpWlmBwrEcLQ +Bx6J26NN6FtmtfTKtfAlf+SN4MawEyMWivAxKjHuaL35dsXHEVy5aTtYaWrfSAZl +4vchtJ/n+zr8JOg6ghg9XLtq +-----END PRIVATE KEY----- diff --git a/systemd/system/multi-user.target.wants/postfix.service b/systemd/system/multi-user.target.wants/postfix.service new file mode 120000 index 0000000..efaaa31 --- /dev/null +++ b/systemd/system/multi-user.target.wants/postfix.service @@ -0,0 +1 @@ +/lib/systemd/system/postfix.service \ No newline at end of file diff --git a/ufw/applications.d/postfix b/ufw/applications.d/postfix new file mode 100644 index 0000000..e612ec9 --- /dev/null +++ b/ufw/applications.d/postfix @@ -0,0 +1,14 @@ +[Postfix] +title=Mail server (SMTP) +description=Postfix is a high-performance mail transport agent +ports=25/tcp + +[Postfix SMTPS] +title=Mail server (SMTPS) +description=Postfix is a high-performance mail transport agent +ports=465/tcp + +[Postfix Submission] +title=Mail server (Submission) +description=Postfix is a high-performance mail transport agent +ports=587/tcp