diff --git a/src/mailsrv/assets/dovecot/conf.d/10-mail.conf b/src/mailsrv/assets/dovecot/conf.d/10-mail.conf index 4df36e8..6b69e02 100644 --- a/src/mailsrv/assets/dovecot/conf.d/10-mail.conf +++ b/src/mailsrv/assets/dovecot/conf.d/10-mail.conf @@ -111,7 +111,7 @@ namespace inbox { # Group to enable temporarily for privileged operations. Currently this is # used only with INBOX when either its initial creation or dotlocking fails. # Typically this is set to "mail" to give access to /var/mail. -mail_privileged_group = mail +#mail_privileged_group = mail # Grant access to these supplementary groups for mail processes. Typically # these are used to set up access to shared mailboxes. Note that it may be diff --git a/src/mailsrv/assets/dovecot/conf.d/30-stats.conf b/src/mailsrv/assets/dovecot/conf.d/30-stats.conf new file mode 100644 index 0000000..dc45c4f --- /dev/null +++ b/src/mailsrv/assets/dovecot/conf.d/30-stats.conf @@ -0,0 +1,13 @@ +service stats { + unix_listener stats-reader { + user = vmail + group = vmail + mode = 0660 + } + + unix_listener stats-writer { + user = vmail + group = vmail + mode = 0660 + } +} diff --git a/src/mailsrv/assets/postfix/main.cf b/src/mailsrv/assets/postfix/main.cf index f3b3e43..e9c4f82 100644 --- a/src/mailsrv/assets/postfix/main.cf +++ b/src/mailsrv/assets/postfix/main.cf @@ -1,28 +1,20 @@ -### General ### -# network segments to consider internal -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +### Network ### # interfaces & protocols to listen on inet_interfaces = all inet_protocols = all -# what backend to use to deliver local & virtual mail -local_transport = dovecot -# hosts to relay for -relayhost = -# whether to send "new mail" notifications to users -# on by default, but we turn off because we're not using system users -biff = no -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -### Domains ### # primary name of server myhostname = mail.alemor.org myorigin = $mydomain +# what host to use as a relay +relayhost = +# hosts to forward mail to +relay_domains = +# only forward mail from local host +mynetworks_style = host # domains to consider primary (local) endpoints mydestination = $myhostname, $mydomain, localhost.localdomain, localhost # domains to consider secondary (virtual) endpoints -virtual_alias_domains = epic.alemor.org, home.alemor.org, alegre.alemor.org, daniel.alemor.org, fernando.alemor.org, juana.alemor.org, mario.alemor.org, moreno.alemor.org +virtual_alias_domains = epic.alemor.org, home.alemor.org, alegre.alemor.org, daniel.alemor.org, fernando.alemor.org, juana.alemor.org, mario.alemor.org, moreno.alemor.org, mar.alemor.org ### Users ### # get list of valid users from here instead of /etc/passwd @@ -33,22 +25,30 @@ virtual_alias_maps = hash:/etc/postfix/aliases # the email is sent to ${user} if that address is not already explicitly defined. recipient_delimiter = - -### TLS ### +### Delivery ### +# what backend to use to deliver local & virtual mail +local_transport = dovecot +# set recipient limit to 1 so X-Original-To header addition will work +dovecot_destination_recipient_limit = 1 + +### SMTP ### # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # whether to allow or enforce TLS. Acceptable values are 'none', 'may', or 'encrypt'. -smtpd_tls_security_level=may +smtpd_tls_security_level=encrypt # where to find certs smtpd_tls_cert_file=/vol/ssl/fullchain.pem smtpd_tls_key_file=/vol/ssl/privkey.pem - -### Anti-spam ### -#smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit +# domain to consider local +smtpd_sasl_local_domain = $myhostname +# security settings +smtpd_client_restrictions = permit_sasl_authenticated, reject +smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, permit_sasl_authenticated, reject #smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname - -### SASL ### +smtpd_sasl_security_options = noanonymous +# what to use for sasl smtpd_sasl_type = dovecot # Can be an absolute path, or relative to $queue_directory # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below @@ -57,3 +57,11 @@ smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # With Postfix version before 2.10, use smtpd_recipient_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination + +### Misc ### +# whether to send "new mail" notifications to users +# on by default, but we turn off because we're not using system users +biff = no +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 diff --git a/src/mailsrv/assets/postfix/master.cf b/src/mailsrv/assets/postfix/master.cf index 80cc80d..b8927f7 100644 --- a/src/mailsrv/assets/postfix/master.cf +++ b/src/mailsrv/assets/postfix/master.cf @@ -11,11 +11,6 @@ # ========================================================================== smtp inet n - y - - smtpd submission inet n - y - - smtpd - -o smtpd_sasl_local_domain=$myhostname - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_security_options=noanonymous - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject # Local services # ==========================================================================