diff options
| author | Malfurious <m@lfurio.us> | 2024-06-08 05:07:09 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-06-09 14:16:42 -0400 |
| commit | 55a364bda1d1f293a0691198cd6a4d1784cb2f87 (patch) | |
| tree | 13236dca38bf7298a02cd5ec567f8ad1ca5adae1 /postfix | |
| parent | 21cbfd354bc2586b26e1bcff00a388e50aa92bba (diff) | |
| download | mailnode-55a364bda1d1f293a0691198cd6a4d1784cb2f87.tar.gz mailnode-55a364bda1d1f293a0691198cd6a4d1784cb2f87.zip | |
postfix: Enable secure submission of outgoing email
The encrypted "submissions" port (465) is opened in postfix and is
configured for delivery of outgoing mail of authenticated users only.
The authentication is provided by dovecot via unix socket and account
data is sourced from the userconfig directory.
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to 'postfix')
| -rw-r--r-- | postfix/master.cf | 54 |
1 files changed, 15 insertions, 39 deletions
diff --git a/postfix/master.cf b/postfix/master.cf index fd0d581..0105387 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -10,46 +10,22 @@ # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd -#smtp inet n - y - 1 postscreen -#smtpd pass - - y - - smtpd -#dnsblog unix - - y - 0 dnsblog -#tlsproxy unix - - y - 0 tlsproxy -# Choose one: enable submission for loopback clients only, or for any client. -#127.0.0.1:submission inet n - y - - smtpd -#submission inet n - y - - smtpd -# -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_tls_auth_only=yes -# -o smtpd_reject_unlisted_recipient=no -# Instead of specifying complex smtpd_<xxx>_restrictions here, -# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" -# here, and specify mua_<xxx>_restrictions in main.cf (where -# "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). -# -o smtpd_client_restrictions= -# -o smtpd_helo_restrictions= +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +submissions inet n - y - - smtpd + -o syslog_name=postfix/submissions + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_type=dovecot + -o smtpd_sasl_path=private/auth + -o smtpd_reject_unlisted_recipient=no + -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_restrictions= -# -o smtpd_relay_restrictions= -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -# Choose one: enable submissions for loopback clients only, or for any client. -#127.0.0.1:submissions inet n - y - - smtpd -#submissions inet n - y - - smtpd -# -o syslog_name=postfix/submissions -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# Instead of specifying complex smtpd_<xxx>_restrictions here, -# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" -# here, and specify mua_<xxx>_restrictions in main.cf (where -# "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). -# -o smtpd_client_restrictions= -# -o smtpd_helo_restrictions= -# -o smtpd_sender_restrictions= -# -o smtpd_relay_restrictions= -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -#628 inet n - y - - qmqpd + -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr |