238 lines
7.3 KiB
Plaintext
238 lines
7.3 KiB
Plaintext
postfix:
|
|
manage_master_config: True
|
|
master_config:
|
|
# Preferred way of managing services/processes. This allows for finegrained
|
|
# control over each service. See postfix/services.yaml for defaults that can
|
|
# be overridden.
|
|
services:
|
|
smtp:
|
|
# Limit to no more than 10 smtp processes
|
|
maxproc: 10
|
|
# Enable oldstyle TLS wrapped SMTP
|
|
smtps:
|
|
enable: True
|
|
# Enable submission service on port 587/tcp with custom options
|
|
submission:
|
|
enable: True
|
|
args:
|
|
- "-o smtpd_tls_security_level=encrypt"
|
|
- "-o smtpd_sasl_auth_enable=yes"
|
|
- "-o smtpd_client_restrictions: permit_sasl_authenticated,reject"
|
|
tlsproxy:
|
|
enable: True
|
|
chroot: True
|
|
uucp:
|
|
enable: True
|
|
# Dovecot delivery via deliver binary. For better performance, investigate
|
|
# using LMTP instead: <https://wiki.dovecot.org/LMTP>
|
|
dovecot:
|
|
chroot: False
|
|
command: pipe
|
|
enable: True
|
|
extras: '-d ${recipient}'
|
|
flags: DRhu
|
|
type: unix
|
|
unpriv: False
|
|
user: vmail:vmail
|
|
argv: /usr/lib/dovecot/deliver
|
|
# Completely customized mail-delivery-agent entry. Will be appended to the
|
|
# master.cf file
|
|
custom-mda:
|
|
argv: /usr/local/sbin/mail-handler.py
|
|
command: pipe
|
|
extras: --rcpt ${recipient}
|
|
flags: DRhu
|
|
user: mail
|
|
# Wrap the output in master.cf at 78 chars for better readability
|
|
wrap: True
|
|
# Avoid user and arvg settings to allow define internal processes
|
|
# needed for randomizing relay IP (randmap functionality)
|
|
no_args: True
|
|
|
|
# Backwards compatible definition of dovecot delivery in master.cf
|
|
enable_dovecot: False
|
|
# The following are the default values:
|
|
dovecot:
|
|
user: vmail
|
|
group: vmail
|
|
flags: DRhu
|
|
argv: "/usr/lib/dovecot/deliver"
|
|
|
|
# Backwards compatible definition of submission listener in master.cf
|
|
enable_submission: False
|
|
# To replace the defaults use this:
|
|
submission:
|
|
smtpd_tls_security_level: encrypt
|
|
smtpd_sasl_auth_enable: yes
|
|
smtpd_client_restrictions: permit_sasl_authenticated,reject
|
|
|
|
enable_service: True
|
|
reload_service: True
|
|
|
|
postgrey:
|
|
enabled: True
|
|
enable_service: True
|
|
location: inet:172.16.0.5:6379
|
|
|
|
policyd-spf:
|
|
enabled: True
|
|
time_limit: 7200s
|
|
|
|
config:
|
|
smtpd_banner: $myhostname ESMTP $mail_name
|
|
smtp_tls_CApath: /etc/ssl/certs
|
|
biff: 'no'
|
|
append_dot_mydomain: 'no'
|
|
readme_directory: 'no'
|
|
myhostname: localhost
|
|
mydestination: localhost, localhost.localdomain
|
|
relayhost:
|
|
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
mailbox_size_limit: 0
|
|
recipient_delimiter: +
|
|
inet_interfaces: all
|
|
inet_protocols: all
|
|
|
|
#postsrsd:
|
|
sender_canonical_maps: tcp:127.0.0.1:10001
|
|
sender_canonical_classes: envelope_sender
|
|
recipient_canonical_maps: tcp:127.0.0.1:10002
|
|
recipient_canonical_classes: envelope_recipient
|
|
|
|
# Alias
|
|
alias_maps: hash:/etc/aliases
|
|
# This is the list of files for the newaliases
|
|
# cmd to process (see postconf(5) for details).
|
|
# Only local hash/btree/dbm files:
|
|
alias_database: hash:/etc/aliases
|
|
|
|
# Virtual users
|
|
virtual_alias_maps: proxy:mysql:/etc/postfix/virtual_alias_maps.cf
|
|
virtual_mailbox_domains: proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
|
|
virtual_mailbox_maps: proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
|
|
virtual_mailbox_base: /home/vmail
|
|
virtual_mailbox_limit: 512000000
|
|
virtual_minimum_uid: 5000
|
|
virtual_transport: virtual
|
|
virtual_uid_maps: static:5000
|
|
virtual_gid_maps: static:5000
|
|
|
|
local_transport: virtual
|
|
local_recipient_maps: $virtual_mailbox_maps
|
|
transport_maps: hash:/etc/postfix/transport
|
|
|
|
# SMTP server
|
|
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
|
|
smtpd_use_tls: 'yes'
|
|
smtpd_sasl_auth_enable: 'yes'
|
|
smtpd_sasl_type: dovecot
|
|
smtpd_sasl_path: /var/run/dovecot/auth-client
|
|
smtpd_recipient_restrictions: permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
|
smtpd_relay_restrictions: permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
|
smtpd_sasl_security_options: noanonymous
|
|
smtpd_sasl_tls_security_options: $smtpd_sasl_security_options
|
|
smtpd_tls_auth_only: 'yes'
|
|
smtpd_sasl_local_domain: $mydomain
|
|
smtpd_tls_loglevel: 1
|
|
smtpd_tls_session_cache_timeout: 3600s
|
|
|
|
relay_domains: '$mydestination'
|
|
|
|
# SMTP server certificate and key (from pillar data)
|
|
smtpd_tls_cert_file: /etc/postfix/ssl/server-cert.crt
|
|
smtpd_tls_key_file: /etc/postfix/ssl/server-cert.key
|
|
|
|
# SMTP client
|
|
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
|
|
smtp_use_tls: 'yes'
|
|
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
|
|
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
|
|
|
|
smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
|
|
sender_canonical_maps: hash:/etc/postfix/sender_canonical
|
|
relay_recipient_maps: hash:/etc/postfix/relay_domains
|
|
virtual_alias_maps: hash:/etc/postfix/virtual
|
|
|
|
transport:
|
|
DOMAIN_NAME: ':[IP_ADDRESS]'
|
|
|
|
vmail:
|
|
user: postfix_user
|
|
password: DB_PASSWD
|
|
hosts: DB_HOST
|
|
dbname: postfix_db
|
|
|
|
# add mysql query to virtual
|
|
mysql:
|
|
virtual_mailbox_domains:
|
|
table: virtual_domains
|
|
select_field: 1
|
|
where_field: name
|
|
virtual_alias_maps:
|
|
table: virtual_aliases
|
|
select_field: destination
|
|
where_field: email
|
|
virtual_mailbox_maps:
|
|
table: virtual_users
|
|
select_field: 1
|
|
where_field: email
|
|
|
|
aliases:
|
|
# manage single aliases
|
|
# this uses the aliases file defined in the minion config, /etc/aliases by default
|
|
use_file: false
|
|
present:
|
|
root: info@example.com
|
|
absent:
|
|
- root
|
|
|
|
# manage entire aliases file
|
|
use_file: true
|
|
content: |
|
|
# Forward all local *nix users mail to our admins (via greedy regexp)
|
|
/.+/ admins@example.com
|
|
|
|
certificates:
|
|
server-cert:
|
|
public_cert: |
|
|
-----BEGIN CERTIFICATE-----
|
|
(Your primary SSL certificate: smtp.example.com.crt)
|
|
-----END CERTIFICATE-----
|
|
-----BEGIN CERTIFICATE-----
|
|
(Your intermediate certificate: example-ca.crt)
|
|
-----END CERTIFICATE-----
|
|
-----BEGIN CERTIFICATE-----
|
|
(Your root certificate: trusted-root.crt)
|
|
-----END CERTIFICATE-----
|
|
private_key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
(Your Private key)
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
example.com-relay-client-cert:
|
|
public_cert: |
|
|
-----BEGIN CERTIFICATE-----
|
|
(Your primary SSL certificate: smtp.example.com.crt)
|
|
-----END CERTIFICATE-----
|
|
private_key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
(Your Private key)
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
mapping:
|
|
smtp_sasl_password_maps:
|
|
- smtp.example.com: myaccount:somepassword
|
|
|
|
sender_canonical_maps:
|
|
- root: servers@example.com
|
|
- nagios: alerts@example.com
|
|
|
|
relay_recipient_maps:
|
|
- example.com: OK
|
|
|
|
virtual_alias_maps:
|
|
- groupaliasexample:
|
|
- someuser_1@example.com
|
|
- someuser_2@example.com
|
|
- singlealiasexample: someuser_3@example.com
|