Initial commit
This commit is contained in:
219
OPP/main.cf.OPP
Normal file
219
OPP/main.cf.OPP
Normal file
@@ -0,0 +1,219 @@
|
||||
# ============ Basic settings ============
|
||||
|
||||
# Debian specific: Specifying a file name will cause the first
|
||||
# line of that file to be used as the name. The Debian default
|
||||
# is /etc/mailname.
|
||||
#myorigin = /etc/mailname
|
||||
myorigin = /etc/mailname
|
||||
|
||||
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
||||
biff = no
|
||||
|
||||
# appending .domain is the MUA's job.
|
||||
append_dot_mydomain = no
|
||||
|
||||
# Uncomment the next line to generate "delayed mail" warnings
|
||||
#delay_warning_time = 4h
|
||||
|
||||
readme_directory = /usr/share/doc/postfix
|
||||
html_directory = /usr/share/doc/postfix/html
|
||||
|
||||
## - The Internet protocols Postfix will attempt to use when making
|
||||
## - or accepting connections.
|
||||
## - DEFAULT: ipv4
|
||||
inet_protocols = ipv4
|
||||
|
||||
#inet_interfaces = all
|
||||
inet_interfaces =
|
||||
127.0.0.1
|
||||
#192.168.62.254
|
||||
|
||||
myhostname = gw-opp.opp.netz
|
||||
|
||||
mydestination =
|
||||
gw-opp.opp.netz
|
||||
localhost
|
||||
|
||||
## - The list of "trusted" SMTP clients that have more
|
||||
## - privileges than "strangers"
|
||||
## -
|
||||
mynetworks =
|
||||
127.0.0.0/8
|
||||
#192.168.62.254/32
|
||||
|
||||
#smtp_bind_address = 192.168.62.254
|
||||
#smtp_bind_address6 =
|
||||
|
||||
|
||||
## - The maximal size of any local(8) individual mailbox or maildir file,
|
||||
## - or zero (no limit). In fact, this limits the size of any file that is
|
||||
## - written to upon local delivery, including files written by external
|
||||
## - commands that are executed by the local(8) delivery agent.
|
||||
## -
|
||||
mailbox_size_limit = 0
|
||||
|
||||
## - The maximal size in bytes of a message, including envelope information.
|
||||
## -
|
||||
## - we user 50MB
|
||||
## -
|
||||
message_size_limit = 52480000
|
||||
|
||||
## - The system-wide recipient address extension delimiter
|
||||
## -
|
||||
recipient_delimiter = +
|
||||
|
||||
## - The alias databases that are used for local(8) delivery.
|
||||
## -
|
||||
alias_maps =
|
||||
hash:/etc/aliases
|
||||
|
||||
## - The alias databases for local(8) delivery that are updated
|
||||
## - with "newaliases" or with "sendmail -bi".
|
||||
## -
|
||||
alias_database =
|
||||
hash:/etc/aliases
|
||||
|
||||
|
||||
# ============ Relay parameters ============
|
||||
|
||||
#relayhost =
|
||||
|
||||
|
||||
# ============ SASL authentication ============
|
||||
|
||||
# Enable SASL authentication
|
||||
smtp_sasl_auth_enable = yes
|
||||
|
||||
# Forwarding to the ip-adress of host b.mx.oopen.de
|
||||
relayhost = [b.mx.oopen.de]
|
||||
|
||||
# File including login data
|
||||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||
|
||||
# Disallow methods that allow anonymous authentication.
|
||||
smtp_sasl_security_options = noanonymous
|
||||
|
||||
|
||||
|
||||
# ============ TLS parameters ============
|
||||
|
||||
## - Aktiviert TLS für den Mailempfang
|
||||
## -
|
||||
## - may:
|
||||
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
||||
## - SMTP server, otherwise use plaintext
|
||||
## -
|
||||
## - This overrides the obsolete parameters smtpd_use_tls and
|
||||
## - smtpd_enforce_tls. This parameter is ignored with
|
||||
## - "smtpd_tls_wrappermode = yes".
|
||||
#smtpd_use_tls=yes
|
||||
smtp_tls_security_level = encrypt
|
||||
|
||||
## - Aktiviert TLS für den Mailversand
|
||||
## -
|
||||
## - may:
|
||||
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
|
||||
## - but do not require that clients use TLS encryption.
|
||||
# smtp_use_tls=yes
|
||||
smtpd_tls_security_level=may
|
||||
|
||||
## - 0 Disable logging of TLS activity.
|
||||
## - 1 Log TLS handshake and certificate information.
|
||||
## - 2 Log levels during TLS negotiation.
|
||||
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
|
||||
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
|
||||
## -
|
||||
smtpd_tls_loglevel = 1
|
||||
smtp_tls_loglevel = 1
|
||||
|
||||
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
|
||||
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
|
||||
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
## - Dont't forget to create it, e.g with openssl:
|
||||
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
|
||||
## -
|
||||
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
|
||||
## - also possible to use 2048 key with that parameter
|
||||
## -
|
||||
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
|
||||
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
## - Dont't forget to create it, e.g with openssl:
|
||||
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
|
||||
## -
|
||||
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
|
||||
|
||||
|
||||
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
|
||||
## - server certificates or intermediate CA certificates. These are loaded into
|
||||
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
|
||||
## -
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
|
||||
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
|
||||
## - necessary "hash" links with, for example, "
|
||||
## - /bin/c_rehash /etc/postfix/certs".
|
||||
## -
|
||||
## - !! Note !!
|
||||
## - To use this option in chroot mode, this directory (or a copy) must be inside
|
||||
## - the chroot jail.
|
||||
## -
|
||||
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
|
||||
## - queue directory (/var/spool/postfix)
|
||||
## -
|
||||
#smtpd_tls_CApath = /etc/postfix/certs
|
||||
|
||||
|
||||
# Disable SSLv2 SSLv3 - Postfix SMTP server
|
||||
#
|
||||
# List of TLS protocols that the Postfix SMTP server will exclude or
|
||||
# include with opportunistic TLS encryption.
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||
#
|
||||
# The SSL/TLS protocols accepted by the Postfix SMTP server
|
||||
# with mandatory TLS encryption.
|
||||
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||
|
||||
|
||||
# Disable SSLv2 SSLv3 - Postfix SMTP client
|
||||
#
|
||||
# List of TLS protocols that the Postfix SMTP client will exclude or
|
||||
# include with opportunistic TLS encryption.
|
||||
smtp_tls_protocols = !SSLv2, !SSLv3
|
||||
#
|
||||
# List of SSL/TLS protocols that the Postfix SMTP client will use
|
||||
# with mandatory TLS encryption
|
||||
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||
|
||||
|
||||
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
|
||||
## - openssl > 1.0
|
||||
## -
|
||||
smtpd_tls_eecdh_grade = strong
|
||||
|
||||
# standard list cryptographic algorithm
|
||||
tls_preempt_cipherlist = yes
|
||||
|
||||
# Disable ciphers which are less than 256-bit:
|
||||
#
|
||||
#smtpd_tls_mandatory_ciphers = high
|
||||
#
|
||||
# opportunistic
|
||||
smtpd_tls_ciphers = high
|
||||
|
||||
|
||||
# Exclude ciphers
|
||||
smtpd_tls_exclude_ciphers =
|
||||
RC4
|
||||
aNULL
|
||||
SEED-SHA
|
||||
EXP
|
||||
MD5
|
||||
|
||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
|
||||
Reference in New Issue
Block a user