updates

Dockerfile

@@ -1,18 +1,12 @@
-FROM alpine:3.4
+FROM alpine:3.8
 MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
 
-RUN echo '@testing http://nl.alpinelinux.org/alpine/edge/testing' |tee -a /etc/apk/repositories && \
-    apk update && \
+RUN apk update && \
     apk upgrade && \
-    apk add tzdata rsyslog postfix runit@testing
+    apk add tzdata rsyslog postfix runit ca-certificates
 
-# tzdata - so that TZ environment variable gets processed
-# rsyslog - to log postfix service into /var/log/maillog file
-
-# Not in use currently:
-# - ca-certificates
-# - coreutils
-# - bind-tools
+# tzdata - for passing TZ environment variable.
+# rsyslog - to log postfix service into /var/log/maillog file.
 
 COPY service /etc/service/
 ENTRYPOINT runsvdir -P /etc/service

README.md

@@ -0,0 +1,12 @@
+## postfix container
+
+Runs postfix container.
+
+## runit
+
+runit - a UNIX init scheme with service supervision.
+
+- http://kchard.github.io/runit-quickstart/
+- http://smarden.org/runit/runsv.8.html
+- http://smarden.org/runit/sv.8.html
+- http://smarden.org/runit/chpst.8.html

postfix/access

@@ -0,0 +1,493 @@
+# ACCESS(5)                                                            ACCESS(5)
+# 
+# NAME
+#        access - Postfix SMTP server access table
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/access
+# 
+#        postmap -q "string" /etc/postfix/access
+# 
+#        postmap -q - /etc/postfix/access <inputfile
+# 
+# DESCRIPTION
+#        This  document  describes  access  control  on remote SMTP
+#        client information: host  names,  network  addresses,  and
+#        envelope  sender or recipient addresses; it is implemented
+#        by the  Postfix  SMTP  server.   See  header_checks(5)  or
+#        body_checks(5)  for access control on the content of email
+#        messages.
+# 
+#        Normally, the access(5) table is specified as a text  file
+#        that  serves  as  input  to  the  postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        "postmap /etc/postfix/access" to rebuild an  indexed  file
+#        after changing the corresponding text file.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those cases, the lookups are done in a slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+# CASE FOLDING
+#        The search string is folded to lowercase  before  database
+#        lookup.  As  of Postfix 2.3, the search string is not case
+#        folded with database types such as regexp: or pcre:  whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern action
+#               When pattern matches a mail address, domain or host
+#               address, perform the corresponding action.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  logical  line starts with non-whitespace text. A
+#               line that starts with whitespace continues a  logi-
+#               cal line.
+# 
+# EMAIL ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked tables such as NIS, LDAP or  SQL,  patterns  are
+#        tried in the order as listed below:
+# 
+#        user@domain
+#               Matches the specified mail address.
+# 
+#        domain.tld
+#               Matches  domain.tld  as the domain part of an email
+#               address.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the Postfix  parent_domain_matches_subdomains  con-
+#               figuration setting.
+# 
+#        .domain.tld
+#               Matches subdomains of domain.tld, but only when the
+#               string smtpd_access_maps is not listed in the Post-
+#               fix  parent_domain_matches_subdomains configuration
+#               setting.
+# 
+#        user@  Matches all mail addresses with the specified  user
+#               part.
+# 
+#        Note:  lookup  of  the null sender address is not possible
+#        with some types of lookup table. By default, Postfix  uses
+#        <>  as  the  lookup  key  for such addresses. The value is
+#        specified with the smtpd_null_access_lookup_key  parameter
+#        in the Postfix main.cf file.
+# 
+# EMAIL ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
+#        becomes:  user+foo@domain, user@domain, domain, user+foo@,
+#        and user@.
+# 
+# HOST NAME/ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked  tables  such as NIS, LDAP or SQL, the following
+#        lookup patterns are examined in the order as listed:
+# 
+#        domain.tld
+#               Matches domain.tld.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the Postfix  parent_domain_matches_subdomains  con-
+#               figuration setting.
+# 
+#        .domain.tld
+#               Matches subdomains of domain.tld, but only when the
+#               string smtpd_access_maps is not listed in the Post-
+#               fix  parent_domain_matches_subdomains configuration
+#               setting.
+# 
+#        net.work.addr.ess
+# 
+#        net.work.addr
+# 
+#        net.work
+# 
+#        net    Matches the specified IPv4 host address or  subnet-
+#               work.  An  IPv4  host address is a sequence of four
+#               decimal octets separated by ".".
+# 
+#               Subnetworks are matched  by  repeatedly  truncating
+#               the last ".octet" from the remote IPv4 host address
+#               string until a match is found in the access  table,
+#               or until further truncation is not possible.
+# 
+#               NOTE 1: The access map lookup key must be in canon-
+#               ical form: do not specify unnecessary null  charac-
+#               ters,  and  do not enclose network address informa-
+#               tion with "[]" characters.
+# 
+#               NOTE 2: use the cidr lookup table type  to  specify
+#               network/netmask  patterns.  See  cidr_table(5)  for
+#               details.
+# 
+#        net:work:addr:ess
+# 
+#        net:work:addr
+# 
+#        net:work
+# 
+#        net    Matches the specified IPv6 host address or  subnet-
+#               work.  An  IPv6 host address is a sequence of three
+#               to eight hexadecimal octet pairs separated by  ":".
+# 
+#               Subnetworks  are  matched  by repeatedly truncating
+#               the last ":octetpair" from  the  remote  IPv6  host
+#               address string until a match is found in the access
+#               table, or until further truncation is not possible.
+# 
+#               NOTE 1: the truncation and comparison are done with
+#               the string representation of the IPv6 host address.
+#               Thus, not all the ":" subnetworks will be tried.
+# 
+#               NOTE 2: The access map lookup key must be in canon-
+#               ical form: do not specify unnecessary null  charac-
+#               ters,  and  do not enclose network address informa-
+#               tion with "[]" characters.
+# 
+#               NOTE 3: use the cidr lookup table type  to  specify
+#               network/netmask  patterns.  See  cidr_table(5)  for
+#               details.
+# 
+#               IPv6 support is available in Postfix 2.2 and later.
+# 
+# ACCEPT ACTIONS
+#        OK     Accept the address etc. that matches the pattern.
+# 
+#        all-numerical
+#               An all-numerical result is treated as OK. This for-
+#               mat is generated by address-based relay  authoriza-
+#               tion schemes such as pop-before-smtp.
+# 
+#        For other accept actions, see "OTHER ACTIONS" below.
+# 
+# REJECT ACTIONS
+#        Postfix  version  2.3  and  later  support enhanced status
+#        codes as defined in RFC 3463.  When no code  is  specified
+#        at  the  beginning  of  the  text below, Postfix inserts a
+#        default enhanced status code of "5.7.1"  in  the  case  of
+#        reject  actions, and "4.7.1" in the case of defer actions.
+#        See "ENHANCED STATUS CODES" below.
+# 
+#        4NN text
+# 
+#        5NN text
+#               Reject the address etc. that matches  the  pattern,
+#               and respond with the numerical three-digit code and
+#               text. 4NN means "try again later", while 5NN  means
+#               "do not try again".
+# 
+#               The  following  responses  have special meaning for
+#               the Postfix SMTP server:
+# 
+#               421 text (Postfix 2.3 and later)
+# 
+#               521 text (Postfix 2.6 and later)
+#                      After   responding   with   the    numerical
+#                      three-digit  code and text, disconnect imme-
+#                      diately from the SMTP client.  This frees up
+#                      SMTP  server  resources  so that they can be
+#                      made available to another SMTP client.
+# 
+#                      Note: The "521" response should be used only
+#                      with  botnets and other malware where inter-
+#                      operability is of no concern.  The "send 521
+#                      and  disconnect"  behavior is NOT defined in
+#                      the SMTP standard.
+# 
+#        REJECT optional text...
+#               Reject the address etc. that matches  the  pattern.
+#               Reply    with   "$access_map_reject_code   optional
+#               text..." when the optional text is specified,  oth-
+#               erwise reply with a generic error response message.
+# 
+#        DEFER optional text...
+#               Reject the address etc. that matches  the  pattern.
+#               Reply    with    "$access_map_defer_code   optional
+#               text..." when the optional text is specified,  oth-
+#               erwise reply with a generic error response message.
+# 
+#               This feature is available in Postfix 2.6 and later.
+# 
+#        DEFER_IF_REJECT optional text...
+#               Defer  the  request if some later restriction would
+#               result   in   a   REJECT   action.    Reply    with
+#               "$access_map_defer_code   4.7.1  optional  text..."
+#               when the  optional  text  is  specified,  otherwise
+#               reply with a generic error response message.
+# 
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        DEFER_IF_PERMIT optional text...
+#               Defer the request if some later  restriction  would
+#               result  in a an explicit or implicit PERMIT action.
+#               Reply with "$access_map_defer_code 4.7.1   optional
+#               text..."  when the optional text is specified, oth-
+#               erwise reply with a generic error response message.
+# 
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        For other reject actions, see "OTHER ACTIONS" below.
+# 
+# OTHER ACTIONS
+#        restriction...
+#               Apply the named UCE restriction(s) (permit, reject,
+#               reject_unauth_destination, and so on).
+# 
+#        BCC user@domain
+#               Send  one  copy  of  the  message  to the specified
+#               recipient.
+# 
+#               If multiple BCC actions are  specified  within  the
+#               same  SMTP  MAIL transaction, with Postfix 3.0 only
+#               the last action will be used.
+# 
+#               This feature is available in Postfix 3.0 and later.
+# 
+#        DISCARD optional text...
+#               Claim  successful delivery and silently discard the
+#               message.  Log the optional text if specified,  oth-
+#               erwise log a generic message.
+# 
+#               Note:  this action currently affects all recipients
+#               of the message.   To  discard  only  one  recipient
+#               without  discarding  the  entire  message,  use the
+#               transport(5) table to direct mail to the discard(8)
+#               service.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        DUNNO  Pretend that the lookup key  was  not  found.  This
+#               prevents  Postfix  from  trying  substrings  of the
+#               lookup key (such as a subdomain name, or a  network
+#               address subnetwork).
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        FILTER transport:destination
+#               After the message is queued, send the  entire  mes-
+#               sage through the specified external content filter.
+#               The transport name specifies the first field  of  a
+#               mail  delivery  agent  definition in master.cf; the
+#               syntax of the next-hop destination is described  in
+#               the  manual  page  of  the  corresponding  delivery
+#               agent.  More  information  about  external  content
+#               filters is in the Postfix FILTER_README file.
+# 
+#               Note  1: do not use $number regular expression sub-
+#               stitutions for transport or destination unless  you
+#               know that the information has a trusted origin.
+# 
+#               Note  2:  this  action  overrides  the main.cf con-
+#               tent_filter setting, and affects all recipients  of
+#               the  message.  In  the  case  that  multiple FILTER
+#               actions fire, only the last one is executed.
+# 
+#               Note 3: the purpose of the  FILTER  command  is  to
+#               override  message routing.  To override the recipi-
+#               ent's transport but not the  next-hop  destination,
+#               specify  an  empty  filter destination (Postfix 2.7
+#               and later), or specify a transport:destination that
+#               delivers   through  a  different  Postfix  instance
+#               (Postfix 2.6 and earlier). Other options are  using
+#               the  recipient-dependent transport_maps or the sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        HOLD optional text...
+#               Place the message on the hold queue, where it  will
+#               sit  until someone either deletes it or releases it
+#               for delivery.  Log the optional text if  specified,
+#               otherwise log a generic message.
+# 
+#               Mail  that  is  placed on hold can be examined with
+#               the postcat(1) command, and  can  be  destroyed  or
+#               released with the postsuper(1) command.
+# 
+#               Note:  use  "postsuper -r" to release mail that was
+#               kept on hold for a significant fraction  of  $maxi-
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
+#               longer. Use "postsuper -H" only for mail that  will
+#               not expire within a few delivery attempts.
+# 
+#               Note:  this action currently affects all recipients
+#               of the message.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        PREPEND headername: headervalue
+#               Prepend  the  specified  message header to the mes-
+#               sage.  When more than one PREPEND action  executes,
+#               the  first prepended header appears before the sec-
+#               ond etc. prepended header.
+# 
+#               Note: this action must execute before  the  message
+#               content  is received; it cannot execute in the con-
+#               text of smtpd_end_of_data_restrictions.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        REDIRECT user@domain
+#               After  the  message  is queued, send the message to
+#               the  specified  address  instead  of  the  intended
+#               recipient(s).  When multiple REDIRECT actions fire,
+#               only the last one takes effect.
+# 
+#               Note: this action overrides the FILTER action,  and
+#               currently  overrides all recipients of the message.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        INFO optional text...
+#               Log an informational record with the optional text,
+#               together with client information and if  available,
+#               with  helo, sender, recipient and protocol informa-
+#               tion.
+# 
+#               This feature is available in Postfix 3.0 and later.
+# 
+#        WARN optional text...
+#               Log a warning with the optional text, together with
+#               client information and  if  available,  with  helo,
+#               sender, recipient and protocol information.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+# ENHANCED STATUS CODES
+#        Postfix version 2.3  and  later  support  enhanced  status
+#        codes  as  defined  in  RFC 3463.  When an enhanced status
+#        code is specified in an access table,  it  is  subject  to
+#        modification.  The  following  transformations  are needed
+#        when the same access  table  is  used  for  client,  helo,
+#        sender,  or  recipient  access  restrictions;  they happen
+#        regardless of whether Postfix replies to a MAIL FROM, RCPT
+#        TO or other SMTP command.
+# 
+#        o      When  a sender address matches a REJECT action, the
+#               Postfix SMTP server will transform a recipient  DSN
+#               status  (e.g.,  4.1.1-4.1.6) into the corresponding
+#               sender DSN status, and vice versa.
+# 
+#        o      When  non-address  information  matches  a   REJECT
+#               action  (such  as  the HELO command argument or the
+#               client hostname/address), the Postfix  SMTP  server
+#               will  transform  a  sender  or recipient DSN status
+#               into  a  generic  non-address  DSN  status   (e.g.,
+#               4.0.0).
+# 
+# REGULAR EXPRESSION TABLES
+#        This  section  describes how the table lookups change when
+#        the table is given in the form of regular expressions. For
+#        a  description  of regular expression lookup table syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each pattern is a regular expression that  is  applied  to
+#        the entire string being looked up. Depending on the appli-
+#        cation, that string  is  an  entire  client  hostname,  an
+#        entire client IP address, or an entire mail address. Thus,
+#        no  parent  domain  or  parent  network  search  is  done,
+#        user@domain  mail  addresses  are not broken up into their
+#        user@ and domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Patterns  are applied in the order as specified in the ta-
+#        ble, until a pattern is  found  that  matches  the  search
+#        string.
+# 
+#        Actions  are  the  same as with indexed file lookups, with
+#        the additional feature that parenthesized substrings  from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each  lookup  operation uses the entire query string once.
+#        Depending on the application, that  string  is  an  entire
+#        client hostname, an entire client IP address, or an entire
+#        mail address.  Thus, no parent domain  or  parent  network
+#        search  is done, user@domain mail addresses are not broken
+#        up into their user@ and domain constituent parts,  nor  is
+#        user+foo broken up into user and foo.
+# 
+#        Actions are the same as with indexed file lookups.
+# 
+# EXAMPLE
+#        The  following  example  uses an indexed file, so that the
+#        order of table entries does not matter. The  example  per-
+#        mits  access  by the client at address 1.2.3.4 but rejects
+#        all other clients in 1.2.3.0/24. Instead  of  hash  lookup
+#        tables,  some  systems use dbm.  Use the command "postconf
+#        -m" to find out what lookup  tables  Postfix  supports  on
+#        your system.
+# 
+#        /etc/postfix/main.cf:
+#            smtpd_client_restrictions =
+#                check_client_access hash:/etc/postfix/access
+# 
+#        /etc/postfix/access:
+#            1.2.3   REJECT
+#            1.2.3.4 OK
+# 
+#        Execute  the  command  "postmap /etc/postfix/access" after
+#        editing the file.
+# 
+# BUGS
+#        The table format does not understand quoting  conventions.
+# 
+# SEE ALSO
+#        postmap(1), Postfix lookup table manager
+#        smtpd(8), SMTP server
+#        postconf(5), configuration parameters
+#        transport(5), transport:nexthop syntax
+# 
+# README FILES
+#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        tory" to locate this information.
+#        SMTPD_ACCESS_README, built-in SMTP server access control
+#        DATABASE_README, Postfix lookup table overview
+# 
+# LICENSE
+#        The Secure Mailer license must be  distributed  with  this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                      ACCESS(5)

postfix/aliases

@@ -0,0 +1,264 @@
+#
+# Sample aliases file. Install in the location as specified by the
+# output from the command "postconf alias_maps". Typical path names
+# are /etc/aliases or /etc/mail/aliases.
+#
+#	>>>>>>>>>>      The program "newaliases" must be run after
+#	>> NOTE >>      this file is updated for any changes to
+#	>>>>>>>>>>      show through to Postfix.
+#
+
+# Person who should get root's mail. Don't receive mail as root!
+#root:		you
+
+# Basic system aliases -- these MUST be present
+MAILER-DAEMON:	postmaster
+postmaster:	root
+
+# General redirections for pseudo accounts
+bin:		root
+daemon:		root
+named:		root
+nobody:		root
+uucp:		root
+www:		root
+ftp-bugs:	root
+postfix:	root
+
+# Put your local aliases here.
+
+# Well-known aliases
+manager:	root
+dumper:		root
+operator:	root
+abuse:		postmaster
+
+# trap decode to catch security attacks
+decode:		root
+
+# ALIASES(5)                                                          ALIASES(5)
+# 
+# NAME
+#        aliases - Postfix local alias database format
+# 
+# SYNOPSIS
+#        newaliases
+# 
+# DESCRIPTION
+#        The  aliases(5)  table provides a system-wide mechanism to
+#        redirect mail for local recipients. The  redirections  are
+#        processed by the Postfix local(8) delivery agent.
+# 
+#        Normally, the aliases(5) table is specified as a text file
+#        that serves as input  to  the  postalias(1)  command.  The
+#        result,  an  indexed file in dbm or db format, is used for
+#        fast lookup  by  the  mail  system.  Execute  the  command
+#        newaliases  in  order  to  rebuild  the indexed file after
+#        changing the Postfix alias database.
+# 
+#        When the table is provided via other means  such  as  NIS,
+#        LDAP  or  SQL,  the  same lookups are done as for ordinary
+#        indexed files.
+# 
+#        Alternatively, the  table  can  be  provided  as  a  regu-
+#        lar-expression  map  where  patterns  are given as regular
+#        expressions. In this case,  the  lookups  are  done  in  a
+#        slightly  different  way as described below under "REGULAR
+#        EXPRESSION TABLES".
+# 
+#        Users can control delivery of their own mail by setting up
+#        .forward files in their home directory.  Lines in per-user
+#        .forward files have the same syntax as the right-hand side
+#        of aliases(5) entries.
+# 
+#        The format of the alias database input file is as follows:
+# 
+#        o      An alias definition has the form
+# 
+#                    name: value1, value2, ...
+# 
+#        o      Empty lines and whitespace-only lines are  ignored,
+#               as  are  lines whose first non-whitespace character
+#               is a `#'.
+# 
+#        o      A logical line starts with non-whitespace  text.  A
+#               line  that starts with whitespace continues a logi-
+#               cal line.
+# 
+#        The name is a local address (no domain part).  Use  double
+#        quotes  when the name contains any special characters such
+#        as whitespace, `#', `:', or `@'. The  name  is  folded  to
+#        lowercase, in order to make database lookups case insensi-
+#        tive.
+# 
+#        In addition, when an alias  exists  for  owner-name,  this
+#        will  override the envelope sender address, so that deliv-
+#        ery diagnostics are directed to owner-name, instead of the
+#        originator    of    the    message   (for   details,   see
+#        owner_request_special,       expand_owner_alias        and
+#        reset_owner_alias).   This  is  typically  used  to direct
+#        delivery errors to the maintainer of a mailing  list,  who
+#        is in a better position to deal with mailing list delivery
+#        problems than the originator of the undelivered mail.
+# 
+#        The value contains one or more of the following:
+# 
+#        address
+#               Mail is forwarded to address, which  is  compatible
+#               with the RFC 822 standard.
+# 
+#        /file/name
+#               Mail  is  appended  to /file/name. See local(8) for
+#               details of delivery to file.  Delivery is not  lim-
+#               ited  to regular files.  For example, to dispose of
+#               unwanted mail, deflect it to /dev/null.
+# 
+#        |command
+#               Mail is piped into command. Commands  that  contain
+#               special  characters,  such as whitespace, should be
+#               enclosed between double quotes.  See  local(8)  for
+#               details of delivery to command.
+# 
+#               When the command fails, a limited amount of command
+#               output is mailed back  to  the  sender.   The  file
+#               /usr/include/sysexits.h  defines  the expected exit
+#               status codes. For example, use "|exit 67" to  simu-
+#               late  a  "user  unknown"  error,  and  "|exit 0" to
+#               implement an expensive black hole.
+# 
+#        :include:/file/name
+#               Mail is sent to  the  destinations  listed  in  the
+#               named file.  Lines in :include: files have the same
+#               syntax as the right-hand side of alias entries.
+# 
+#               A  destination  can  be  any  destination  that  is
+#               described in this manual page. However, delivery to
+#               "|command" and /file/name is disallowed by default.
+#               To  enable,  edit  the  allow_mail_to_commands  and
+#               allow_mail_to_files configuration parameters.
+# 
+# ADDRESS EXTENSION
+#        When alias database search fails, and the recipient local-
+#        part  contains  the  optional  recipient  delimiter (e.g.,
+#        user+foo), the  search  is  repeated  for  the  unextended
+#        address (e.g., user).
+# 
+#        The   propagate_unmatched_extensions   parameter  controls
+#        whether an unmatched address extension  (+foo)  is  propa-
+#        gated to the result of table lookup.
+# 
+# CASE FOLDING
+#        The local(8) delivery agent always folds the search string
+#        to lowercase before database lookup.
+# 
+# REGULAR EXPRESSION TABLES
+#        This section describes how the table lookups  change  when
+#        the table is given in the form of regular expressions. For
+#        a description of regular expression lookup  table  syntax,
+#        see  regexp_table(5) or pcre_table(5). NOTE: these formats
+#        do not use ":" at the end of a pattern.
+# 
+#        Each regular expression is applied to  the  entire  search
+#        string.  Thus,  a  search string user+foo is not broken up
+#        into user and foo.
+# 
+#        Regular expressions are applied in the order as  specified
+#        in  the  table,  until  a regular expression is found that
+#        matches the search string.
+# 
+#        Lookup results are the same as with indexed file  lookups.
+#        For  security  reasons there is no support for $1, $2 etc.
+#        substring interpolation.
+# 
+# SECURITY
+#        The local(8) delivery agent disallows  regular  expression
+#        substitution  of $1 etc. in alias_maps, because that would
+#        open a security hole.
+# 
+#        The local(8) delivery agent will silently ignore  requests
+#        to  use  the proxymap(8) server within alias_maps. Instead
+#        it will open the table directly.  Before  Postfix  version
+#        2.2,  the  local(8)  delivery  agent will terminate with a
+#        fatal error.
+# 
+# CONFIGURATION PARAMETERS
+#        The following main.cf parameters are especially  relevant.
+#        The  text  below  provides  only  a parameter summary. See
+#        postconf(5) for more details including examples.
+# 
+#        alias_database (see 'postconf -d' output)
+#               The alias databases for local(8) delivery that  are
+#               updated with "newaliases" or with "sendmail -bi".
+# 
+#        alias_maps (see 'postconf -d' output)
+#               The  alias  databases  that  are  used for local(8)
+#               delivery.
+# 
+#        allow_mail_to_commands (alias, forward)
+#               Restrict local(8) mail delivery  to  external  com-
+#               mands.
+# 
+#        allow_mail_to_files (alias, forward)
+#               Restrict  local(8) mail delivery to external files.
+# 
+#        expand_owner_alias (no)
+#               When delivering to an alias "aliasname" that has an
+#               "owner-aliasname" companion alias, set the envelope
+#               sender   address   to   the   expansion   of    the
+#               "owner-aliasname" alias.
+# 
+#        propagate_unmatched_extensions (canonical, virtual)
+#               What  address  lookup tables copy an address exten-
+#               sion from the lookup key to the lookup result.
+# 
+#        owner_request_special (yes)
+#               Enable special treatment for owner-listname entries
+#               in the aliases(5) file, and don't split owner-list-
+#               name and listname-request address  localparts  when
+#               the recipient_delimiter is set to "-".
+# 
+#        recipient_delimiter (empty)
+#               The set of characters that can separate a user name
+#               from its extension (example: user+foo), or a  .for-
+#               ward  file  name from its extension (example: .for-
+#               ward+foo).
+# 
+#        Available in Postfix version 2.3 and later:
+# 
+#        frozen_delivered_to (yes)
+#               Update the local(8) delivery agent's  idea  of  the
+#               Delivered-To:     address    (see    prepend_deliv-
+#               ered_header) only once, at the start of a  delivery
+#               attempt;  do  not  update the Delivered-To: address
+#               while expanding aliases or .forward files.
+# 
+# STANDARDS
+#        RFC 822 (ARPA Internet Text Messages)
+# 
+# SEE ALSO
+#        local(8), local delivery agent
+#        newaliases(1), create/update alias database
+#        postalias(1), create/update alias database
+#        postconf(5), configuration parameters
+# 
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                     ALIASES(5)

postfix/canonical

@@ -0,0 +1,288 @@
+# CANONICAL(5)                                                      CANONICAL(5)
+# 
+# NAME
+#        canonical - Postfix canonical table format
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/canonical
+# 
+#        postmap -q "string" /etc/postfix/canonical
+# 
+#        postmap -q - /etc/postfix/canonical <inputfile
+# 
+# DESCRIPTION
+#        The  optional canonical(5) table specifies an address map-
+#        ping for local and non-local  addresses.  The  mapping  is
+#        used  by the cleanup(8) daemon, before mail is stored into
+#        the queue.  The address mapping is recursive.
+# 
+#        Normally, the canonical(5) table is specified  as  a  text
+#        file  that serves as input to the postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        "postmap /etc/postfix/canonical"  to  rebuild  an  indexed
+#        file after changing the corresponding text file.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those cases, the lookups are done in a slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+#        By default the canonical(5) mapping affects  both  message
+#        header  addresses  (i.e. addresses that appear inside mes-
+#        sages) and message envelope addresses  (for  example,  the
+#        addresses  that  are used in SMTP protocol commands). This
+#        is controlled with the canonical_classes parameter.
+# 
+#        NOTE: Postfix versions 2.2 and later rewrite message head-
+#        ers  from  remote  SMTP clients only if the client matches
+#        the  local_header_rewrite_clients  parameter,  or  if  the
+#        remote_header_rewrite_domain configuration parameter spec-
+#        ifies a non-empty value. To get the behavior before  Post-
+#        fix    2.2,    specify   "local_header_rewrite_clients   =
+#        static:all".
+# 
+#        Typically, one would use the canonical(5) table to replace
+#        login   names   by  Firstname.Lastname,  or  to  clean  up
+#        addresses produced by legacy mail systems.
+# 
+#        The canonical(5) mapping is not to be confused  with  vir-
+#        tual  alias  support or with local aliasing. To change the
+#        destination but not the headers,  use  the  virtual(5)  or
+#        aliases(5) map instead.
+# 
+# CASE FOLDING
+#        The  search  string is folded to lowercase before database
+#        lookup. As of Postfix 2.3, the search string is  not  case
+#        folded  with database types such as regexp: or pcre: whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern address
+#               When  pattern matches a mail address, replace it by
+#               the corresponding address.
+# 
+#        blank lines and comments
+#               Empty lines and whitespace-only lines are  ignored,
+#               as  are  lines whose first non-whitespace character
+#               is a `#'.
+# 
+#        multi-line text
+#               A logical line starts with non-whitespace  text.  A
+#               line  that starts with whitespace continues a logi-
+#               cal line.
+# 
+# TABLE SEARCH ORDER
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
+#        user@domain query produces a sequence of query patterns as
+#        described below.
+# 
+#        Each  query pattern is sent to each specified lookup table
+#        before trying the next query pattern,  until  a  match  is
+#        found.
+# 
+#        user@domain address
+#               Replace  user@domain  by address. This form has the
+#               highest precedence.
+# 
+#               This is useful to clean up  addresses  produced  by
+#               legacy  mail  systems.  It can also be used to pro-
+#               duce Firstname.Lastname style  addresses,  but  see
+#               below for a simpler solution.
+# 
+#        user address
+#               Replace  user@site by address when site is equal to
+#               $myorigin, when site is listed  in  $mydestination,
+#               or   when  it  is  listed  in  $inet_interfaces  or
+#               $proxy_interfaces.
+# 
+#               This form is useful for replacing  login  names  by
+#               Firstname.Lastname.
+# 
+#        @domain address
+#               Replace other addresses in domain by address.  This
+#               form has the lowest precedence.
+# 
+#               Note: @domain is a wild-card.  When  this  form  is
+#               applied  to  recipient  addresses, the Postfix SMTP
+#               server accepts mail for any  recipient  in  domain,
+#               regardless  of whether that recipient exists.  This
+#               may  turn  your  mail  system  into  a  backscatter
+#               source: Postfix first accepts mail for non-existent
+#               recipients and then tries to return  that  mail  as
+#               "undeliverable" to the often forged sender address.
+# 
+# RESULT ADDRESS REWRITING
+#        The lookup result is subject to address rewriting:
+# 
+#        o      When the result  has  the  form  @otherdomain,  the
+#               result becomes the same user in otherdomain.
+# 
+#        o      When  "append_at_myorigin=yes", append "@$myorigin"
+#               to addresses without "@domain".
+# 
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
+#               to addresses without ".domain".
+# 
+# ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
+#        @domain.
+# 
+#        The  propagate_unmatched_extensions   parameter   controls
+#        whether  an  unmatched  address extension (+foo) is propa-
+#        gated to the result of table lookup.
+# 
+# REGULAR EXPRESSION TABLES
+#        This section describes how the table lookups  change  when
+#        the table is given in the form of regular expressions. For
+#        a description of regular expression lookup  table  syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each  pattern  is  a regular expression that is applied to
+#        the entire address being looked up. Thus, user@domain mail
+#        addresses  are  not  broken up into their user and @domain
+#        constituent parts, nor is user+foo broken up into user and
+#        foo.
+# 
+#        Patterns  are applied in the order as specified in the ta-
+#        ble, until a pattern is  found  that  matches  the  search
+#        string.
+# 
+#        Results  are  the  same as with indexed file lookups, with
+#        the additional feature that parenthesized substrings  from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each lookup operation uses the entire address once.  Thus,
+#        user@domain mail addresses are not broken  up  into  their
+#        user and @domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Results are the same as with indexed file lookups.
+# 
+# BUGS
+#        The table format does not understand quoting  conventions.
+# 
+# CONFIGURATION PARAMETERS
+#        The  following main.cf parameters are especially relevant.
+#        The text below provides  only  a  parameter  summary.  See
+#        postconf(5) for more details including examples.
+# 
+#        canonical_classes
+#               What  addresses  are  subject  to canonical address
+#               mapping.
+# 
+#        canonical_maps
+#               List of canonical mapping tables.
+# 
+#        recipient_canonical_maps
+#               Address  mapping  lookup  table  for  envelope  and
+#               header recipient addresses.
+# 
+#        sender_canonical_maps
+#               Address  mapping  lookup  table  for  envelope  and
+#               header sender addresses.
+# 
+#        propagate_unmatched_extensions
+#               A list of address rewriting  or  forwarding  mecha-
+#               nisms  that propagate an address extension from the
+#               original address to the result.   Specify  zero  or
+#               more   of   canonical,   virtual,  alias,  forward,
+#               include, or generic.
+# 
+#        Other parameters of interest:
+# 
+#        inet_interfaces
+#               The network interface addresses  that  this  system
+#               receives mail on.  You need to stop and start Post-
+#               fix when this parameter changes.
+# 
+#        local_header_rewrite_clients
+#               Rewrite message header addresses in mail from these
+#               clients  and  update  incomplete addresses with the
+#               domain name in $myorigin or $mydomain; either don't
+#               rewrite  message headers from other clients at all,
+#               or rewrite message headers  and  update  incomplete
+#               addresses   with   the   domain  specified  in  the
+#               remote_header_rewrite_domain parameter.
+# 
+#        proxy_interfaces
+#               Other interfaces that this machine receives mail on
+#               by way of a proxy agent or network address transla-
+#               tor.
+# 
+#        masquerade_classes
+#               List of address classes  subject  to  masquerading:
+#               zero  or  more of envelope_sender, envelope_recipi-
+#               ent, header_sender, header_recipient.
+# 
+#        masquerade_domains
+#               List of domains that hide  their  subdomain  struc-
+#               ture.
+# 
+#        masquerade_exceptions
+#               List  of user names that are not subject to address
+#               masquerading.
+# 
+#        mydestination
+#               List of domains that  this  mail  system  considers
+#               local.
+# 
+#        myorigin
+#               The domain that is appended to locally-posted mail.
+# 
+#        owner_request_special
+#               Give special treatment to owner-xxx and xxx-request
+#               addresses.
+# 
+#        remote_header_rewrite_domain
+#               Don't  rewrite  message headers from remote clients
+#               at all when this parameter is empty; otherwise, re-
+#               write  message  headers  and  append  the specified
+#               domain name to incomplete addresses.
+# 
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue mail
+#        postmap(1), Postfix lookup table manager
+#        postconf(5), configuration parameters
+#        virtual(5), virtual aliasing
+# 
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+#        ADDRESS_REWRITING_README, address rewriting guide
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                   CANONICAL(5)

postfix/dynamicmaps.cf

@@ -0,0 +1 @@
+# dict-type	so-name (pathname)	dict-function	mkmap-function

postfix/generic

@@ -0,0 +1,250 @@
+# GENERIC(5)                                                          GENERIC(5)
+# 
+# NAME
+#        generic - Postfix generic table format
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/generic
+# 
+#        postmap -q "string" /etc/postfix/generic
+# 
+#        postmap -q - /etc/postfix/generic <inputfile
+# 
+# DESCRIPTION
+#        The optional generic(5) table specifies an address mapping
+#        that applies when mail is delivered. This is the  opposite
+#        of  canonical(5)  mapping,  which  applies  when  mail  is
+#        received.
+# 
+#        Typically, one would use the generic(5) table on a  system
+#        that  does  not have a valid Internet domain name and that
+#        uses  something  like  localdomain.local   instead.    The
+#        generic(5)  table  is  then  used by the smtp(8) client to
+#        transform local mail addresses into  valid  Internet  mail
+#        addresses  when  mail  has to be sent across the Internet.
+#        See the EXAMPLE section at the end of this document.
+# 
+#        The  generic(5)  mapping  affects  both   message   header
+#        addresses (i.e. addresses that appear inside messages) and
+#        message envelope addresses  (for  example,  the  addresses
+#        that are used in SMTP protocol commands).
+# 
+#        Normally, the generic(5) table is specified as a text file
+#        that serves as  input  to  the  postmap(1)  command.   The
+#        result,  an  indexed file in dbm or db format, is used for
+#        fast searching by the mail  system.  Execute  the  command
+#        "postmap  /etc/postfix/generic" to rebuild an indexed file
+#        after changing the corresponding text file.
+# 
+#        When the table is provided via other means  such  as  NIS,
+#        LDAP  or  SQL,  the  same lookups are done as for ordinary
+#        indexed files.
+# 
+#        Alternatively, the  table  can  be  provided  as  a  regu-
+#        lar-expression  map  where  patterns  are given as regular
+#        expressions, or  lookups  can  be  directed  to  TCP-based
+#        server.  In those case, the lookups are done in a slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+# CASE FOLDING
+#        The  search  string is folded to lowercase before database
+#        lookup. As of Postfix 2.3, the search string is  not  case
+#        folded  with database types such as regexp: or pcre: whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern result
+#               When  pattern matches a mail address, replace it by
+#               the corresponding result.
+# 
+#        blank lines and comments
+#               Empty lines and whitespace-only lines are  ignored,
+#               as  are  lines whose first non-whitespace character
+#               is a `#'.
+# 
+#        multi-line text
+#               A logical line starts with non-whitespace  text.  A
+#               line  that starts with whitespace continues a logi-
+#               cal line.
+# 
+# TABLE SEARCH ORDER
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
+#        user@domain query produces a sequence of query patterns as
+#        described below.
+# 
+#        Each  query pattern is sent to each specified lookup table
+#        before trying the next query pattern,  until  a  match  is
+#        found.
+# 
+#        user@domain address
+#               Replace  user@domain  by address. This form has the
+#               highest precedence.
+# 
+#        user address
+#               Replace user@site by address when site is equal  to
+#               $myorigin,  when  site is listed in $mydestination,
+#               or  when  it  is  listed  in  $inet_interfaces   or
+#               $proxy_interfaces.
+# 
+#        @domain address
+#               Replace other addresses in domain by address.  This
+#               form has the lowest precedence.
+# 
+# RESULT ADDRESS REWRITING
+#        The lookup result is subject to address rewriting:
+# 
+#        o      When the result  has  the  form  @otherdomain,  the
+#               result becomes the same user in otherdomain.
+# 
+#        o      When  "append_at_myorigin=yes", append "@$myorigin"
+#               to addresses without "@domain".
+# 
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
+#               to addresses without ".domain".
+# 
+# ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
+#        @domain.
+# 
+#        The  propagate_unmatched_extensions   parameter   controls
+#        whether  an  unmatched  address extension (+foo) is propa-
+#        gated to the result of table lookup.
+# 
+# REGULAR EXPRESSION TABLES
+#        This section describes how the table lookups  change  when
+#        the table is given in the form of regular expressions. For
+#        a description of regular expression lookup  table  syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each  pattern  is  a regular expression that is applied to
+#        the entire address being looked up. Thus, user@domain mail
+#        addresses  are  not  broken up into their user and @domain
+#        constituent parts, nor is user+foo broken up into user and
+#        foo.
+# 
+#        Patterns  are applied in the order as specified in the ta-
+#        ble, until a pattern is  found  that  matches  the  search
+#        string.
+# 
+#        Results  are  the  same as with indexed file lookups, with
+#        the additional feature that parenthesized substrings  from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each lookup operation uses the entire address once.  Thus,
+#        user@domain mail addresses are not broken  up  into  their
+#        user and @domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Results are the same as with indexed file lookups.
+# 
+# EXAMPLE
+#        The following shows a  generic  mapping  with  an  indexed
+#        file.   When  mail is sent to a remote host via SMTP, this
+#        replaces his@localdomain.local by his  ISP  mail  address,
+#        replaces  her@localdomain.local  by  her ISP mail address,
+#        and replaces other local addresses  by  his  ISP  account,
+#        with  an address extension of +local (this example assumes
+#        that the ISP supports "+" style address extensions).
+# 
+#        /etc/postfix/main.cf:
+#            smtp_generic_maps = hash:/etc/postfix/generic
+# 
+#        /etc/postfix/generic:
+#            his@localdomain.local   hisaccount@hisisp.example
+#            her@localdomain.local   heraccount@herisp.example
+#            @localdomain.local      hisaccount+local@hisisp.example
+# 
+#        Execute the command "postmap  /etc/postfix/generic"  when-
+#        ever  the table is changed.  Instead of hash, some systems
+#        use dbm database files. To find out what tables your  sys-
+#        tem supports use the command "postconf -m".
+# 
+# BUGS
+#        The  table format does not understand quoting conventions.
+# 
+# CONFIGURATION PARAMETERS
+#        The following main.cf parameters are especially  relevant.
+#        The  text  below  provides  only  a parameter summary. See
+#        postconf(5) for more details including examples.
+# 
+#        smtp_generic_maps
+#               Address  mapping  lookup  table  for  envelope  and
+#               header  sender and recipient addresses while deliv-
+#               ering mail via SMTP.
+# 
+#        propagate_unmatched_extensions
+#               A list of address rewriting  or  forwarding  mecha-
+#               nisms  that propagate an address extension from the
+#               original address to the result.   Specify  zero  or
+#               more   of   canonical,   virtual,  alias,  forward,
+#               include, or generic.
+# 
+#        Other parameters of interest:
+# 
+#        inet_interfaces
+#               The network interface addresses  that  this  system
+#               receives mail on.  You need to stop and start Post-
+#               fix when this parameter changes.
+# 
+#        proxy_interfaces
+#               Other interfaces that this machine receives mail on
+#               by way of a proxy agent or network address transla-
+#               tor.
+# 
+#        mydestination
+#               List of domains that  this  mail  system  considers
+#               local.
+# 
+#        myorigin
+#               The domain that is appended to locally-posted mail.
+# 
+#        owner_request_special
+#               Give special treatment to owner-xxx and xxx-request
+#               addresses.
+# 
+# SEE ALSO
+#        postmap(1), Postfix lookup table manager
+#        postconf(5), configuration parameters
+#        smtp(8), Postfix SMTP client
+# 
+# README FILES
+#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        tory" to locate this information.
+#        ADDRESS_REWRITING_README, address rewriting guide
+#        DATABASE_README, Postfix lookup table overview
+#        STANDARD_CONFIGURATION_README, configuration examples
+# 
+# LICENSE
+#        The Secure Mailer license must be  distributed  with  this
+#        software.
+# 
+# HISTORY
+#        A genericstable feature appears in the Sendmail MTA.
+# 
+#        This feature is available in Postfix 2.2 and later.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                     GENERIC(5)

postfix/header_checks

@@ -0,0 +1,549 @@
+# HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
+# 
+# NAME
+#        header_checks - Postfix built-in content inspection
+# 
+# SYNOPSIS
+#        header_checks = pcre:/etc/postfix/header_checks
+#        mime_header_checks = pcre:/etc/postfix/mime_header_checks
+#        nested_header_checks = pcre:/etc/postfix/nested_header_checks
+#        body_checks = pcre:/etc/postfix/body_checks
+# 
+#        milter_header_checks = pcre:/etc/postfix/milter_header_checks
+# 
+#        smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
+#        smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
+#        smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
+#        smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
+# 
+#        postmap -q "string" pcre:/etc/postfix/filename
+#        postmap -q - pcre:/etc/postfix/filename <inputfile
+# 
+# DESCRIPTION
+#        This  document  describes access control on the content of
+#        message headers and message body lines; it is  implemented
+#        by  the  Postfix  cleanup(8) server before mail is queued.
+#        See access(5) for access control  on  remote  SMTP  client
+#        information.
+# 
+#        Each  message  header  or  message  body  line is compared
+#        against a list of patterns.  When a  match  is  found  the
+#        corresponding action is executed, and the matching process
+#        is repeated for the next message header  or  message  body
+#        line.
+# 
+#        Note: message headers are examined one logical header at a
+#        time, even when a message  header  spans  multiple  lines.
+#        Body lines are always examined one line at a time.
+# 
+#        For  examples, see the EXAMPLES section at the end of this
+#        manual page.
+# 
+#        Postfix header or body_checks are designed to stop a flood
+#        of  mail from worms or viruses; they do not decode attach-
+#        ments, and they do not unzip archives. See  the  documents
+#        referenced  below  in the README FILES section if you need
+#        more sophisticated content analysis.
+# 
+# FILTERS WHILE RECEIVING MAIL
+#        Postfix implements the  following  four  built-in  content
+#        inspection classes while receiving mail:
+# 
+#        header_checks (default: empty)
+#               These   are  applied  to  initial  message  headers
+#               (except for the headers  that  are  processed  with
+#               mime_header_checks).
+# 
+#        mime_header_checks (default: $header_checks)
+#               These  are  applied to MIME related message headers
+#               only.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        nested_header_checks (default: $header_checks)
+#               These  are  applied  to message headers of attached
+#               email messages (except for  the  headers  that  are
+#               processed with mime_header_checks).
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        body_checks
+#               These are applied to all other  content,  including
+#               multi-part message boundaries.
+# 
+#               With Postfix versions before 2.0, all content after
+#               the initial message headers is treated as body con-
+#               tent.
+# 
+# FILTERS AFTER RECEIVING MAIL
+#        Postfix  supports a subset of the built-in content inspec-
+#        tion classes after the message is received:
+# 
+#        milter_header_checks (default: empty)
+#               These are applied to headers that  are  added  with
+#               Milter applications.
+# 
+#               This feature is available in Postfix 2.7 and later.
+# 
+# FILTERS WHILE DELIVERING MAIL
+#        Postfix supports all four content inspection classes while
+#        delivering mail via SMTP.
+# 
+#        smtp_header_checks (default: empty)
+# 
+#        smtp_mime_header_checks (default: empty)
+# 
+#        smtp_nested_header_checks (default: empty)
+# 
+#        smtp_body_checks (default: empty)
+#               These  features  are  available  in Postfix 2.5 and
+#               later.
+# 
+# COMPATIBILITY
+#        With Postfix version 2.2 and earlier specify "postmap -fq"
+#        to query a table that contains case sensitive patterns. By
+#        default, regexp: and pcre: patterns are case  insensitive.
+# 
+# TABLE FORMAT
+#        This  document  assumes  that header and body_checks rules
+#        are specified in the form of  Postfix  regular  expression
+#        lookup  tables.  Usually  the best performance is obtained
+#        with pcre (Perl Compatible Regular Expression) tables. The
+#        regexp  (POSIX  regular  expressions)  tables  are usually
+#        slower, but more widely available.  Use the command "post-
+#        conf  -m" to find out what lookup table types your Postfix
+#        system supports.
+# 
+#        The general format of Postfix regular expression tables is
+#        given  below.   For  a  discussion  of specific pattern or
+#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+#        respectively.
+# 
+#        /pattern/flags action
+#               When  /pattern/  matches  the input string, execute
+#               the corresponding action. See below for a  list  of
+#               possible actions.
+# 
+#        !/pattern/flags action
+#               When  /pattern/  does  not  match the input string,
+#               execute the corresponding action.
+# 
+#        if /pattern/flags
+# 
+#        endif  If the input string matches /pattern/,  then  match
+#               that  input  string against the patterns between if
+#               and endif.  The if..endif can nest.
+# 
+#               Note: do not prepend whitespace to patterns  inside
+#               if..endif.
+# 
+#        if !/pattern/flags
+# 
+#        endif  If  the input string does not match /pattern/, then
+#               match  that  input  string  against  the   patterns
+#               between if and endif. The if..endif can nest.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  pattern/action  line  starts with non-whitespace
+#               text. A line that starts with whitespace  continues
+#               a logical line.
+# 
+# TABLE SEARCH ORDER
+#        For  each  line of message input, the patterns are applied
+#        in the order as specified in the table. When a pattern  is
+#        found  that  matches  the  input  line,  the corresponding
+#        action is  executed  and  then  the  next  input  line  is
+#        inspected.
+# 
+# TEXT SUBSTITUTION
+#        Substitution  of  substrings  from  the matched expression
+#        into the action string is possible using the  conventional
+#        Perl  syntax  ($1,  $2,  etc.).   The macros in the result
+#        string may need to be written as  ${n}  or  $(n)  if  they
+#        aren't followed by whitespace.
+# 
+#        Note:  since negated patterns (those preceded by !) return
+#        a result when the expression does not match, substitutions
+#        are not available for negated patterns.
+# 
+# ACTIONS
+#        Action names are case insensitive. They are shown in upper
+#        case for consistency with other Postfix documentation.
+# 
+#        BCC user@domain
+#               Add the specified address as a BCC  recipient,  and
+#               inspect  the next input line. The address must have
+#               a local part and domain part.  The  number  of  BCC
+#               addresses  that can be added is limited only by the
+#               amount of available storage space.
+# 
+#               Note 1: the BCC address is added as if it was spec-
+#               ified  with  NOTIFY=NONE.  The  sender  will not be
+#               notified when the BCC address is undeliverable,  as
+#               long  as  all  down-stream  software implements RFC
+#               3461.
+# 
+#               Note 2: this ignores duplicate addresses (with  the
+#               same delivery status notification options).
+# 
+#               This feature is available in Postfix 3.0 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        DISCARD optional text...
+#               Claim  successful delivery and silently discard the
+#               message.  Do not inspect the remainder of the input
+#               message.   Log the optional text if specified, oth-
+#               erwise log a generic message.
+# 
+#               Note:  this  action  disables  further  header   or
+#               body_checks  inspection  of the current message and
+#               affects all recipients.  To discard only one recip-
+#               ient without discarding the entire message, use the
+#               transport(5) table to direct mail to the discard(8)
+#               service.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        DUNNO  Pretend  that the input line did not match any pat-
+#               tern, and inspect the next input line. This  action
+#               can be used to shorten the table search.
+# 
+#               For  backwards  compatibility reasons, Postfix also
+#               accepts OK but it is (and always has been)  treated
+#               as DUNNO.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        FILTER transport:destination
+#               Override the content_filter parameter setting,  and
+#               inspect  the next input line.  After the message is
+#               queued, send the entire message through the  speci-
+#               fied  external  content  filter. The transport name
+#               specifies the first field of a mail delivery  agent
+#               definition in master.cf; the syntax of the next-hop
+#               destination is described in the manual page of  the
+#               corresponding  delivery  agent.   More  information
+#               about external content filters is  in  the  Postfix
+#               FILTER_README file.
+# 
+#               Note  1: do not use $number regular expression sub-
+#               stitutions for transport or destination unless  you
+#               know that the information has a trusted origin.
+# 
+#               Note  2:  this  action  overrides  the main.cf con-
+#               tent_filter setting, and affects all recipients  of
+#               the  message.  In  the  case  that  multiple FILTER
+#               actions fire, only the last one is executed.
+# 
+#               Note 3: the purpose of the  FILTER  command  is  to
+#               override  message routing.  To override the recipi-
+#               ent's transport but not the  next-hop  destination,
+#               specify  an  empty  filter destination (Postfix 2.7
+#               and later), or specify a transport:destination that
+#               delivers   through  a  different  Postfix  instance
+#               (Postfix 2.6 and earlier). Other options are  using
+#               the  recipient-dependent transport_maps or the sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        HOLD optional text...
+#               Arrange  for  the  message to be placed on the hold
+#               queue, and inspect the next input line.   The  mes-
+#               sage  remains  on hold until someone either deletes
+#               it or releases it for delivery.  Log  the  optional
+#               text if specified, otherwise log a generic message.
+# 
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
+#               released with the postsuper(1) command.
+# 
+#               Note: use "postsuper -r" to release mail  that  was
+#               kept  on  hold for a significant fraction of $maxi-
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
+#               longer.  Use "postsuper -H" only for mail that will
+#               not expire within a few delivery attempts.
+# 
+#               Note: this action affects  all  recipients  of  the
+#               message.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        IGNORE Delete the current line from the input, and inspect
+#               the next input line. See STRIP for  an  alternative
+#               that logs the action.
+# 
+#        INFO optional text...
+#               Log an "info:" record with the optional text... (or
+#               log a generic text), and  inspect  the  next  input
+#               line.  This action is useful for routine logging or
+#               for debugging.
+# 
+#               This feature is available in Postfix 2.8 and later.
+# 
+#        PASS optional text...
+#               Log  a "pass:" record with the optional text... (or
+#               log a generic text), and turn off header, body, and
+#               Milter  inspection  for  the remainder of this mes-
+#               sage.
+# 
+#               Note: this feature relies on trust  in  information
+#               that is easy to forge.
+# 
+#               This feature is available in Postfix 3.2 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        PREPEND text...
+#               Prepend  one  line  with  the  specified  text, and
+#               inspect the next input line.
+# 
+#               Notes:
+# 
+#               o      The prepended text is output on  a  separate
+#                      line,  immediately  before  the  input  that
+#                      triggered the PREPEND action.
+# 
+#               o      The prepended text is not considered part of
+#                      the  input  stream:  it  is  not  subject to
+#                      header/body checks or address rewriting, and
+#                      it does not affect the way that Postfix adds
+#                      missing message headers.
+# 
+#               o      When prepending text before a message header
+#                      line,  the  prepended text must begin with a
+#                      valid message header label.
+# 
+#               o      This  action  cannot  be  used  to   prepend
+#                      multi-line text.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#               This   feature   is   not   supported   with   mil-
+#               ter_header_checks.
+# 
+#        REDIRECT user@domain
+#               Write  a  message  redirection request to the queue
+#               file, and inspect the next input  line.  After  the
+#               message is queued, it will be sent to the specified
+#               address instead of the intended recipient(s).
+# 
+#               Note: this action overrides the FILTER action,  and
+#               affects  all recipients of the message. If multiple
+#               REDIRECT actions fire, only the last  one  is  exe-
+#               cuted.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        REPLACE text...
+#               Replace  the  current line with the specified text,
+#               and inspect the next input line.
+# 
+#               This feature is available in Postfix 2.2 and later.
+#               The  description below applies to Postfix 2.2.2 and
+#               later.
+# 
+#               Notes:
+# 
+#               o      When replacing a message  header  line,  the
+#                      replacement  text  must  begin  with a valid
+#                      header label.
+# 
+#               o      The replaced text remains part of the  input
+#                      stream.  Unlike  the result from the PREPEND
+#                      action, a replaced  message  header  may  be
+#                      subject  to address rewriting and may affect
+#                      the way that Postfix  adds  missing  message
+#                      headers.
+# 
+#        REJECT optional text...
+#               Reject  the  entire  message.  Do  not  inspect the
+#               remainder  of  the  input  message.    Reply   with
+#               optional  text...  when the optional text is speci-
+#               fied, otherwise reply with a generic error message.
+# 
+#               Note:   this  action  disables  further  header  or
+#               body_checks inspection of the current  message  and
+#               affects all recipients.
+# 
+#               Postfix version 2.3 and later support enhanced sta-
+#               tus codes.  When no code is specified at the begin-
+#               ning of optional text..., Postfix inserts a default
+#               enhanced status code of "5.7.1".
+# 
+#               This feature is not supported with smtp header/body
+#               checks.
+# 
+#        STRIP optional text...
+#               Log a "strip:" record with the optional text... (or
+#               log a generic text), delete the input line from the
+#               input,  and inspect the next input line. See IGNORE
+#               for a silent alternative.
+# 
+#               This feature is available in Postfix 3.2 and later.
+# 
+#        WARN optional text...
+#               Log  a  "warning:" record with the optional text...
+#               (or log a generic text), and inspect the next input
+#               line.  This  action is useful for debugging and for
+#               testing a  pattern  before  applying  more  drastic
+#               actions.
+# 
+# BUGS
+#        Empty lines never match, because some map types mis-behave
+#        when given a zero-length search string.   This  limitation
+#        may  be  removed for regular expression tables in a future
+#        release.
+# 
+#        Many people overlook the main limitations  of  header  and
+#        body_checks rules.
+# 
+#        o      These  rules  operate on one logical message header
+#               or one body line at a time. A decision made for one
+#               line is not carried over to the next line.
+# 
+#        o      If  text  in the message body is encoded (RFC 2045)
+#               then the rules need to be specified for the encoded
+#               form.
+# 
+#        o      Likewise,  when  message  headers  are encoded (RFC
+#               2047) then the rules need to be specified  for  the
+#               encoded form.
+# 
+#        Message  headers added by the cleanup(8) daemon itself are
+#        excluded from inspection. Examples of such message headers
+#        are From:, To:, Message-ID:, Date:.
+# 
+#        Message  headers  deleted by the cleanup(8) daemon will be
+#        examined before they are deleted. Examples are: Bcc:, Con-
+#        tent-Length:, Return-Path:.
+# 
+# CONFIGURATION PARAMETERS
+#        body_checks
+#               Lookup tables with content filter rules for message
+#               body lines.  These filters see one physical line at
+#               a  time,  in  chunks  of at most $line_length_limit
+#               bytes.
+# 
+#        body_checks_size_limit
+#               The amount of  content  per  message  body  segment
+#               (attachment) that is subjected to $body_checks fil-
+#               tering.
+# 
+#        header_checks
+# 
+#        mime_header_checks (default: $header_checks)
+# 
+#        nested_header_checks (default: $header_checks)
+#               Lookup tables with content filter rules for message
+#               header  lines:  respectively,  these are applied to
+#               the initial message  headers  (not  including  MIME
+#               headers),  to the MIME headers anywhere in the mes-
+#               sage, and to the initial headers of  attached  mes-
+#               sages.
+# 
+#               Note:  these filters see one logical message header
+#               at a time, even when a message header spans  multi-
+#               ple  lines.  Message  headers  that are longer than
+#               $header_size_limit characters are truncated.
+# 
+#        disable_mime_input_processing
+#               While receiving mail, give no special treatment  to
+#               MIME  related  message  headers; all text after the
+#               initial message headers is considered to be part of
+#               the  message body. This means that header_checks is
+#               applied to all the  initial  message  headers,  and
+#               that body_checks is applied to the remainder of the
+#               message.
+# 
+#               Note: when used in this  manner,  body_checks  will
+#               process  a  multi-line message header one line at a
+#               time.
+# 
+# EXAMPLES
+#        Header pattern to block attachments  with  bad  file  name
+#        extensions.   For  convenience, the PCRE /x flag is speci-
+#        fied, so that there is no need  to  collapse  the  pattern
+#        into   a   single  line  of  text.   The  purpose  of  the
+#        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
+#        strings.
+# 
+#        /etc/postfix/main.cf:
+#            header_checks = pcre:/etc/postfix/header_checks.pcre
+# 
+#        /etc/postfix/header_checks.pcre:
+#            /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
+#              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
+#              hlp|ht[at]|
+#              inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
+#              \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
+#              ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
+#              vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
+#                REJECT Attachment name "$2" may not end with ".$4"
+# 
+#        Body pattern to stop a specific HTML browser vulnerability
+#        exploit.
+# 
+#        /etc/postfix/main.cf:
+#            body_checks = regexp:/etc/postfix/body_checks
+# 
+#        /etc/postfix/body_checks:
+#            /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+#                REJECT IFRAME vulnerability exploit
+# 
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue Postfix message
+#        pcre_table(5), format of PCRE lookup tables
+#        regexp_table(5), format of POSIX regular expression tables
+#        postconf(1), Postfix configuration utility
+#        postmap(1), Postfix lookup table management
+#        postsuper(1), Postfix janitor
+#        postcat(1), show Postfix queue file contents
+#        RFC 2045, base64 and quoted-printable encoding rules
+#        RFC 2047, message header encoding for non-ASCII text
+# 
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+#        CONTENT_INSPECTION_README, Postfix content inspection overview
+#        BUILTIN_FILTER_README, Postfix built-in content inspection
+#        BACKSCATTER_README, blocking returned forged mail
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                               HEADER_CHECKS(5)

postfix/main.cf

@@ -0,0 +1,678 @@
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 2
+
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing.  When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+queue_directory = /var/spool/postfix
+
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/lib/postfix
+
+# The data_directory parameter specifies the location of Postfix-writable
+# data files (caches, random numbers). This directory must be owned
+# by the mail_owner account (see below).
+#
+data_directory = /var/lib/postfix
+
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes.  Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+mail_owner = postfix
+
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+
+# INTERNET HOST AND DOMAIN NAMES
+# 
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+
+# SENDING MAIL
+# 
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites.  If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+#myorigin = $myhostname
+#myorigin = $mydomain
+
+# RECEIVING MAIL
+
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on.  By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+#inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain + localhost.  On
+# a mail domain gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+#mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
+
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+#   For example, you define $mydestination domain recipients in    
+#   the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+#   feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+# 
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+
+# TRUST AND RELAY CONTROL
+
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to.  See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+#   subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+# 
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+# 
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace.  Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+
+# INTERNET OR INTRANET
+
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+# 
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+# 
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+# 
+# Specify 0 to disable the feature. Valid delays are 0..10.
+# 
+#in_flow_delay = 1s
+
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+# 
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+#alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi".  This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+#alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+ 
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception:  delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /some/where/procmail
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
+
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+# Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
+# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
+#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
+#
+# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
+# subsequent line in master.cf.
+#mailbox_transport = cyrus
+
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/file/name
+#fallback_transport = cyrus
+#fallback_transport =
+
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients.  By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+  
+# JUNK MAIL CONTROLS
+# 
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+# 
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+# 
+#fast_flush_domains = $relay_domains
+
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+# 
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+debug_peer_level = 2
+
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	>$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen session, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	-dmS $process_name gdb $daemon_directory/$process_name
+#	$process_id & sleep 1
+
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+# 
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+# 
+sendmail_path = /usr/sbin/sendmail
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases
+
+# mailq_path: The full pathname of the Postfix mailq command.  This
+# is the Sendmail-compatible mail queue listing command.
+# 
+mailq_path = /usr/bin/mailq
+
+# setgid_group: The group for mail submission and queue management
+# commands.  This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group = postdrop
+
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory = no
+
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory = /usr/share/man
+
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory = /etc/postfix
+
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory = /usr/share/doc/postfix/readme
+inet_protocols = ipv4
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib/postfix

postfix/master.cf

@@ -0,0 +1,132 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args