@@ -1,18 +1,12 @@ | |||
FROM alpine:3.4 | |||
FROM alpine:3.8 | |||
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com> | |||
RUN echo '@testing http://nl.alpinelinux.org/alpine/edge/testing' |tee -a /etc/apk/repositories && \ | |||
apk update && \ | |||
RUN apk update && \ | |||
apk upgrade && \ | |||
apk add tzdata rsyslog postfix runit@testing | |||
apk add tzdata rsyslog postfix runit ca-certificates | |||
# tzdata - so that TZ environment variable gets processed | |||
# rsyslog - to log postfix service into /var/log/maillog file | |||
# Not in use currently: | |||
# - ca-certificates | |||
# - coreutils | |||
# - bind-tools | |||
# tzdata - for passing TZ environment variable. | |||
# rsyslog - to log postfix service into /var/log/maillog file. | |||
COPY service /etc/service/ | |||
ENTRYPOINT runsvdir -P /etc/service |
@@ -0,0 +1,12 @@ | |||
## postfix container | |||
Runs postfix container. | |||
## runit | |||
runit - a UNIX init scheme with service supervision. | |||
- http://kchard.github.io/runit-quickstart/ | |||
- http://smarden.org/runit/runsv.8.html | |||
- http://smarden.org/runit/sv.8.html | |||
- http://smarden.org/runit/chpst.8.html |
@@ -0,0 +1,493 @@ | |||
# ACCESS(5) ACCESS(5) | |||
# | |||
# NAME | |||
# access - Postfix SMTP server access table | |||
# | |||
# SYNOPSIS | |||
# postmap /etc/postfix/access | |||
# | |||
# postmap -q "string" /etc/postfix/access | |||
# | |||
# postmap -q - /etc/postfix/access <inputfile | |||
# | |||
# DESCRIPTION | |||
# This document describes access control on remote SMTP | |||
# client information: host names, network addresses, and | |||
# envelope sender or recipient addresses; it is implemented | |||
# by the Postfix SMTP server. See header_checks(5) or | |||
# body_checks(5) for access control on the content of email | |||
# messages. | |||
# | |||
# Normally, the access(5) table is specified as a text file | |||
# that serves as input to the postmap(1) command. The | |||
# result, an indexed file in dbm or db format, is used for | |||
# fast searching by the mail system. Execute the command | |||
# "postmap /etc/postfix/access" to rebuild an indexed file | |||
# after changing the corresponding text file. | |||
# | |||
# When the table is provided via other means such as NIS, | |||
# LDAP or SQL, the same lookups are done as for ordinary | |||
# indexed files. | |||
# | |||
# Alternatively, the table can be provided as a regu- | |||
# lar-expression map where patterns are given as regular | |||
# expressions, or lookups can be directed to TCP-based | |||
# server. In those cases, the lookups are done in a slightly | |||
# different way as described below under "REGULAR EXPRESSION | |||
# TABLES" or "TCP-BASED TABLES". | |||
# | |||
# CASE FOLDING | |||
# The search string is folded to lowercase before database | |||
# lookup. As of Postfix 2.3, the search string is not case | |||
# folded with database types such as regexp: or pcre: whose | |||
# lookup fields can match both upper and lower case. | |||
# | |||
# TABLE FORMAT | |||
# The input format for the postmap(1) command is as follows: | |||
# | |||
# pattern action | |||
# When pattern matches a mail address, domain or host | |||
# address, perform the corresponding action. | |||
# | |||
# blank lines and comments | |||
# Empty lines and whitespace-only lines are ignored, | |||
# as are lines whose first non-whitespace character | |||
# is a `#'. | |||
# | |||
# multi-line text | |||
# A logical line starts with non-whitespace text. A | |||
# line that starts with whitespace continues a logi- | |||
# cal line. | |||
# | |||
# EMAIL ADDRESS PATTERNS | |||
# With lookups from indexed files such as DB or DBM, or from | |||
# networked tables such as NIS, LDAP or SQL, patterns are | |||
# tried in the order as listed below: | |||
# | |||
# user@domain | |||
# Matches the specified mail address. | |||
# | |||
# domain.tld | |||
# Matches domain.tld as the domain part of an email | |||
# address. | |||
# | |||
# The pattern domain.tld also matches subdomains, but | |||
# only when the string smtpd_access_maps is listed in | |||
# the Postfix parent_domain_matches_subdomains con- | |||
# figuration setting. | |||
# | |||
# .domain.tld | |||
# Matches subdomains of domain.tld, but only when the | |||
# string smtpd_access_maps is not listed in the Post- | |||
# fix parent_domain_matches_subdomains configuration | |||
# setting. | |||
# | |||
# user@ Matches all mail addresses with the specified user | |||
# part. | |||
# | |||
# Note: lookup of the null sender address is not possible | |||
# with some types of lookup table. By default, Postfix uses | |||
# <> as the lookup key for such addresses. The value is | |||
# specified with the smtpd_null_access_lookup_key parameter | |||
# in the Postfix main.cf file. | |||
# | |||
# EMAIL ADDRESS EXTENSION | |||
# When a mail address localpart contains the optional recip- | |||
# ient delimiter (e.g., user+foo@domain), the lookup order | |||
# becomes: user+foo@domain, user@domain, domain, user+foo@, | |||
# and user@. | |||
# | |||
# HOST NAME/ADDRESS PATTERNS | |||
# With lookups from indexed files such as DB or DBM, or from | |||
# networked tables such as NIS, LDAP or SQL, the following | |||
# lookup patterns are examined in the order as listed: | |||
# | |||
# domain.tld | |||
# Matches domain.tld. | |||
# | |||
# The pattern domain.tld also matches subdomains, but | |||
# only when the string smtpd_access_maps is listed in | |||
# the Postfix parent_domain_matches_subdomains con- | |||
# figuration setting. | |||
# | |||
# .domain.tld | |||
# Matches subdomains of domain.tld, but only when the | |||
# string smtpd_access_maps is not listed in the Post- | |||
# fix parent_domain_matches_subdomains configuration | |||
# setting. | |||
# | |||
# net.work.addr.ess | |||
# | |||
# net.work.addr | |||
# | |||
# net.work | |||
# | |||
# net Matches the specified IPv4 host address or subnet- | |||
# work. An IPv4 host address is a sequence of four | |||
# decimal octets separated by ".". | |||
# | |||
# Subnetworks are matched by repeatedly truncating | |||
# the last ".octet" from the remote IPv4 host address | |||
# string until a match is found in the access table, | |||
# or until further truncation is not possible. | |||
# | |||
# NOTE 1: The access map lookup key must be in canon- | |||
# ical form: do not specify unnecessary null charac- | |||
# ters, and do not enclose network address informa- | |||
# tion with "[]" characters. | |||
# | |||
# NOTE 2: use the cidr lookup table type to specify | |||
# network/netmask patterns. See cidr_table(5) for | |||
# details. | |||
# | |||
# net:work:addr:ess | |||
# | |||
# net:work:addr | |||
# | |||
# net:work | |||
# | |||
# net Matches the specified IPv6 host address or subnet- | |||
# work. An IPv6 host address is a sequence of three | |||
# to eight hexadecimal octet pairs separated by ":". | |||
# | |||
# Subnetworks are matched by repeatedly truncating | |||
# the last ":octetpair" from the remote IPv6 host | |||
# address string until a match is found in the access | |||
# table, or until further truncation is not possible. | |||
# | |||
# NOTE 1: the truncation and comparison are done with | |||
# the string representation of the IPv6 host address. | |||
# Thus, not all the ":" subnetworks will be tried. | |||
# | |||
# NOTE 2: The access map lookup key must be in canon- | |||
# ical form: do not specify unnecessary null charac- | |||
# ters, and do not enclose network address informa- | |||
# tion with "[]" characters. | |||
# | |||
# NOTE 3: use the cidr lookup table type to specify | |||
# network/netmask patterns. See cidr_table(5) for | |||
# details. | |||
# | |||
# IPv6 support is available in Postfix 2.2 and later. | |||
# | |||
# ACCEPT ACTIONS | |||
# OK Accept the address etc. that matches the pattern. | |||
# | |||
# all-numerical | |||
# An all-numerical result is treated as OK. This for- | |||
# mat is generated by address-based relay authoriza- | |||
# tion schemes such as pop-before-smtp. | |||
# | |||
# For other accept actions, see "OTHER ACTIONS" below. | |||
# | |||
# REJECT ACTIONS | |||
# Postfix version 2.3 and later support enhanced status | |||
# codes as defined in RFC 3463. When no code is specified | |||
# at the beginning of the text below, Postfix inserts a | |||
# default enhanced status code of "5.7.1" in the case of | |||
# reject actions, and "4.7.1" in the case of defer actions. | |||
# See "ENHANCED STATUS CODES" below. | |||
# | |||
# 4NN text | |||
# | |||
# 5NN text | |||
# Reject the address etc. that matches the pattern, | |||
# and respond with the numerical three-digit code and | |||
# text. 4NN means "try again later", while 5NN means | |||
# "do not try again". | |||
# | |||
# The following responses have special meaning for | |||
# the Postfix SMTP server: | |||
# | |||
# 421 text (Postfix 2.3 and later) | |||
# | |||
# 521 text (Postfix 2.6 and later) | |||
# After responding with the numerical | |||
# three-digit code and text, disconnect imme- | |||
# diately from the SMTP client. This frees up | |||
# SMTP server resources so that they can be | |||
# made available to another SMTP client. | |||
# | |||
# Note: The "521" response should be used only | |||
# with botnets and other malware where inter- | |||
# operability is of no concern. The "send 521 | |||
# and disconnect" behavior is NOT defined in | |||
# the SMTP standard. | |||
# | |||
# REJECT optional text... | |||
# Reject the address etc. that matches the pattern. | |||
# Reply with "$access_map_reject_code optional | |||
# text..." when the optional text is specified, oth- | |||
# erwise reply with a generic error response message. | |||
# | |||
# DEFER optional text... | |||
# Reject the address etc. that matches the pattern. | |||
# Reply with "$access_map_defer_code optional | |||
# text..." when the optional text is specified, oth- | |||
# erwise reply with a generic error response message. | |||
# | |||
# This feature is available in Postfix 2.6 and later. | |||
# | |||
# DEFER_IF_REJECT optional text... | |||
# Defer the request if some later restriction would | |||
# result in a REJECT action. Reply with | |||
# "$access_map_defer_code 4.7.1 optional text..." | |||
# when the optional text is specified, otherwise | |||
# reply with a generic error response message. | |||
# | |||
# Prior to Postfix 2.6, the SMTP reply code is 450. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# DEFER_IF_PERMIT optional text... | |||
# Defer the request if some later restriction would | |||
# result in a an explicit or implicit PERMIT action. | |||
# Reply with "$access_map_defer_code 4.7.1 optional | |||
# text..." when the optional text is specified, oth- | |||
# erwise reply with a generic error response message. | |||
# | |||
# Prior to Postfix 2.6, the SMTP reply code is 450. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# For other reject actions, see "OTHER ACTIONS" below. | |||
# | |||
# OTHER ACTIONS | |||
# restriction... | |||
# Apply the named UCE restriction(s) (permit, reject, | |||
# reject_unauth_destination, and so on). | |||
# | |||
# BCC user@domain | |||
# Send one copy of the message to the specified | |||
# recipient. | |||
# | |||
# If multiple BCC actions are specified within the | |||
# same SMTP MAIL transaction, with Postfix 3.0 only | |||
# the last action will be used. | |||
# | |||
# This feature is available in Postfix 3.0 and later. | |||
# | |||
# DISCARD optional text... | |||
# Claim successful delivery and silently discard the | |||
# message. Log the optional text if specified, oth- | |||
# erwise log a generic message. | |||
# | |||
# Note: this action currently affects all recipients | |||
# of the message. To discard only one recipient | |||
# without discarding the entire message, use the | |||
# transport(5) table to direct mail to the discard(8) | |||
# service. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# DUNNO Pretend that the lookup key was not found. This | |||
# prevents Postfix from trying substrings of the | |||
# lookup key (such as a subdomain name, or a network | |||
# address subnetwork). | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# FILTER transport:destination | |||
# After the message is queued, send the entire mes- | |||
# sage through the specified external content filter. | |||
# The transport name specifies the first field of a | |||
# mail delivery agent definition in master.cf; the | |||
# syntax of the next-hop destination is described in | |||
# the manual page of the corresponding delivery | |||
# agent. More information about external content | |||
# filters is in the Postfix FILTER_README file. | |||
# | |||
# Note 1: do not use $number regular expression sub- | |||
# stitutions for transport or destination unless you | |||
# know that the information has a trusted origin. | |||
# | |||
# Note 2: this action overrides the main.cf con- | |||
# tent_filter setting, and affects all recipients of | |||
# the message. In the case that multiple FILTER | |||
# actions fire, only the last one is executed. | |||
# | |||
# Note 3: the purpose of the FILTER command is to | |||
# override message routing. To override the recipi- | |||
# ent's transport but not the next-hop destination, | |||
# specify an empty filter destination (Postfix 2.7 | |||
# and later), or specify a transport:destination that | |||
# delivers through a different Postfix instance | |||
# (Postfix 2.6 and earlier). Other options are using | |||
# the recipient-dependent transport_maps or the sen- | |||
# der-dependent sender_dependent_default_transport- | |||
# _maps features. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# HOLD optional text... | |||
# Place the message on the hold queue, where it will | |||
# sit until someone either deletes it or releases it | |||
# for delivery. Log the optional text if specified, | |||
# otherwise log a generic message. | |||
# | |||
# Mail that is placed on hold can be examined with | |||
# the postcat(1) command, and can be destroyed or | |||
# released with the postsuper(1) command. | |||
# | |||
# Note: use "postsuper -r" to release mail that was | |||
# kept on hold for a significant fraction of $maxi- | |||
# mal_queue_lifetime or $bounce_queue_lifetime, or | |||
# longer. Use "postsuper -H" only for mail that will | |||
# not expire within a few delivery attempts. | |||
# | |||
# Note: this action currently affects all recipients | |||
# of the message. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# PREPEND headername: headervalue | |||
# Prepend the specified message header to the mes- | |||
# sage. When more than one PREPEND action executes, | |||
# the first prepended header appears before the sec- | |||
# ond etc. prepended header. | |||
# | |||
# Note: this action must execute before the message | |||
# content is received; it cannot execute in the con- | |||
# text of smtpd_end_of_data_restrictions. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# REDIRECT user@domain | |||
# After the message is queued, send the message to | |||
# the specified address instead of the intended | |||
# recipient(s). When multiple REDIRECT actions fire, | |||
# only the last one takes effect. | |||
# | |||
# Note: this action overrides the FILTER action, and | |||
# currently overrides all recipients of the message. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# INFO optional text... | |||
# Log an informational record with the optional text, | |||
# together with client information and if available, | |||
# with helo, sender, recipient and protocol informa- | |||
# tion. | |||
# | |||
# This feature is available in Postfix 3.0 and later. | |||
# | |||
# WARN optional text... | |||
# Log a warning with the optional text, together with | |||
# client information and if available, with helo, | |||
# sender, recipient and protocol information. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# ENHANCED STATUS CODES | |||
# Postfix version 2.3 and later support enhanced status | |||
# codes as defined in RFC 3463. When an enhanced status | |||
# code is specified in an access table, it is subject to | |||
# modification. The following transformations are needed | |||
# when the same access table is used for client, helo, | |||
# sender, or recipient access restrictions; they happen | |||
# regardless of whether Postfix replies to a MAIL FROM, RCPT | |||
# TO or other SMTP command. | |||
# | |||
# o When a sender address matches a REJECT action, the | |||
# Postfix SMTP server will transform a recipient DSN | |||
# status (e.g., 4.1.1-4.1.6) into the corresponding | |||
# sender DSN status, and vice versa. | |||
# | |||
# o When non-address information matches a REJECT | |||
# action (such as the HELO command argument or the | |||
# client hostname/address), the Postfix SMTP server | |||
# will transform a sender or recipient DSN status | |||
# into a generic non-address DSN status (e.g., | |||
# 4.0.0). | |||
# | |||
# REGULAR EXPRESSION TABLES | |||
# This section describes how the table lookups change when | |||
# the table is given in the form of regular expressions. For | |||
# a description of regular expression lookup table syntax, | |||
# see regexp_table(5) or pcre_table(5). | |||
# | |||
# Each pattern is a regular expression that is applied to | |||
# the entire string being looked up. Depending on the appli- | |||
# cation, that string is an entire client hostname, an | |||
# entire client IP address, or an entire mail address. Thus, | |||
# no parent domain or parent network search is done, | |||
# user@domain mail addresses are not broken up into their | |||
# user@ and domain constituent parts, nor is user+foo broken | |||
# up into user and foo. | |||
# | |||
# Patterns are applied in the order as specified in the ta- | |||
# ble, until a pattern is found that matches the search | |||
# string. | |||
# | |||
# Actions are the same as with indexed file lookups, with | |||
# the additional feature that parenthesized substrings from | |||
# the pattern can be interpolated as $1, $2 and so on. | |||
# | |||
# TCP-BASED TABLES | |||
# This section describes how the table lookups change when | |||
# lookups are directed to a TCP-based server. For a descrip- | |||
# tion of the TCP client/server lookup protocol, see tcp_ta- | |||
# ble(5). This feature is not available up to and including | |||
# Postfix version 2.4. | |||
# | |||
# Each lookup operation uses the entire query string once. | |||
# Depending on the application, that string is an entire | |||
# client hostname, an entire client IP address, or an entire | |||
# mail address. Thus, no parent domain or parent network | |||
# search is done, user@domain mail addresses are not broken | |||
# up into their user@ and domain constituent parts, nor is | |||
# user+foo broken up into user and foo. | |||
# | |||
# Actions are the same as with indexed file lookups. | |||
# | |||
# EXAMPLE | |||
# The following example uses an indexed file, so that the | |||
# order of table entries does not matter. The example per- | |||
# mits access by the client at address 1.2.3.4 but rejects | |||
# all other clients in 1.2.3.0/24. Instead of hash lookup | |||
# tables, some systems use dbm. Use the command "postconf | |||
# -m" to find out what lookup tables Postfix supports on | |||
# your system. | |||
# | |||
# /etc/postfix/main.cf: | |||
# smtpd_client_restrictions = | |||
# check_client_access hash:/etc/postfix/access | |||
# | |||
# /etc/postfix/access: | |||
# 1.2.3 REJECT | |||
# 1.2.3.4 OK | |||
# | |||
# Execute the command "postmap /etc/postfix/access" after | |||
# editing the file. | |||
# | |||
# BUGS | |||
# The table format does not understand quoting conventions. | |||
# | |||
# SEE ALSO | |||
# postmap(1), Postfix lookup table manager | |||
# smtpd(8), SMTP server | |||
# postconf(5), configuration parameters | |||
# transport(5), transport:nexthop syntax | |||
# | |||
# README FILES | |||
# Use "postconf readme_directory" or "postconf html_direc- | |||
# tory" to locate this information. | |||
# SMTPD_ACCESS_README, built-in SMTP server access control | |||
# DATABASE_README, Postfix lookup table overview | |||
# | |||
# LICENSE | |||
# The Secure Mailer license must be distributed with this | |||
# software. | |||
# | |||
# AUTHOR(S) | |||
# Wietse Venema | |||
# IBM T.J. Watson Research | |||
# P.O. Box 704 | |||
# Yorktown Heights, NY 10598, USA | |||
# | |||
# Wietse Venema | |||
# Google, Inc. | |||
# 111 8th Avenue | |||
# New York, NY 10011, USA | |||
# | |||
# ACCESS(5) |
@@ -0,0 +1,264 @@ | |||
# | |||
# Sample aliases file. Install in the location as specified by the | |||
# output from the command "postconf alias_maps". Typical path names | |||
# are /etc/aliases or /etc/mail/aliases. | |||
# | |||
# >>>>>>>>>> The program "newaliases" must be run after | |||
# >> NOTE >> this file is updated for any changes to | |||
# >>>>>>>>>> show through to Postfix. | |||
# | |||
# Person who should get root's mail. Don't receive mail as root! | |||
#root: you | |||
# Basic system aliases -- these MUST be present | |||
MAILER-DAEMON: postmaster | |||
postmaster: root | |||
# General redirections for pseudo accounts | |||
bin: root | |||
daemon: root | |||
named: root | |||
nobody: root | |||
uucp: root | |||
www: root | |||
ftp-bugs: root | |||
postfix: root | |||
# Put your local aliases here. | |||
# Well-known aliases | |||
manager: root | |||
dumper: root | |||
operator: root | |||
abuse: postmaster | |||
# trap decode to catch security attacks | |||
decode: root | |||
# ALIASES(5) ALIASES(5) | |||
# | |||
# NAME | |||
# aliases - Postfix local alias database format | |||
# | |||
# SYNOPSIS | |||
# newaliases | |||
# | |||
# DESCRIPTION | |||
# The aliases(5) table provides a system-wide mechanism to | |||
# redirect mail for local recipients. The redirections are | |||
# processed by the Postfix local(8) delivery agent. | |||
# | |||
# Normally, the aliases(5) table is specified as a text file | |||
# that serves as input to the postalias(1) command. The | |||
# result, an indexed file in dbm or db format, is used for | |||
# fast lookup by the mail system. Execute the command | |||
# newaliases in order to rebuild the indexed file after | |||
# changing the Postfix alias database. | |||
# | |||
# When the table is provided via other means such as NIS, | |||
# LDAP or SQL, the same lookups are done as for ordinary | |||
# indexed files. | |||
# | |||
# Alternatively, the table can be provided as a regu- | |||
# lar-expression map where patterns are given as regular | |||
# expressions. In this case, the lookups are done in a | |||
# slightly different way as described below under "REGULAR | |||
# EXPRESSION TABLES". | |||
# | |||
# Users can control delivery of their own mail by setting up | |||
# .forward files in their home directory. Lines in per-user | |||
# .forward files have the same syntax as the right-hand side | |||
# of aliases(5) entries. | |||
# | |||
# The format of the alias database input file is as follows: | |||
# | |||
# o An alias definition has the form | |||
# | |||
# name: value1, value2, ... | |||
# | |||
# o Empty lines and whitespace-only lines are ignored, | |||
# as are lines whose first non-whitespace character | |||
# is a `#'. | |||
# | |||
# o A logical line starts with non-whitespace text. A | |||
# line that starts with whitespace continues a logi- | |||
# cal line. | |||
# | |||
# The name is a local address (no domain part). Use double | |||
# quotes when the name contains any special characters such | |||
# as whitespace, `#', `:', or `@'. The name is folded to | |||
# lowercase, in order to make database lookups case insensi- | |||
# tive. | |||
# | |||
# In addition, when an alias exists for owner-name, this | |||
# will override the envelope sender address, so that deliv- | |||
# ery diagnostics are directed to owner-name, instead of the | |||
# originator of the message (for details, see | |||
# owner_request_special, expand_owner_alias and | |||
# reset_owner_alias). This is typically used to direct | |||
# delivery errors to the maintainer of a mailing list, who | |||
# is in a better position to deal with mailing list delivery | |||
# problems than the originator of the undelivered mail. | |||
# | |||
# The value contains one or more of the following: | |||
# | |||
# address | |||
# Mail is forwarded to address, which is compatible | |||
# with the RFC 822 standard. | |||
# | |||
# /file/name | |||
# Mail is appended to /file/name. See local(8) for | |||
# details of delivery to file. Delivery is not lim- | |||
# ited to regular files. For example, to dispose of | |||
# unwanted mail, deflect it to /dev/null. | |||
# | |||
# |command | |||
# Mail is piped into command. Commands that contain | |||
# special characters, such as whitespace, should be | |||
# enclosed between double quotes. See local(8) for | |||
# details of delivery to command. | |||
# | |||
# When the command fails, a limited amount of command | |||
# output is mailed back to the sender. The file | |||
# /usr/include/sysexits.h defines the expected exit | |||
# status codes. For example, use "|exit 67" to simu- | |||
# late a "user unknown" error, and "|exit 0" to | |||
# implement an expensive black hole. | |||
# | |||
# :include:/file/name | |||
# Mail is sent to the destinations listed in the | |||
# named file. Lines in :include: files have the same | |||
# syntax as the right-hand side of alias entries. | |||
# | |||
# A destination can be any destination that is | |||
# described in this manual page. However, delivery to | |||
# "|command" and /file/name is disallowed by default. | |||
# To enable, edit the allow_mail_to_commands and | |||
# allow_mail_to_files configuration parameters. | |||
# | |||
# ADDRESS EXTENSION | |||
# When alias database search fails, and the recipient local- | |||
# part contains the optional recipient delimiter (e.g., | |||
# user+foo), the search is repeated for the unextended | |||
# address (e.g., user). | |||
# | |||
# The propagate_unmatched_extensions parameter controls | |||
# whether an unmatched address extension (+foo) is propa- | |||
# gated to the result of table lookup. | |||
# | |||
# CASE FOLDING | |||
# The local(8) delivery agent always folds the search string | |||
# to lowercase before database lookup. | |||
# | |||
# REGULAR EXPRESSION TABLES | |||
# This section describes how the table lookups change when | |||
# the table is given in the form of regular expressions. For | |||
# a description of regular expression lookup table syntax, | |||
# see regexp_table(5) or pcre_table(5). NOTE: these formats | |||
# do not use ":" at the end of a pattern. | |||
# | |||
# Each regular expression is applied to the entire search | |||
# string. Thus, a search string user+foo is not broken up | |||
# into user and foo. | |||
# | |||
# Regular expressions are applied in the order as specified | |||
# in the table, until a regular expression is found that | |||
# matches the search string. | |||
# | |||
# Lookup results are the same as with indexed file lookups. | |||
# For security reasons there is no support for $1, $2 etc. | |||
# substring interpolation. | |||
# | |||
# SECURITY | |||
# The local(8) delivery agent disallows regular expression | |||
# substitution of $1 etc. in alias_maps, because that would | |||
# open a security hole. | |||
# | |||
# The local(8) delivery agent will silently ignore requests | |||
# to use the proxymap(8) server within alias_maps. Instead | |||
# it will open the table directly. Before Postfix version | |||
# 2.2, the local(8) delivery agent will terminate with a | |||
# fatal error. | |||
# | |||
# CONFIGURATION PARAMETERS | |||
# The following main.cf parameters are especially relevant. | |||
# The text below provides only a parameter summary. See | |||
# postconf(5) for more details including examples. | |||
# | |||
# alias_database (see 'postconf -d' output) | |||
# The alias databases for local(8) delivery that are | |||
# updated with "newaliases" or with "sendmail -bi". | |||
# | |||
# alias_maps (see 'postconf -d' output) | |||
# The alias databases that are used for local(8) | |||
# delivery. | |||
# | |||
# allow_mail_to_commands (alias, forward) | |||
# Restrict local(8) mail delivery to external com- | |||
# mands. | |||
# | |||
# allow_mail_to_files (alias, forward) | |||
# Restrict local(8) mail delivery to external files. | |||
# | |||
# expand_owner_alias (no) | |||
# When delivering to an alias "aliasname" that has an | |||
# "owner-aliasname" companion alias, set the envelope | |||
# sender address to the expansion of the | |||
# "owner-aliasname" alias. | |||
# | |||
# propagate_unmatched_extensions (canonical, virtual) | |||
# What address lookup tables copy an address exten- | |||
# sion from the lookup key to the lookup result. | |||
# | |||
# owner_request_special (yes) | |||
# Enable special treatment for owner-listname entries | |||
# in the aliases(5) file, and don't split owner-list- | |||
# name and listname-request address localparts when | |||
# the recipient_delimiter is set to "-". | |||
# | |||
# recipient_delimiter (empty) | |||
# The set of characters that can separate a user name | |||
# from its extension (example: user+foo), or a .for- | |||
# ward file name from its extension (example: .for- | |||
# ward+foo). | |||
# | |||
# Available in Postfix version 2.3 and later: | |||
# | |||
# frozen_delivered_to (yes) | |||
# Update the local(8) delivery agent's idea of the | |||
# Delivered-To: address (see prepend_deliv- | |||
# ered_header) only once, at the start of a delivery | |||
# attempt; do not update the Delivered-To: address | |||
# while expanding aliases or .forward files. | |||
# | |||
# STANDARDS | |||
# RFC 822 (ARPA Internet Text Messages) | |||
# | |||
# SEE ALSO | |||
# local(8), local delivery agent | |||
# newaliases(1), create/update alias database | |||
# postalias(1), create/update alias database | |||
# postconf(5), configuration parameters | |||
# | |||
# README FILES | |||
# Use "postconf readme_directory" or "postconf html_direc- | |||
# tory" to locate this information. | |||
# DATABASE_README, Postfix lookup table overview | |||
# | |||
# LICENSE | |||
# The Secure Mailer license must be distributed with this | |||
# software. | |||
# | |||
# AUTHOR(S) | |||
# Wietse Venema | |||
# IBM T.J. Watson Research | |||
# P.O. Box 704 | |||
# Yorktown Heights, NY 10598, USA | |||
# | |||
# Wietse Venema | |||
# Google, Inc. | |||
# 111 8th Avenue | |||
# New York, NY 10011, USA | |||
# | |||
# ALIASES(5) |
@@ -0,0 +1,288 @@ | |||
# CANONICAL(5) CANONICAL(5) | |||
# | |||
# NAME | |||
# canonical - Postfix canonical table format | |||
# | |||
# SYNOPSIS | |||
# postmap /etc/postfix/canonical | |||
# | |||
# postmap -q "string" /etc/postfix/canonical | |||
# | |||
# postmap -q - /etc/postfix/canonical <inputfile | |||
# | |||
# DESCRIPTION | |||
# The optional canonical(5) table specifies an address map- | |||
# ping for local and non-local addresses. The mapping is | |||
# used by the cleanup(8) daemon, before mail is stored into | |||
# the queue. The address mapping is recursive. | |||
# | |||
# Normally, the canonical(5) table is specified as a text | |||
# file that serves as input to the postmap(1) command. The | |||
# result, an indexed file in dbm or db format, is used for | |||
# fast searching by the mail system. Execute the command | |||
# "postmap /etc/postfix/canonical" to rebuild an indexed | |||
# file after changing the corresponding text file. | |||
# | |||
# When the table is provided via other means such as NIS, | |||
# LDAP or SQL, the same lookups are done as for ordinary | |||
# indexed files. | |||
# | |||
# Alternatively, the table can be provided as a regu- | |||
# lar-expression map where patterns are given as regular | |||
# expressions, or lookups can be directed to TCP-based | |||
# server. In those cases, the lookups are done in a slightly | |||
# different way as described below under "REGULAR EXPRESSION | |||
# TABLES" or "TCP-BASED TABLES". | |||
# | |||
# By default the canonical(5) mapping affects both message | |||
# header addresses (i.e. addresses that appear inside mes- | |||
# sages) and message envelope addresses (for example, the | |||
# addresses that are used in SMTP protocol commands). This | |||
# is controlled with the canonical_classes parameter. | |||
# | |||
# NOTE: Postfix versions 2.2 and later rewrite message head- | |||
# ers from remote SMTP clients only if the client matches | |||
# the local_header_rewrite_clients parameter, or if the | |||
# remote_header_rewrite_domain configuration parameter spec- | |||
# ifies a non-empty value. To get the behavior before Post- | |||
# fix 2.2, specify "local_header_rewrite_clients = | |||
# static:all". | |||
# | |||
# Typically, one would use the canonical(5) table to replace | |||
# login names by Firstname.Lastname, or to clean up | |||
# addresses produced by legacy mail systems. | |||
# | |||
# The canonical(5) mapping is not to be confused with vir- | |||
# tual alias support or with local aliasing. To change the | |||
# destination but not the headers, use the virtual(5) or | |||
# aliases(5) map instead. | |||
# | |||
# CASE FOLDING | |||
# The search string is folded to lowercase before database | |||
# lookup. As of Postfix 2.3, the search string is not case | |||
# folded with database types such as regexp: or pcre: whose | |||
# lookup fields can match both upper and lower case. | |||
# | |||
# TABLE FORMAT | |||
# The input format for the postmap(1) command is as follows: | |||
# | |||
# pattern address | |||
# When pattern matches a mail address, replace it by | |||
# the corresponding address. | |||
# | |||
# blank lines and comments | |||
# Empty lines and whitespace-only lines are ignored, | |||
# as are lines whose first non-whitespace character | |||
# is a `#'. | |||
# | |||
# multi-line text | |||
# A logical line starts with non-whitespace text. A | |||
# line that starts with whitespace continues a logi- | |||
# cal line. | |||
# | |||
# TABLE SEARCH ORDER | |||
# With lookups from indexed files such as DB or DBM, or from | |||
# networked tables such as NIS, LDAP or SQL, each | |||
# user@domain query produces a sequence of query patterns as | |||
# described below. | |||
# | |||
# Each query pattern is sent to each specified lookup table | |||
# before trying the next query pattern, until a match is | |||
# found. | |||
# | |||
# user@domain address | |||
# Replace user@domain by address. This form has the | |||
# highest precedence. | |||
# | |||
# This is useful to clean up addresses produced by | |||
# legacy mail systems. It can also be used to pro- | |||
# duce Firstname.Lastname style addresses, but see | |||
# below for a simpler solution. | |||
# | |||
# user address | |||
# Replace user@site by address when site is equal to | |||
# $myorigin, when site is listed in $mydestination, | |||
# or when it is listed in $inet_interfaces or | |||
# $proxy_interfaces. | |||
# | |||
# This form is useful for replacing login names by | |||
# Firstname.Lastname. | |||
# | |||
# @domain address | |||
# Replace other addresses in domain by address. This | |||
# form has the lowest precedence. | |||
# | |||
# Note: @domain is a wild-card. When this form is | |||
# applied to recipient addresses, the Postfix SMTP | |||
# server accepts mail for any recipient in domain, | |||
# regardless of whether that recipient exists. This | |||
# may turn your mail system into a backscatter | |||
# source: Postfix first accepts mail for non-existent | |||
# recipients and then tries to return that mail as | |||
# "undeliverable" to the often forged sender address. | |||
# | |||
# RESULT ADDRESS REWRITING | |||
# The lookup result is subject to address rewriting: | |||
# | |||
# o When the result has the form @otherdomain, the | |||
# result becomes the same user in otherdomain. | |||
# | |||
# o When "append_at_myorigin=yes", append "@$myorigin" | |||
# to addresses without "@domain". | |||
# | |||
# o When "append_dot_mydomain=yes", append ".$mydomain" | |||
# to addresses without ".domain". | |||
# | |||
# ADDRESS EXTENSION | |||
# When a mail address localpart contains the optional recip- | |||
# ient delimiter (e.g., user+foo@domain), the lookup order | |||
# becomes: user+foo@domain, user@domain, user+foo, user, and | |||
# @domain. | |||
# | |||
# The propagate_unmatched_extensions parameter controls | |||
# whether an unmatched address extension (+foo) is propa- | |||
# gated to the result of table lookup. | |||
# | |||
# REGULAR EXPRESSION TABLES | |||
# This section describes how the table lookups change when | |||
# the table is given in the form of regular expressions. For | |||
# a description of regular expression lookup table syntax, | |||
# see regexp_table(5) or pcre_table(5). | |||
# | |||
# Each pattern is a regular expression that is applied to | |||
# the entire address being looked up. Thus, user@domain mail | |||
# addresses are not broken up into their user and @domain | |||
# constituent parts, nor is user+foo broken up into user and | |||
# foo. | |||
# | |||
# Patterns are applied in the order as specified in the ta- | |||
# ble, until a pattern is found that matches the search | |||
# string. | |||
# | |||
# Results are the same as with indexed file lookups, with | |||
# the additional feature that parenthesized substrings from | |||
# the pattern can be interpolated as $1, $2 and so on. | |||
# | |||
# TCP-BASED TABLES | |||
# This section describes how the table lookups change when | |||
# lookups are directed to a TCP-based server. For a descrip- | |||
# tion of the TCP client/server lookup protocol, see tcp_ta- | |||
# ble(5). This feature is not available up to and including | |||
# Postfix version 2.4. | |||
# | |||
# Each lookup operation uses the entire address once. Thus, | |||
# user@domain mail addresses are not broken up into their | |||
# user and @domain constituent parts, nor is user+foo broken | |||
# up into user and foo. | |||
# | |||
# Results are the same as with indexed file lookups. | |||
# | |||
# BUGS | |||
# The table format does not understand quoting conventions. | |||
# | |||
# CONFIGURATION PARAMETERS | |||
# The following main.cf parameters are especially relevant. | |||
# The text below provides only a parameter summary. See | |||
# postconf(5) for more details including examples. | |||
# | |||
# canonical_classes | |||
# What addresses are subject to canonical address | |||
# mapping. | |||
# | |||
# canonical_maps | |||
# List of canonical mapping tables. | |||
# | |||
# recipient_canonical_maps | |||
# Address mapping lookup table for envelope and | |||
# header recipient addresses. | |||
# | |||
# sender_canonical_maps | |||
# Address mapping lookup table for envelope and | |||
# header sender addresses. | |||
# | |||
# propagate_unmatched_extensions | |||
# A list of address rewriting or forwarding mecha- | |||
# nisms that propagate an address extension from the | |||
# original address to the result. Specify zero or | |||
# more of canonical, virtual, alias, forward, | |||
# include, or generic. | |||
# | |||
# Other parameters of interest: | |||
# | |||
# inet_interfaces | |||
# The network interface addresses that this system | |||
# receives mail on. You need to stop and start Post- | |||
# fix when this parameter changes. | |||
# | |||
# local_header_rewrite_clients | |||
# Rewrite message header addresses in mail from these | |||
# clients and update incomplete addresses with the | |||
# domain name in $myorigin or $mydomain; either don't | |||
# rewrite message headers from other clients at all, | |||
# or rewrite message headers and update incomplete | |||
# addresses with the domain specified in the | |||
# remote_header_rewrite_domain parameter. | |||
# | |||
# proxy_interfaces | |||
# Other interfaces that this machine receives mail on | |||
# by way of a proxy agent or network address transla- | |||
# tor. | |||
# | |||
# masquerade_classes | |||
# List of address classes subject to masquerading: | |||
# zero or more of envelope_sender, envelope_recipi- | |||
# ent, header_sender, header_recipient. | |||
# | |||
# masquerade_domains | |||
# List of domains that hide their subdomain struc- | |||
# ture. | |||
# | |||
# masquerade_exceptions | |||
# List of user names that are not subject to address | |||
# masquerading. | |||
# | |||
# mydestination | |||
# List of domains that this mail system considers | |||
# local. | |||
# | |||
# myorigin | |||
# The domain that is appended to locally-posted mail. | |||
# | |||
# owner_request_special | |||
# Give special treatment to owner-xxx and xxx-request | |||
# addresses. | |||
# | |||
# remote_header_rewrite_domain | |||
# Don't rewrite message headers from remote clients | |||
# at all when this parameter is empty; otherwise, re- | |||
# write message headers and append the specified | |||
# domain name to incomplete addresses. | |||
# | |||
# SEE ALSO | |||
# cleanup(8), canonicalize and enqueue mail | |||
# postmap(1), Postfix lookup table manager | |||
# postconf(5), configuration parameters | |||
# virtual(5), virtual aliasing | |||
# | |||
# README FILES | |||
# Use "postconf readme_directory" or "postconf html_direc- | |||
# tory" to locate this information. | |||
# DATABASE_README, Postfix lookup table overview | |||
# ADDRESS_REWRITING_README, address rewriting guide | |||
# | |||
# LICENSE | |||
# The Secure Mailer license must be distributed with this | |||
# software. | |||
# | |||
# AUTHOR(S) | |||
# Wietse Venema | |||
# IBM T.J. Watson Research | |||
# P.O. Box 704 | |||
# Yorktown Heights, NY 10598, USA | |||
# | |||
# Wietse Venema | |||
# Google, Inc. | |||
# 111 8th Avenue | |||
# New York, NY 10011, USA | |||
# | |||
# CANONICAL(5) |
@@ -0,0 +1 @@ | |||
# dict-type so-name (pathname) dict-function mkmap-function |
@@ -0,0 +1,250 @@ | |||
# GENERIC(5) GENERIC(5) | |||
# | |||
# NAME | |||
# generic - Postfix generic table format | |||
# | |||
# SYNOPSIS | |||
# postmap /etc/postfix/generic | |||
# | |||
# postmap -q "string" /etc/postfix/generic | |||
# | |||
# postmap -q - /etc/postfix/generic <inputfile | |||
# | |||
# DESCRIPTION | |||
# The optional generic(5) table specifies an address mapping | |||
# that applies when mail is delivered. This is the opposite | |||
# of canonical(5) mapping, which applies when mail is | |||
# received. | |||
# | |||
# Typically, one would use the generic(5) table on a system | |||
# that does not have a valid Internet domain name and that | |||
# uses something like localdomain.local instead. The | |||
# generic(5) table is then used by the smtp(8) client to | |||
# transform local mail addresses into valid Internet mail | |||
# addresses when mail has to be sent across the Internet. | |||
# See the EXAMPLE section at the end of this document. | |||
# | |||
# The generic(5) mapping affects both message header | |||
# addresses (i.e. addresses that appear inside messages) and | |||
# message envelope addresses (for example, the addresses | |||
# that are used in SMTP protocol commands). | |||
# | |||
# Normally, the generic(5) table is specified as a text file | |||
# that serves as input to the postmap(1) command. The | |||
# result, an indexed file in dbm or db format, is used for | |||
# fast searching by the mail system. Execute the command | |||
# "postmap /etc/postfix/generic" to rebuild an indexed file | |||
# after changing the corresponding text file. | |||
# | |||
# When the table is provided via other means such as NIS, | |||
# LDAP or SQL, the same lookups are done as for ordinary | |||
# indexed files. | |||
# | |||
# Alternatively, the table can be provided as a regu- | |||
# lar-expression map where patterns are given as regular | |||
# expressions, or lookups can be directed to TCP-based | |||
# server. In those case, the lookups are done in a slightly | |||
# different way as described below under "REGULAR EXPRESSION | |||
# TABLES" or "TCP-BASED TABLES". | |||
# | |||
# CASE FOLDING | |||
# The search string is folded to lowercase before database | |||
# lookup. As of Postfix 2.3, the search string is not case | |||
# folded with database types such as regexp: or pcre: whose | |||
# lookup fields can match both upper and lower case. | |||
# | |||
# TABLE FORMAT | |||
# The input format for the postmap(1) command is as follows: | |||
# | |||
# pattern result | |||
# When pattern matches a mail address, replace it by | |||
# the corresponding result. | |||
# | |||
# blank lines and comments | |||
# Empty lines and whitespace-only lines are ignored, | |||
# as are lines whose first non-whitespace character | |||
# is a `#'. | |||
# | |||
# multi-line text | |||
# A logical line starts with non-whitespace text. A | |||
# line that starts with whitespace continues a logi- | |||
# cal line. | |||
# | |||
# TABLE SEARCH ORDER | |||
# With lookups from indexed files such as DB or DBM, or from | |||
# networked tables such as NIS, LDAP or SQL, each | |||
# user@domain query produces a sequence of query patterns as | |||
# described below. | |||
# | |||
# Each query pattern is sent to each specified lookup table | |||
# before trying the next query pattern, until a match is | |||
# found. | |||
# | |||
# user@domain address | |||
# Replace user@domain by address. This form has the | |||
# highest precedence. | |||
# | |||
# user address | |||
# Replace user@site by address when site is equal to | |||
# $myorigin, when site is listed in $mydestination, | |||
# or when it is listed in $inet_interfaces or | |||
# $proxy_interfaces. | |||
# | |||
# @domain address | |||
# Replace other addresses in domain by address. This | |||
# form has the lowest precedence. | |||
# | |||
# RESULT ADDRESS REWRITING | |||
# The lookup result is subject to address rewriting: | |||
# | |||
# o When the result has the form @otherdomain, the | |||
# result becomes the same user in otherdomain. | |||
# | |||
# o When "append_at_myorigin=yes", append "@$myorigin" | |||
# to addresses without "@domain". | |||
# | |||
# o When "append_dot_mydomain=yes", append ".$mydomain" | |||
# to addresses without ".domain". | |||
# | |||
# ADDRESS EXTENSION | |||
# When a mail address localpart contains the optional recip- | |||
# ient delimiter (e.g., user+foo@domain), the lookup order | |||
# becomes: user+foo@domain, user@domain, user+foo, user, and | |||
# @domain. | |||
# | |||
# The propagate_unmatched_extensions parameter controls | |||
# whether an unmatched address extension (+foo) is propa- | |||
# gated to the result of table lookup. | |||
# | |||
# REGULAR EXPRESSION TABLES | |||
# This section describes how the table lookups change when | |||
# the table is given in the form of regular expressions. For | |||
# a description of regular expression lookup table syntax, | |||
# see regexp_table(5) or pcre_table(5). | |||
# | |||
# Each pattern is a regular expression that is applied to | |||
# the entire address being looked up. Thus, user@domain mail | |||
# addresses are not broken up into their user and @domain | |||
# constituent parts, nor is user+foo broken up into user and | |||
# foo. | |||
# | |||
# Patterns are applied in the order as specified in the ta- | |||
# ble, until a pattern is found that matches the search | |||
# string. | |||
# | |||
# Results are the same as with indexed file lookups, with | |||
# the additional feature that parenthesized substrings from | |||
# the pattern can be interpolated as $1, $2 and so on. | |||
# | |||
# TCP-BASED TABLES | |||
# This section describes how the table lookups change when | |||
# lookups are directed to a TCP-based server. For a descrip- | |||
# tion of the TCP client/server lookup protocol, see tcp_ta- | |||
# ble(5). This feature is not available up to and including | |||
# Postfix version 2.4. | |||
# | |||
# Each lookup operation uses the entire address once. Thus, | |||
# user@domain mail addresses are not broken up into their | |||
# user and @domain constituent parts, nor is user+foo broken | |||
# up into user and foo. | |||
# | |||
# Results are the same as with indexed file lookups. | |||
# | |||
# EXAMPLE | |||
# The following shows a generic mapping with an indexed | |||
# file. When mail is sent to a remote host via SMTP, this | |||
# replaces his@localdomain.local by his ISP mail address, | |||
# replaces her@localdomain.local by her ISP mail address, | |||
# and replaces other local addresses by his ISP account, | |||
# with an address extension of +local (this example assumes | |||
# that the ISP supports "+" style address extensions). | |||
# | |||
# /etc/postfix/main.cf: | |||
# smtp_generic_maps = hash:/etc/postfix/generic | |||
# | |||
# /etc/postfix/generic: | |||
# his@localdomain.local hisaccount@hisisp.example | |||
# her@localdomain.local heraccount@herisp.example | |||
# @localdomain.local hisaccount+local@hisisp.example | |||
# | |||
# Execute the command "postmap /etc/postfix/generic" when- | |||
# ever the table is changed. Instead of hash, some systems | |||
# use dbm database files. To find out what tables your sys- | |||
# tem supports use the command "postconf -m". | |||
# | |||
# BUGS | |||
# The table format does not understand quoting conventions. | |||
# | |||
# CONFIGURATION PARAMETERS | |||
# The following main.cf parameters are especially relevant. | |||
# The text below provides only a parameter summary. See | |||
# postconf(5) for more details including examples. | |||
# | |||
# smtp_generic_maps | |||
# Address mapping lookup table for envelope and | |||
# header sender and recipient addresses while deliv- | |||
# ering mail via SMTP. | |||
# | |||
# propagate_unmatched_extensions | |||
# A list of address rewriting or forwarding mecha- | |||
# nisms that propagate an address extension from the | |||
# original address to the result. Specify zero or | |||
# more of canonical, virtual, alias, forward, | |||
# include, or generic. | |||
# | |||
# Other parameters of interest: | |||
# | |||
# inet_interfaces | |||
# The network interface addresses that this system | |||
# receives mail on. You need to stop and start Post- | |||
# fix when this parameter changes. | |||
# | |||
# proxy_interfaces | |||
# Other interfaces that this machine receives mail on | |||
# by way of a proxy agent or network address transla- | |||
# tor. | |||
# | |||
# mydestination | |||
# List of domains that this mail system considers | |||
# local. | |||
# | |||
# myorigin | |||
# The domain that is appended to locally-posted mail. | |||
# | |||
# owner_request_special | |||
# Give special treatment to owner-xxx and xxx-request | |||
# addresses. | |||
# | |||
# SEE ALSO | |||
# postmap(1), Postfix lookup table manager | |||
# postconf(5), configuration parameters | |||
# smtp(8), Postfix SMTP client | |||
# | |||
# README FILES | |||
# Use "postconf readme_directory" or "postconf html_direc- | |||
# tory" to locate this information. | |||
# ADDRESS_REWRITING_README, address rewriting guide | |||
# DATABASE_README, Postfix lookup table overview | |||
# STANDARD_CONFIGURATION_README, configuration examples | |||
# | |||
# LICENSE | |||
# The Secure Mailer license must be distributed with this | |||
# software. | |||
# | |||
# HISTORY | |||
# A genericstable feature appears in the Sendmail MTA. | |||
# | |||
# This feature is available in Postfix 2.2 and later. | |||
# | |||
# AUTHOR(S) | |||
# Wietse Venema | |||
# IBM T.J. Watson Research | |||
# P.O. Box 704 | |||
# Yorktown Heights, NY 10598, USA | |||
# | |||
# Wietse Venema | |||
# Google, Inc. | |||
# 111 8th Avenue | |||
# New York, NY 10011, USA | |||
# | |||
# GENERIC(5) |
@@ -0,0 +1,549 @@ | |||
# HEADER_CHECKS(5) HEADER_CHECKS(5) | |||
# | |||
# NAME | |||
# header_checks - Postfix built-in content inspection | |||
# | |||
# SYNOPSIS | |||
# header_checks = pcre:/etc/postfix/header_checks | |||
# mime_header_checks = pcre:/etc/postfix/mime_header_checks | |||
# nested_header_checks = pcre:/etc/postfix/nested_header_checks | |||
# body_checks = pcre:/etc/postfix/body_checks | |||
# | |||
# milter_header_checks = pcre:/etc/postfix/milter_header_checks | |||
# | |||
# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks | |||
# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks | |||
# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks | |||
# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks | |||
# | |||
# postmap -q "string" pcre:/etc/postfix/filename | |||
# postmap -q - pcre:/etc/postfix/filename <inputfile | |||
# | |||
# DESCRIPTION | |||
# This document describes access control on the content of | |||
# message headers and message body lines; it is implemented | |||
# by the Postfix cleanup(8) server before mail is queued. | |||
# See access(5) for access control on remote SMTP client | |||
# information. | |||
# | |||
# Each message header or message body line is compared | |||
# against a list of patterns. When a match is found the | |||
# corresponding action is executed, and the matching process | |||
# is repeated for the next message header or message body | |||
# line. | |||
# | |||
# Note: message headers are examined one logical header at a | |||
# time, even when a message header spans multiple lines. | |||
# Body lines are always examined one line at a time. | |||
# | |||
# For examples, see the EXAMPLES section at the end of this | |||
# manual page. | |||
# | |||
# Postfix header or body_checks are designed to stop a flood | |||
# of mail from worms or viruses; they do not decode attach- | |||
# ments, and they do not unzip archives. See the documents | |||
# referenced below in the README FILES section if you need | |||
# more sophisticated content analysis. | |||
# | |||
# FILTERS WHILE RECEIVING MAIL | |||
# Postfix implements the following four built-in content | |||
# inspection classes while receiving mail: | |||
# | |||
# header_checks (default: empty) | |||
# These are applied to initial message headers | |||
# (except for the headers that are processed with | |||
# mime_header_checks). | |||
# | |||
# mime_header_checks (default: $header_checks) | |||
# These are applied to MIME related message headers | |||
# only. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# nested_header_checks (default: $header_checks) | |||
# These are applied to message headers of attached | |||
# email messages (except for the headers that are | |||
# processed with mime_header_checks). | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# body_checks | |||
# These are applied to all other content, including | |||
# multi-part message boundaries. | |||
# | |||
# With Postfix versions before 2.0, all content after | |||
# the initial message headers is treated as body con- | |||
# tent. | |||
# | |||
# FILTERS AFTER RECEIVING MAIL | |||
# Postfix supports a subset of the built-in content inspec- | |||
# tion classes after the message is received: | |||
# | |||
# milter_header_checks (default: empty) | |||
# These are applied to headers that are added with | |||
# Milter applications. | |||
# | |||
# This feature is available in Postfix 2.7 and later. | |||
# | |||
# FILTERS WHILE DELIVERING MAIL | |||
# Postfix supports all four content inspection classes while | |||
# delivering mail via SMTP. | |||
# | |||
# smtp_header_checks (default: empty) | |||
# | |||
# smtp_mime_header_checks (default: empty) | |||
# | |||
# smtp_nested_header_checks (default: empty) | |||
# | |||
# smtp_body_checks (default: empty) | |||
# These features are available in Postfix 2.5 and | |||
# later. | |||
# | |||
# COMPATIBILITY | |||
# With Postfix version 2.2 and earlier specify "postmap -fq" | |||
# to query a table that contains case sensitive patterns. By | |||
# default, regexp: and pcre: patterns are case insensitive. | |||
# | |||
# TABLE FORMAT | |||
# This document assumes that header and body_checks rules | |||
# are specified in the form of Postfix regular expression | |||
# lookup tables. Usually the best performance is obtained | |||
# with pcre (Perl Compatible Regular Expression) tables. The | |||
# regexp (POSIX regular expressions) tables are usually | |||
# slower, but more widely available. Use the command "post- | |||
# conf -m" to find out what lookup table types your Postfix | |||
# system supports. | |||
# | |||
# The general format of Postfix regular expression tables is | |||
# given below. For a discussion of specific pattern or | |||
# flags syntax, see pcre_table(5) or regexp_table(5), | |||
# respectively. | |||
# | |||
# /pattern/flags action | |||
# When /pattern/ matches the input string, execute | |||
# the corresponding action. See below for a list of | |||
# possible actions. | |||
# | |||
# !/pattern/flags action | |||
# When /pattern/ does not match the input string, | |||
# execute the corresponding action. | |||
# | |||
# if /pattern/flags | |||
# | |||
# endif If the input string matches /pattern/, then match | |||
# that input string against the patterns between if | |||
# and endif. The if..endif can nest. | |||
# | |||
# Note: do not prepend whitespace to patterns inside | |||
# if..endif. | |||
# | |||
# if !/pattern/flags | |||
# | |||
# endif If the input string does not match /pattern/, then | |||
# match that input string against the patterns | |||
# between if and endif. The if..endif can nest. | |||
# | |||
# blank lines and comments | |||
# Empty lines and whitespace-only lines are ignored, | |||
# as are lines whose first non-whitespace character | |||
# is a `#'. | |||
# | |||
# multi-line text | |||
# A pattern/action line starts with non-whitespace | |||
# text. A line that starts with whitespace continues | |||
# a logical line. | |||
# | |||
# TABLE SEARCH ORDER | |||
# For each line of message input, the patterns are applied | |||
# in the order as specified in the table. When a pattern is | |||
# found that matches the input line, the corresponding | |||
# action is executed and then the next input line is | |||
# inspected. | |||
# | |||
# TEXT SUBSTITUTION | |||
# Substitution of substrings from the matched expression | |||
# into the action string is possible using the conventional | |||
# Perl syntax ($1, $2, etc.). The macros in the result | |||
# string may need to be written as ${n} or $(n) if they | |||
# aren't followed by whitespace. | |||
# | |||
# Note: since negated patterns (those preceded by !) return | |||
# a result when the expression does not match, substitutions | |||
# are not available for negated patterns. | |||
# | |||
# ACTIONS | |||
# Action names are case insensitive. They are shown in upper | |||
# case for consistency with other Postfix documentation. | |||
# | |||
# BCC user@domain | |||
# Add the specified address as a BCC recipient, and | |||
# inspect the next input line. The address must have | |||
# a local part and domain part. The number of BCC | |||
# addresses that can be added is limited only by the | |||
# amount of available storage space. | |||
# | |||
# Note 1: the BCC address is added as if it was spec- | |||
# ified with NOTIFY=NONE. The sender will not be | |||
# notified when the BCC address is undeliverable, as | |||
# long as all down-stream software implements RFC | |||
# 3461. | |||
# | |||
# Note 2: this ignores duplicate addresses (with the | |||
# same delivery status notification options). | |||
# | |||
# This feature is available in Postfix 3.0 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# DISCARD optional text... | |||
# Claim successful delivery and silently discard the | |||
# message. Do not inspect the remainder of the input | |||
# message. Log the optional text if specified, oth- | |||
# erwise log a generic message. | |||
# | |||
# Note: this action disables further header or | |||
# body_checks inspection of the current message and | |||
# affects all recipients. To discard only one recip- | |||
# ient without discarding the entire message, use the | |||
# transport(5) table to direct mail to the discard(8) | |||
# service. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# DUNNO Pretend that the input line did not match any pat- | |||
# tern, and inspect the next input line. This action | |||
# can be used to shorten the table search. | |||
# | |||
# For backwards compatibility reasons, Postfix also | |||
# accepts OK but it is (and always has been) treated | |||
# as DUNNO. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# FILTER transport:destination | |||
# Override the content_filter parameter setting, and | |||
# inspect the next input line. After the message is | |||
# queued, send the entire message through the speci- | |||
# fied external content filter. The transport name | |||
# specifies the first field of a mail delivery agent | |||
# definition in master.cf; the syntax of the next-hop | |||
# destination is described in the manual page of the | |||
# corresponding delivery agent. More information | |||
# about external content filters is in the Postfix | |||
# FILTER_README file. | |||
# | |||
# Note 1: do not use $number regular expression sub- | |||
# stitutions for transport or destination unless you | |||
# know that the information has a trusted origin. | |||
# | |||
# Note 2: this action overrides the main.cf con- | |||
# tent_filter setting, and affects all recipients of | |||
# the message. In the case that multiple FILTER | |||
# actions fire, only the last one is executed. | |||
# | |||
# Note 3: the purpose of the FILTER command is to | |||
# override message routing. To override the recipi- | |||
# ent's transport but not the next-hop destination, | |||
# specify an empty filter destination (Postfix 2.7 | |||
# and later), or specify a transport:destination that | |||
# delivers through a different Postfix instance | |||
# (Postfix 2.6 and earlier). Other options are using | |||
# the recipient-dependent transport_maps or the sen- | |||
# der-dependent sender_dependent_default_transport- | |||
# _maps features. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# HOLD optional text... | |||
# Arrange for the message to be placed on the hold | |||
# queue, and inspect the next input line. The mes- | |||
# sage remains on hold until someone either deletes | |||
# it or releases it for delivery. Log the optional | |||
# text if specified, otherwise log a generic message. | |||
# | |||
# Mail that is placed on hold can be examined with | |||
# the postcat(1) command, and can be destroyed or | |||
# released with the postsuper(1) command. | |||
# | |||
# Note: use "postsuper -r" to release mail that was | |||
# kept on hold for a significant fraction of $maxi- | |||
# mal_queue_lifetime or $bounce_queue_lifetime, or | |||
# longer. Use "postsuper -H" only for mail that will | |||
# not expire within a few delivery attempts. | |||
# | |||
# Note: this action affects all recipients of the | |||
# message. | |||
# | |||
# This feature is available in Postfix 2.0 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# IGNORE Delete the current line from the input, and inspect | |||
# the next input line. See STRIP for an alternative | |||
# that logs the action. | |||
# | |||
# INFO optional text... | |||
# Log an "info:" record with the optional text... (or | |||
# log a generic text), and inspect the next input | |||
# line. This action is useful for routine logging or | |||
# for debugging. | |||
# | |||
# This feature is available in Postfix 2.8 and later. | |||
# | |||
# PASS optional text... | |||
# Log a "pass:" record with the optional text... (or | |||
# log a generic text), and turn off header, body, and | |||
# Milter inspection for the remainder of this mes- | |||
# sage. | |||
# | |||
# Note: this feature relies on trust in information | |||
# that is easy to forge. | |||
# | |||
# This feature is available in Postfix 3.2 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# PREPEND text... | |||
# Prepend one line with the specified text, and | |||
# inspect the next input line. | |||
# | |||
# Notes: | |||
# | |||
# o The prepended text is output on a separate | |||
# line, immediately before the input that | |||
# triggered the PREPEND action. | |||
# | |||
# o The prepended text is not considered part of | |||
# the input stream: it is not subject to | |||
# header/body checks or address rewriting, and | |||
# it does not affect the way that Postfix adds | |||
# missing message headers. | |||
# | |||
# o When prepending text before a message header | |||
# line, the prepended text must begin with a | |||
# valid message header label. | |||
# | |||
# o This action cannot be used to prepend | |||
# multi-line text. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# This feature is not supported with mil- | |||
# ter_header_checks. | |||
# | |||
# REDIRECT user@domain | |||
# Write a message redirection request to the queue | |||
# file, and inspect the next input line. After the | |||
# message is queued, it will be sent to the specified | |||
# address instead of the intended recipient(s). | |||
# | |||
# Note: this action overrides the FILTER action, and | |||
# affects all recipients of the message. If multiple | |||
# REDIRECT actions fire, only the last one is exe- | |||
# cuted. | |||
# | |||
# This feature is available in Postfix 2.1 and later. | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# REPLACE text... | |||
# Replace the current line with the specified text, | |||
# and inspect the next input line. | |||
# | |||
# This feature is available in Postfix 2.2 and later. | |||
# The description below applies to Postfix 2.2.2 and | |||
# later. | |||
# | |||
# Notes: | |||
# | |||
# o When replacing a message header line, the | |||
# replacement text must begin with a valid | |||
# header label. | |||
# | |||
# o The replaced text remains part of the input | |||
# stream. Unlike the result from the PREPEND | |||
# action, a replaced message header may be | |||
# subject to address rewriting and may affect | |||
# the way that Postfix adds missing message | |||
# headers. | |||
# | |||
# REJECT optional text... | |||
# Reject the entire message. Do not inspect the | |||
# remainder of the input message. Reply with | |||
# optional text... when the optional text is speci- | |||
# fied, otherwise reply with a generic error message. | |||
# | |||
# Note: this action disables further header or | |||
# body_checks inspection of the current message and | |||
# affects all recipients. | |||
# | |||
# Postfix version 2.3 and later support enhanced sta- | |||
# tus codes. When no code is specified at the begin- | |||
# ning of optional text..., Postfix inserts a default | |||
# enhanced status code of "5.7.1". | |||
# | |||
# This feature is not supported with smtp header/body | |||
# checks. | |||
# | |||
# STRIP optional text... | |||
# Log a "strip:" record with the optional text... (or | |||
# log a generic text), delete the input line from the | |||
# input, and inspect the next input line. See IGNORE | |||
# for a silent alternative. | |||
# | |||
# This feature is available in Postfix 3.2 and later. | |||
# | |||
# WARN optional text... | |||
# Log a "warning:" record with the optional text... | |||
# (or log a generic text), and inspect the next input | |||
# line. This action is useful for debugging and for | |||
# testing a pattern before applying more drastic | |||
# actions. | |||
# | |||
# BUGS | |||
# Empty lines never match, because some map types mis-behave | |||
# when given a zero-length search string. This limitation | |||
# may be removed for regular expression tables in a future | |||
# release. | |||
# | |||
# Many people overlook the main limitations of header and | |||
# body_checks rules. | |||
# | |||
# o These rules operate on one logical message header | |||
# or one body line at a time. A decision made for one | |||
# line is not carried over to the next line. | |||
# | |||
# o If text in the message body is encoded (RFC 2045) | |||
# then the rules need to be specified for the encoded | |||
# form. | |||
# | |||
# o Likewise, when message headers are encoded (RFC | |||
# 2047) then the rules need to be specified for the | |||
# encoded form. | |||
# | |||
# Message headers added by the cleanup(8) daemon itself are | |||
# excluded from inspection. Examples of such message headers | |||
# are From:, To:, Message-ID:, Date:. | |||
# | |||
# Message headers deleted by the cleanup(8) daemon will be | |||
# examined before they are deleted. Examples are: Bcc:, Con- | |||
# tent-Length:, Return-Path:. | |||
# | |||
# CONFIGURATION PARAMETERS | |||
# body_checks | |||
# Lookup tables with content filter rules for message | |||
# body lines. These filters see one physical line at | |||
# a time, in chunks of at most $line_length_limit | |||
# bytes. | |||
# | |||
# body_checks_size_limit | |||
# The amount of content per message body segment | |||
# (attachment) that is subjected to $body_checks fil- | |||
# tering. | |||
# | |||
# header_checks | |||
# | |||
# mime_header_checks (default: $header_checks) | |||
# | |||
# nested_header_checks (default: $header_checks) | |||
# Lookup tables with content filter rules for message | |||
# header lines: respectively, these are applied to | |||
# the initial message headers (not including MIME | |||
# headers), to the MIME headers anywhere in the mes- | |||
# sage, and to the initial headers of attached mes- | |||
# sages. | |||
# | |||
# Note: these filters see one logical message header | |||
# at a time, even when a message header spans multi- | |||
# ple lines. Message headers that are longer than | |||
# $header_size_limit characters are truncated. | |||
# | |||
# disable_mime_input_processing | |||
# While receiving mail, give no special treatment to | |||
# MIME related message headers; all text after the | |||
# initial message headers is considered to be part of | |||
# the message body. This means that header_checks is | |||
# applied to all the initial message headers, and | |||
# that body_checks is applied to the remainder of the | |||
# message. | |||
# | |||
# Note: when used in this manner, body_checks will | |||
# process a multi-line message header one line at a | |||
# time. | |||
# | |||
# EXAMPLES | |||
# Header pattern to block attachments with bad file name | |||
# extensions. For convenience, the PCRE /x flag is speci- | |||
# fied, so that there is no need to collapse the pattern | |||
# into a single line of text. The purpose of the | |||
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID | |||
# strings. | |||
# | |||
# /etc/postfix/main.cf: | |||
# header_checks = pcre:/etc/postfix/header_checks.pcre | |||
# | |||
# /etc/postfix/header_checks.pcre: | |||
# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( | |||
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| | |||
# hlp|ht[at]| | |||
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| | |||
# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| | |||
# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| | |||
# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x | |||
# REJECT Attachment name "$2" may not end with ".$4" | |||
# | |||
# Body pattern to stop a specific HTML browser vulnerability | |||
# exploit. | |||
# | |||
# /etc/postfix/main.cf: | |||
# body_checks = regexp:/etc/postfix/body_checks | |||
# | |||
# /etc/postfix/body_checks: | |||
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ | |||
# REJECT IFRAME vulnerability exploit | |||
# | |||
# SEE ALSO | |||
# cleanup(8), canonicalize and enqueue Postfix message | |||
# pcre_table(5), format of PCRE lookup tables | |||
# regexp_table(5), format of POSIX regular expression tables | |||
# postconf(1), Postfix configuration utility | |||
# postmap(1), Postfix lookup table management | |||
# postsuper(1), Postfix janitor | |||
# postcat(1), show Postfix queue file contents | |||
# RFC 2045, base64 and quoted-printable encoding rules | |||
# RFC 2047, message header encoding for non-ASCII text | |||
# | |||
# README FILES | |||
# Use "postconf readme_directory" or "postconf html_direc- | |||
# tory" to locate this information. | |||
# DATABASE_README, Postfix lookup table overview | |||
# CONTENT_INSPECTION_README, Postfix content inspection overview | |||
# BUILTIN_FILTER_README, Postfix built-in content inspection | |||
# BACKSCATTER_README, blocking returned forged mail | |||
# | |||
# LICENSE | |||
# The Secure Mailer license must be distributed with this | |||
# software. | |||
# | |||
# AUTHOR(S) | |||
# Wietse Venema | |||
# IBM T.J. Watson Research | |||
# P.O. Box 704 | |||
# Yorktown Heights, NY 10598, USA | |||
# | |||
# Wietse Venema | |||
# Google, Inc. | |||
# 111 8th Avenue | |||
# New York, NY 10011, USA | |||
# | |||
# HEADER_CHECKS(5) |
@@ -0,0 +1,678 @@ | |||
# Global Postfix configuration file. This file lists only a subset | |||
# of all parameters. For the syntax, and for a complete parameter | |||
# list, see the postconf(5) manual page (command: "man 5 postconf"). | |||
# | |||
# For common configuration examples, see BASIC_CONFIGURATION_README | |||
# and STANDARD_CONFIGURATION_README. To find these documents, use | |||
# the command "postconf html_directory readme_directory", or go to | |||
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. | |||
# | |||
# For best results, change no more than 2-3 parameters at a time, | |||
# and test if Postfix still works after every change. | |||
# COMPATIBILITY | |||
# | |||
# The compatibility_level determines what default settings Postfix | |||
# will use for main.cf and master.cf settings. These defaults will | |||
# change over time. | |||
# | |||
# To avoid breaking things, Postfix will use backwards-compatible | |||
# default settings and log where it uses those old backwards-compatible | |||
# default settings, until the system administrator has determined | |||
# if any backwards-compatible default settings need to be made | |||
# permanent in main.cf or master.cf. | |||
# | |||
# When this review is complete, update the compatibility_level setting | |||
# below as recommended in the RELEASE_NOTES file. | |||
# | |||
# The level below is what should be used with new (not upgrade) installs. | |||
# | |||
compatibility_level = 2 | |||
# SOFT BOUNCE | |||
# | |||
# The soft_bounce parameter provides a limited safety net for | |||
# testing. When soft_bounce is enabled, mail will remain queued that | |||
# would otherwise bounce. This parameter disables locally-generated | |||
# bounces, and prevents the SMTP server from rejecting mail permanently | |||
# (by changing 5xx replies into 4xx replies). However, soft_bounce | |||
# is no cure for address rewriting mistakes or mail routing mistakes. | |||
# | |||
#soft_bounce = no | |||
# LOCAL PATHNAME INFORMATION | |||
# | |||
# The queue_directory specifies the location of the Postfix queue. | |||
# This is also the root directory of Postfix daemons that run chrooted. | |||
# See the files in examples/chroot-setup for setting up Postfix chroot | |||
# environments on different UNIX systems. | |||
# | |||
queue_directory = /var/spool/postfix | |||
# The command_directory parameter specifies the location of all | |||
# postXXX commands. | |||
# | |||
command_directory = /usr/sbin | |||
# The daemon_directory parameter specifies the location of all Postfix | |||
# daemon programs (i.e. programs listed in the master.cf file). This | |||
# directory must be owned by root. | |||
# | |||
daemon_directory = /usr/lib/postfix | |||
# The data_directory parameter specifies the location of Postfix-writable | |||
# data files (caches, random numbers). This directory must be owned | |||
# by the mail_owner account (see below). | |||
# | |||
data_directory = /var/lib/postfix | |||
# QUEUE AND PROCESS OWNERSHIP | |||
# | |||
# The mail_owner parameter specifies the owner of the Postfix queue | |||
# and of most Postfix daemon processes. Specify the name of a user | |||
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS | |||
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In | |||
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED | |||
# USER. | |||
# | |||
mail_owner = postfix | |||
# The default_privs parameter specifies the default rights used by | |||
# the local delivery agent for delivery to external file or command. | |||
# These rights are used in the absence of a recipient user context. | |||
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. | |||
# | |||
#default_privs = nobody | |||
# INTERNET HOST AND DOMAIN NAMES | |||
# | |||
# The myhostname parameter specifies the internet hostname of this | |||
# mail system. The default is to use the fully-qualified domain name | |||
# from gethostname(). $myhostname is used as a default value for many | |||
# other configuration parameters. | |||
# | |||
#myhostname = host.domain.tld | |||
#myhostname = virtual.domain.tld | |||
# The mydomain parameter specifies the local internet domain name. | |||
# The default is to use $myhostname minus the first component. | |||
# $mydomain is used as a default value for many other configuration | |||
# parameters. | |||
# | |||
#mydomain = domain.tld | |||
# SENDING MAIL | |||
# | |||
# The myorigin parameter specifies the domain that locally-posted | |||
# mail appears to come from. The default is to append $myhostname, | |||
# which is fine for small sites. If you run a domain with multiple | |||
# machines, you should (1) change this to $mydomain and (2) set up | |||
# a domain-wide alias database that aliases each user to | |||
# user@that.users.mailhost. | |||
# | |||
# For the sake of consistency between sender and recipient addresses, | |||
# myorigin also specifies the default domain name that is appended | |||
# to recipient addresses that have no @domain part. | |||
# | |||
#myorigin = $myhostname | |||
#myorigin = $mydomain | |||
# RECEIVING MAIL | |||
# The inet_interfaces parameter specifies the network interface | |||
# addresses that this mail system receives mail on. By default, | |||
# the software claims all active interfaces on the machine. The | |||
# parameter also controls delivery of mail to user@[ip.address]. | |||
# | |||
# See also the proxy_interfaces parameter, for network addresses that | |||
# are forwarded to us via a proxy or network address translator. | |||
# | |||
# Note: you need to stop/start Postfix when this parameter changes. | |||
# | |||
#inet_interfaces = all | |||
#inet_interfaces = $myhostname | |||
#inet_interfaces = $myhostname, localhost | |||
# The proxy_interfaces parameter specifies the network interface | |||
# addresses that this mail system receives mail on by way of a | |||
# proxy or network address translation unit. This setting extends | |||
# the address list specified with the inet_interfaces parameter. | |||
# | |||
# You must specify your proxy/NAT addresses when your system is a | |||
# backup MX host for other domains, otherwise mail delivery loops | |||
# will happen when the primary MX host is down. | |||
# | |||
#proxy_interfaces = | |||
#proxy_interfaces = 1.2.3.4 | |||
# The mydestination parameter specifies the list of domains that this | |||
# machine considers itself the final destination for. | |||
# | |||
# These domains are routed to the delivery agent specified with the | |||
# local_transport parameter setting. By default, that is the UNIX | |||
# compatible delivery agent that lookups all recipients in /etc/passwd | |||
# and /etc/aliases or their equivalent. | |||
# | |||
# The default is $myhostname + localhost.$mydomain + localhost. On | |||
# a mail domain gateway, you should also include $mydomain. | |||
# | |||
# Do not specify the names of virtual domains - those domains are | |||
# specified elsewhere (see VIRTUAL_README). | |||
# | |||
# Do not specify the names of domains that this machine is backup MX | |||
# host for. Specify those names via the relay_domains settings for | |||
# the SMTP server, or use permit_mx_backup if you are lazy (see | |||
# STANDARD_CONFIGURATION_README). | |||
# | |||
# The local machine is always the final destination for mail addressed | |||
# to user@[the.net.work.address] of an interface that the mail system | |||
# receives mail on (see the inet_interfaces parameter). | |||
# | |||
# Specify a list of host or domain names, /file/name or type:table | |||
# patterns, separated by commas and/or whitespace. A /file/name | |||
# pattern is replaced by its contents; a type:table is matched when | |||
# a name matches a lookup key (the right-hand side is ignored). | |||
# Continue long lines by starting the next line with whitespace. | |||
# | |||
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". | |||
# | |||
#mydestination = $myhostname, localhost.$mydomain, localhost | |||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain | |||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, | |||
# mail.$mydomain, www.$mydomain, ftp.$mydomain | |||
# REJECTING MAIL FOR UNKNOWN LOCAL USERS | |||
# | |||
# The local_recipient_maps parameter specifies optional lookup tables | |||
# with all names or addresses of users that are local with respect | |||
# to $mydestination, $inet_interfaces or $proxy_interfaces. | |||
# | |||
# If this parameter is defined, then the SMTP server will reject | |||
# mail for unknown local users. This parameter is defined by default. | |||
# | |||
# To turn off local recipient checking in the SMTP server, specify | |||
# local_recipient_maps = (i.e. empty). | |||
# | |||
# The default setting assumes that you use the default Postfix local | |||
# delivery agent for local delivery. You need to update the | |||
# local_recipient_maps setting if: | |||
# | |||
# - You define $mydestination domain recipients in files other than | |||
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. | |||
# For example, you define $mydestination domain recipients in | |||
# the $virtual_mailbox_maps files. | |||
# | |||
# - You redefine the local delivery agent in master.cf. | |||
# | |||
# - You redefine the "local_transport" setting in main.cf. | |||
# | |||
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" | |||
# feature of the Postfix local delivery agent (see local(8)). | |||
# | |||
# Details are described in the LOCAL_RECIPIENT_README file. | |||
# | |||
# Beware: if the Postfix SMTP server runs chrooted, you probably have | |||
# to access the passwd file via the proxymap service, in order to | |||
# overcome chroot restrictions. The alternative, having a copy of | |||
# the system passwd file in the chroot jail is just not practical. | |||
# | |||
# The right-hand side of the lookup tables is conveniently ignored. | |||
# In the left-hand side, specify a bare username, an @domain.tld | |||
# wild-card, or specify a user@domain.tld address. | |||
# | |||
#local_recipient_maps = unix:passwd.byname $alias_maps | |||
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps | |||
#local_recipient_maps = | |||
# The unknown_local_recipient_reject_code specifies the SMTP server | |||
# response code when a recipient domain matches $mydestination or | |||
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty | |||
# and the recipient address or address local-part is not found. |