Browse Source

updates

master
Andrey Arapov 5 months ago
parent
commit
8505e1df49
Signed by: Andrey Arapov <andrey.arapov@nixaid.com> GPG Key ID: 9076D5E6B31AE99C
19 changed files with 3936 additions and 35 deletions
  1. 5
    11
      Dockerfile
  2. 12
    0
      README.md
  3. 493
    0
      postfix/access
  4. 264
    0
      postfix/aliases
  5. 288
    0
      postfix/canonical
  6. 1
    0
      postfix/dynamicmaps.cf
  7. 250
    0
      postfix/generic
  8. 549
    0
      postfix/header_checks
  9. 678
    0
      postfix/main.cf
  10. 132
    0
      postfix/master.cf
  11. 454
    0
      postfix/postfix-files
  12. 176
    0
      postfix/relocated
  13. 299
    0
      postfix/transport
  14. 304
    0
      postfix/virtual
  15. 3
    0
      service/postfix/check
  16. 3
    0
      service/postfix/finish
  17. 7
    7
      service/postfix/run
  18. 3
    0
      service/rsyslogd/finish
  19. 15
    17
      start.sh

+ 5
- 11
Dockerfile View File

@@ -1,18 +1,12 @@
1
-FROM alpine:3.4
1
+FROM alpine:3.8
2 2
 MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
3 3
 
4
-RUN echo '@testing http://nl.alpinelinux.org/alpine/edge/testing' |tee -a /etc/apk/repositories && \
5
-    apk update && \
4
+RUN apk update && \
6 5
     apk upgrade && \
7
-    apk add tzdata rsyslog postfix runit@testing
6
+    apk add tzdata rsyslog postfix runit ca-certificates
8 7
 
9
-# tzdata - so that TZ environment variable gets processed
10
-# rsyslog - to log postfix service into /var/log/maillog file
11
-
12
-# Not in use currently:
13
-# - ca-certificates
14
-# - coreutils
15
-# - bind-tools
8
+# tzdata - for passing TZ environment variable.
9
+# rsyslog - to log postfix service into /var/log/maillog file.
16 10
 
17 11
 COPY service /etc/service/
18 12
 ENTRYPOINT runsvdir -P /etc/service

+ 12
- 0
README.md View File

@@ -0,0 +1,12 @@
1
+## postfix container
2
+
3
+Runs postfix container.
4
+
5
+## runit
6
+
7
+runit - a UNIX init scheme with service supervision.
8
+
9
+- http://kchard.github.io/runit-quickstart/
10
+- http://smarden.org/runit/runsv.8.html
11
+- http://smarden.org/runit/sv.8.html
12
+- http://smarden.org/runit/chpst.8.html

+ 493
- 0
postfix/access View File

@@ -0,0 +1,493 @@
1
+# ACCESS(5)                                                            ACCESS(5)
2
+# 
3
+# NAME
4
+#        access - Postfix SMTP server access table
5
+# 
6
+# SYNOPSIS
7
+#        postmap /etc/postfix/access
8
+# 
9
+#        postmap -q "string" /etc/postfix/access
10
+# 
11
+#        postmap -q - /etc/postfix/access <inputfile
12
+# 
13
+# DESCRIPTION
14
+#        This  document  describes  access  control  on remote SMTP
15
+#        client information: host  names,  network  addresses,  and
16
+#        envelope  sender or recipient addresses; it is implemented
17
+#        by the  Postfix  SMTP  server.   See  header_checks(5)  or
18
+#        body_checks(5)  for access control on the content of email
19
+#        messages.
20
+# 
21
+#        Normally, the access(5) table is specified as a text  file
22
+#        that  serves  as  input  to  the  postmap(1) command.  The
23
+#        result, an indexed file in dbm or db format, is  used  for
24
+#        fast  searching  by  the  mail system. Execute the command
25
+#        "postmap /etc/postfix/access" to rebuild an  indexed  file
26
+#        after changing the corresponding text file.
27
+# 
28
+#        When  the  table  is provided via other means such as NIS,
29
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
30
+#        indexed files.
31
+# 
32
+#        Alternatively,  the  table  can  be  provided  as  a regu-
33
+#        lar-expression map where patterns  are  given  as  regular
34
+#        expressions,  or  lookups  can  be  directed  to TCP-based
35
+#        server. In those cases, the lookups are done in a slightly
36
+#        different way as described below under "REGULAR EXPRESSION
37
+#        TABLES" or "TCP-BASED TABLES".
38
+# 
39
+# CASE FOLDING
40
+#        The search string is folded to lowercase  before  database
41
+#        lookup.  As  of Postfix 2.3, the search string is not case
42
+#        folded with database types such as regexp: or pcre:  whose
43
+#        lookup fields can match both upper and lower case.
44
+# 
45
+# TABLE FORMAT
46
+#        The input format for the postmap(1) command is as follows:
47
+# 
48
+#        pattern action
49
+#               When pattern matches a mail address, domain or host
50
+#               address, perform the corresponding action.
51
+# 
52
+#        blank lines and comments
53
+#               Empty  lines and whitespace-only lines are ignored,
54
+#               as are lines whose first  non-whitespace  character
55
+#               is a `#'.
56
+# 
57
+#        multi-line text
58
+#               A  logical  line starts with non-whitespace text. A
59
+#               line that starts with whitespace continues a  logi-
60
+#               cal line.
61
+# 
62
+# EMAIL ADDRESS PATTERNS
63
+#        With lookups from indexed files such as DB or DBM, or from
64
+#        networked tables such as NIS, LDAP or  SQL,  patterns  are
65
+#        tried in the order as listed below:
66
+# 
67
+#        user@domain
68
+#               Matches the specified mail address.
69
+# 
70
+#        domain.tld
71
+#               Matches  domain.tld  as the domain part of an email
72
+#               address.
73
+# 
74
+#               The pattern domain.tld also matches subdomains, but
75
+#               only when the string smtpd_access_maps is listed in
76
+#               the Postfix  parent_domain_matches_subdomains  con-
77
+#               figuration setting.
78
+# 
79
+#        .domain.tld
80
+#               Matches subdomains of domain.tld, but only when the
81
+#               string smtpd_access_maps is not listed in the Post-
82
+#               fix  parent_domain_matches_subdomains configuration
83
+#               setting.
84
+# 
85
+#        user@  Matches all mail addresses with the specified  user
86
+#               part.
87
+# 
88
+#        Note:  lookup  of  the null sender address is not possible
89
+#        with some types of lookup table. By default, Postfix  uses
90
+#        <>  as  the  lookup  key  for such addresses. The value is
91
+#        specified with the smtpd_null_access_lookup_key  parameter
92
+#        in the Postfix main.cf file.
93
+# 
94
+# EMAIL ADDRESS EXTENSION
95
+#        When a mail address localpart contains the optional recip-
96
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
97
+#        becomes:  user+foo@domain, user@domain, domain, user+foo@,
98
+#        and user@.
99
+# 
100
+# HOST NAME/ADDRESS PATTERNS
101
+#        With lookups from indexed files such as DB or DBM, or from
102
+#        networked  tables  such as NIS, LDAP or SQL, the following
103
+#        lookup patterns are examined in the order as listed:
104
+# 
105
+#        domain.tld
106
+#               Matches domain.tld.
107
+# 
108
+#               The pattern domain.tld also matches subdomains, but
109
+#               only when the string smtpd_access_maps is listed in
110
+#               the Postfix  parent_domain_matches_subdomains  con-
111
+#               figuration setting.
112
+# 
113
+#        .domain.tld
114
+#               Matches subdomains of domain.tld, but only when the
115
+#               string smtpd_access_maps is not listed in the Post-
116
+#               fix  parent_domain_matches_subdomains configuration
117
+#               setting.
118
+# 
119
+#        net.work.addr.ess
120
+# 
121
+#        net.work.addr
122
+# 
123
+#        net.work
124
+# 
125
+#        net    Matches the specified IPv4 host address or  subnet-
126
+#               work.  An  IPv4  host address is a sequence of four
127
+#               decimal octets separated by ".".
128
+# 
129
+#               Subnetworks are matched  by  repeatedly  truncating
130
+#               the last ".octet" from the remote IPv4 host address
131
+#               string until a match is found in the access  table,
132
+#               or until further truncation is not possible.
133
+# 
134
+#               NOTE 1: The access map lookup key must be in canon-
135
+#               ical form: do not specify unnecessary null  charac-
136
+#               ters,  and  do not enclose network address informa-
137
+#               tion with "[]" characters.
138
+# 
139
+#               NOTE 2: use the cidr lookup table type  to  specify
140
+#               network/netmask  patterns.  See  cidr_table(5)  for
141
+#               details.
142
+# 
143
+#        net:work:addr:ess
144
+# 
145
+#        net:work:addr
146
+# 
147
+#        net:work
148
+# 
149
+#        net    Matches the specified IPv6 host address or  subnet-
150
+#               work.  An  IPv6 host address is a sequence of three
151
+#               to eight hexadecimal octet pairs separated by  ":".
152
+# 
153
+#               Subnetworks  are  matched  by repeatedly truncating
154
+#               the last ":octetpair" from  the  remote  IPv6  host
155
+#               address string until a match is found in the access
156
+#               table, or until further truncation is not possible.
157
+# 
158
+#               NOTE 1: the truncation and comparison are done with
159
+#               the string representation of the IPv6 host address.
160
+#               Thus, not all the ":" subnetworks will be tried.
161
+# 
162
+#               NOTE 2: The access map lookup key must be in canon-
163
+#               ical form: do not specify unnecessary null  charac-
164
+#               ters,  and  do not enclose network address informa-
165
+#               tion with "[]" characters.
166
+# 
167
+#               NOTE 3: use the cidr lookup table type  to  specify
168
+#               network/netmask  patterns.  See  cidr_table(5)  for
169
+#               details.
170
+# 
171
+#               IPv6 support is available in Postfix 2.2 and later.
172
+# 
173
+# ACCEPT ACTIONS
174
+#        OK     Accept the address etc. that matches the pattern.
175
+# 
176
+#        all-numerical
177
+#               An all-numerical result is treated as OK. This for-
178
+#               mat is generated by address-based relay  authoriza-
179
+#               tion schemes such as pop-before-smtp.
180
+# 
181
+#        For other accept actions, see "OTHER ACTIONS" below.
182
+# 
183
+# REJECT ACTIONS
184
+#        Postfix  version  2.3  and  later  support enhanced status
185
+#        codes as defined in RFC 3463.  When no code  is  specified
186
+#        at  the  beginning  of  the  text below, Postfix inserts a
187
+#        default enhanced status code of "5.7.1"  in  the  case  of
188
+#        reject  actions, and "4.7.1" in the case of defer actions.
189
+#        See "ENHANCED STATUS CODES" below.
190
+# 
191
+#        4NN text
192
+# 
193
+#        5NN text
194
+#               Reject the address etc. that matches  the  pattern,
195
+#               and respond with the numerical three-digit code and
196
+#               text. 4NN means "try again later", while 5NN  means
197
+#               "do not try again".
198
+# 
199
+#               The  following  responses  have special meaning for
200
+#               the Postfix SMTP server:
201
+# 
202
+#               421 text (Postfix 2.3 and later)
203
+# 
204
+#               521 text (Postfix 2.6 and later)
205
+#                      After   responding   with   the    numerical
206
+#                      three-digit  code and text, disconnect imme-
207
+#                      diately from the SMTP client.  This frees up
208
+#                      SMTP  server  resources  so that they can be
209
+#                      made available to another SMTP client.
210
+# 
211
+#                      Note: The "521" response should be used only
212
+#                      with  botnets and other malware where inter-
213
+#                      operability is of no concern.  The "send 521
214
+#                      and  disconnect"  behavior is NOT defined in
215
+#                      the SMTP standard.
216
+# 
217
+#        REJECT optional text...
218
+#               Reject the address etc. that matches  the  pattern.
219
+#               Reply    with   "$access_map_reject_code   optional
220
+#               text..." when the optional text is specified,  oth-
221
+#               erwise reply with a generic error response message.
222
+# 
223
+#        DEFER optional text...
224
+#               Reject the address etc. that matches  the  pattern.
225
+#               Reply    with    "$access_map_defer_code   optional
226
+#               text..." when the optional text is specified,  oth-
227
+#               erwise reply with a generic error response message.
228
+# 
229
+#               This feature is available in Postfix 2.6 and later.
230
+# 
231
+#        DEFER_IF_REJECT optional text...
232
+#               Defer  the  request if some later restriction would
233
+#               result   in   a   REJECT   action.    Reply    with
234
+#               "$access_map_defer_code   4.7.1  optional  text..."
235
+#               when the  optional  text  is  specified,  otherwise
236
+#               reply with a generic error response message.
237
+# 
238
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
239
+# 
240
+#               This feature is available in Postfix 2.1 and later.
241
+# 
242
+#        DEFER_IF_PERMIT optional text...
243
+#               Defer the request if some later  restriction  would
244
+#               result  in a an explicit or implicit PERMIT action.
245
+#               Reply with "$access_map_defer_code 4.7.1   optional
246
+#               text..."  when the optional text is specified, oth-
247
+#               erwise reply with a generic error response message.
248
+# 
249
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
250
+# 
251
+#               This feature is available in Postfix 2.1 and later.
252
+# 
253
+#        For other reject actions, see "OTHER ACTIONS" below.
254
+# 
255
+# OTHER ACTIONS
256
+#        restriction...
257
+#               Apply the named UCE restriction(s) (permit, reject,
258
+#               reject_unauth_destination, and so on).
259
+# 
260
+#        BCC user@domain
261
+#               Send  one  copy  of  the  message  to the specified
262
+#               recipient.
263
+# 
264
+#               If multiple BCC actions are  specified  within  the
265
+#               same  SMTP  MAIL transaction, with Postfix 3.0 only
266
+#               the last action will be used.
267
+# 
268
+#               This feature is available in Postfix 3.0 and later.
269
+# 
270
+#        DISCARD optional text...
271
+#               Claim  successful delivery and silently discard the
272
+#               message.  Log the optional text if specified,  oth-
273
+#               erwise log a generic message.
274
+# 
275
+#               Note:  this action currently affects all recipients
276
+#               of the message.   To  discard  only  one  recipient
277
+#               without  discarding  the  entire  message,  use the
278
+#               transport(5) table to direct mail to the discard(8)
279
+#               service.
280
+# 
281
+#               This feature is available in Postfix 2.0 and later.
282
+# 
283
+#        DUNNO  Pretend that the lookup key  was  not  found.  This
284
+#               prevents  Postfix  from  trying  substrings  of the
285
+#               lookup key (such as a subdomain name, or a  network
286
+#               address subnetwork).
287
+# 
288
+#               This feature is available in Postfix 2.0 and later.
289
+# 
290
+#        FILTER transport:destination
291
+#               After the message is queued, send the  entire  mes-
292
+#               sage through the specified external content filter.
293
+#               The transport name specifies the first field  of  a
294
+#               mail  delivery  agent  definition in master.cf; the
295
+#               syntax of the next-hop destination is described  in
296
+#               the  manual  page  of  the  corresponding  delivery
297
+#               agent.  More  information  about  external  content
298
+#               filters is in the Postfix FILTER_README file.
299
+# 
300
+#               Note  1: do not use $number regular expression sub-
301
+#               stitutions for transport or destination unless  you
302
+#               know that the information has a trusted origin.
303
+# 
304
+#               Note  2:  this  action  overrides  the main.cf con-
305
+#               tent_filter setting, and affects all recipients  of
306
+#               the  message.  In  the  case  that  multiple FILTER
307
+#               actions fire, only the last one is executed.
308
+# 
309
+#               Note 3: the purpose of the  FILTER  command  is  to
310
+#               override  message routing.  To override the recipi-
311
+#               ent's transport but not the  next-hop  destination,
312
+#               specify  an  empty  filter destination (Postfix 2.7
313
+#               and later), or specify a transport:destination that
314
+#               delivers   through  a  different  Postfix  instance
315
+#               (Postfix 2.6 and earlier). Other options are  using
316
+#               the  recipient-dependent transport_maps or the sen-
317
+#               der-dependent   sender_dependent_default_transport-
318
+#               _maps features.
319
+# 
320
+#               This feature is available in Postfix 2.0 and later.
321
+# 
322
+#        HOLD optional text...
323
+#               Place the message on the hold queue, where it  will
324
+#               sit  until someone either deletes it or releases it
325
+#               for delivery.  Log the optional text if  specified,
326
+#               otherwise log a generic message.
327
+# 
328
+#               Mail  that  is  placed on hold can be examined with
329
+#               the postcat(1) command, and  can  be  destroyed  or
330
+#               released with the postsuper(1) command.
331
+# 
332
+#               Note:  use  "postsuper -r" to release mail that was
333
+#               kept on hold for a significant fraction  of  $maxi-
334
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
335
+#               longer. Use "postsuper -H" only for mail that  will
336
+#               not expire within a few delivery attempts.
337
+# 
338
+#               Note:  this action currently affects all recipients
339
+#               of the message.
340
+# 
341
+#               This feature is available in Postfix 2.0 and later.
342
+# 
343
+#        PREPEND headername: headervalue
344
+#               Prepend  the  specified  message header to the mes-
345
+#               sage.  When more than one PREPEND action  executes,
346
+#               the  first prepended header appears before the sec-
347
+#               ond etc. prepended header.
348
+# 
349
+#               Note: this action must execute before  the  message
350
+#               content  is received; it cannot execute in the con-
351
+#               text of smtpd_end_of_data_restrictions.
352
+# 
353
+#               This feature is available in Postfix 2.1 and later.
354
+# 
355
+#        REDIRECT user@domain
356
+#               After  the  message  is queued, send the message to
357
+#               the  specified  address  instead  of  the  intended
358
+#               recipient(s).  When multiple REDIRECT actions fire,
359
+#               only the last one takes effect.
360
+# 
361
+#               Note: this action overrides the FILTER action,  and
362
+#               currently  overrides all recipients of the message.
363
+# 
364
+#               This feature is available in Postfix 2.1 and later.
365
+# 
366
+#        INFO optional text...
367
+#               Log an informational record with the optional text,
368
+#               together with client information and if  available,
369
+#               with  helo, sender, recipient and protocol informa-
370
+#               tion.
371
+# 
372
+#               This feature is available in Postfix 3.0 and later.
373
+# 
374
+#        WARN optional text...
375
+#               Log a warning with the optional text, together with
376
+#               client information and  if  available,  with  helo,
377
+#               sender, recipient and protocol information.
378
+# 
379
+#               This feature is available in Postfix 2.1 and later.
380
+# 
381
+# ENHANCED STATUS CODES
382
+#        Postfix version 2.3  and  later  support  enhanced  status
383
+#        codes  as  defined  in  RFC 3463.  When an enhanced status
384
+#        code is specified in an access table,  it  is  subject  to
385
+#        modification.  The  following  transformations  are needed
386
+#        when the same access  table  is  used  for  client,  helo,
387
+#        sender,  or  recipient  access  restrictions;  they happen
388
+#        regardless of whether Postfix replies to a MAIL FROM, RCPT
389
+#        TO or other SMTP command.
390
+# 
391
+#        o      When  a sender address matches a REJECT action, the
392
+#               Postfix SMTP server will transform a recipient  DSN
393
+#               status  (e.g.,  4.1.1-4.1.6) into the corresponding
394
+#               sender DSN status, and vice versa.
395
+# 
396
+#        o      When  non-address  information  matches  a   REJECT
397
+#               action  (such  as  the HELO command argument or the
398
+#               client hostname/address), the Postfix  SMTP  server
399
+#               will  transform  a  sender  or recipient DSN status
400
+#               into  a  generic  non-address  DSN  status   (e.g.,
401
+#               4.0.0).
402
+# 
403
+# REGULAR EXPRESSION TABLES
404
+#        This  section  describes how the table lookups change when
405
+#        the table is given in the form of regular expressions. For
406
+#        a  description  of regular expression lookup table syntax,
407
+#        see regexp_table(5) or pcre_table(5).
408
+# 
409
+#        Each pattern is a regular expression that  is  applied  to
410
+#        the entire string being looked up. Depending on the appli-
411
+#        cation, that string  is  an  entire  client  hostname,  an
412
+#        entire client IP address, or an entire mail address. Thus,
413
+#        no  parent  domain  or  parent  network  search  is  done,
414
+#        user@domain  mail  addresses  are not broken up into their
415
+#        user@ and domain constituent parts, nor is user+foo broken
416
+#        up into user and foo.
417
+# 
418
+#        Patterns  are applied in the order as specified in the ta-
419
+#        ble, until a pattern is  found  that  matches  the  search
420
+#        string.
421
+# 
422
+#        Actions  are  the  same as with indexed file lookups, with
423
+#        the additional feature that parenthesized substrings  from
424
+#        the pattern can be interpolated as $1, $2 and so on.
425
+# 
426
+# TCP-BASED TABLES
427
+#        This  section  describes how the table lookups change when
428
+#        lookups are directed to a TCP-based server. For a descrip-
429
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
430
+#        ble(5).  This feature is not available up to and including
431
+#        Postfix version 2.4.
432
+# 
433
+#        Each  lookup  operation uses the entire query string once.
434
+#        Depending on the application, that  string  is  an  entire
435
+#        client hostname, an entire client IP address, or an entire
436
+#        mail address.  Thus, no parent domain  or  parent  network
437
+#        search  is done, user@domain mail addresses are not broken
438
+#        up into their user@ and domain constituent parts,  nor  is
439
+#        user+foo broken up into user and foo.
440
+# 
441
+#        Actions are the same as with indexed file lookups.
442
+# 
443
+# EXAMPLE
444
+#        The  following  example  uses an indexed file, so that the
445
+#        order of table entries does not matter. The  example  per-
446
+#        mits  access  by the client at address 1.2.3.4 but rejects
447
+#        all other clients in 1.2.3.0/24. Instead  of  hash  lookup
448
+#        tables,  some  systems use dbm.  Use the command "postconf
449
+#        -m" to find out what lookup  tables  Postfix  supports  on
450
+#        your system.
451
+# 
452
+#        /etc/postfix/main.cf:
453
+#            smtpd_client_restrictions =
454
+#                check_client_access hash:/etc/postfix/access
455
+# 
456
+#        /etc/postfix/access:
457
+#            1.2.3   REJECT
458
+#            1.2.3.4 OK
459
+# 
460
+#        Execute  the  command  "postmap /etc/postfix/access" after
461
+#        editing the file.
462
+# 
463
+# BUGS
464
+#        The table format does not understand quoting  conventions.
465
+# 
466
+# SEE ALSO
467
+#        postmap(1), Postfix lookup table manager
468
+#        smtpd(8), SMTP server
469
+#        postconf(5), configuration parameters
470
+#        transport(5), transport:nexthop syntax
471
+# 
472
+# README FILES
473
+#        Use  "postconf  readme_directory" or "postconf html_direc-
474
+#        tory" to locate this information.
475
+#        SMTPD_ACCESS_README, built-in SMTP server access control
476
+#        DATABASE_README, Postfix lookup table overview
477
+# 
478
+# LICENSE
479
+#        The Secure Mailer license must be  distributed  with  this
480
+#        software.
481
+# 
482
+# AUTHOR(S)
483
+#        Wietse Venema
484
+#        IBM T.J. Watson Research
485
+#        P.O. Box 704
486
+#        Yorktown Heights, NY 10598, USA
487
+# 
488
+#        Wietse Venema
489
+#        Google, Inc.
490
+#        111 8th Avenue
491
+#        New York, NY 10011, USA
492
+# 
493
+#                                                                      ACCESS(5)

+ 264
- 0
postfix/aliases View File

@@ -0,0 +1,264 @@
1
+#
2
+# Sample aliases file. Install in the location as specified by the
3
+# output from the command "postconf alias_maps". Typical path names
4
+# are /etc/aliases or /etc/mail/aliases.
5
+#
6
+#	>>>>>>>>>>      The program "newaliases" must be run after
7
+#	>> NOTE >>      this file is updated for any changes to
8
+#	>>>>>>>>>>      show through to Postfix.
9
+#
10
+
11
+# Person who should get root's mail. Don't receive mail as root!
12
+#root:		you
13
+
14
+# Basic system aliases -- these MUST be present
15
+MAILER-DAEMON:	postmaster
16
+postmaster:	root
17
+
18
+# General redirections for pseudo accounts
19
+bin:		root
20
+daemon:		root
21
+named:		root
22
+nobody:		root
23
+uucp:		root
24
+www:		root
25
+ftp-bugs:	root
26
+postfix:	root
27
+
28
+# Put your local aliases here.
29
+
30
+# Well-known aliases
31
+manager:	root
32
+dumper:		root
33
+operator:	root
34
+abuse:		postmaster
35
+
36
+# trap decode to catch security attacks
37
+decode:		root
38
+
39
+# ALIASES(5)                                                          ALIASES(5)
40
+# 
41
+# NAME
42
+#        aliases - Postfix local alias database format
43
+# 
44
+# SYNOPSIS
45
+#        newaliases
46
+# 
47
+# DESCRIPTION
48
+#        The  aliases(5)  table provides a system-wide mechanism to
49
+#        redirect mail for local recipients. The  redirections  are
50
+#        processed by the Postfix local(8) delivery agent.
51
+# 
52
+#        Normally, the aliases(5) table is specified as a text file
53
+#        that serves as input  to  the  postalias(1)  command.  The
54
+#        result,  an  indexed file in dbm or db format, is used for
55
+#        fast lookup  by  the  mail  system.  Execute  the  command
56
+#        newaliases  in  order  to  rebuild  the indexed file after
57
+#        changing the Postfix alias database.
58
+# 
59
+#        When the table is provided via other means  such  as  NIS,
60
+#        LDAP  or  SQL,  the  same lookups are done as for ordinary
61
+#        indexed files.
62
+# 
63
+#        Alternatively, the  table  can  be  provided  as  a  regu-
64
+#        lar-expression  map  where  patterns  are given as regular
65
+#        expressions. In this case,  the  lookups  are  done  in  a
66
+#        slightly  different  way as described below under "REGULAR
67
+#        EXPRESSION TABLES".
68
+# 
69
+#        Users can control delivery of their own mail by setting up
70
+#        .forward files in their home directory.  Lines in per-user
71
+#        .forward files have the same syntax as the right-hand side
72
+#        of aliases(5) entries.
73
+# 
74
+#        The format of the alias database input file is as follows:
75
+# 
76
+#        o      An alias definition has the form
77
+# 
78
+#                    name: value1, value2, ...
79
+# 
80
+#        o      Empty lines and whitespace-only lines are  ignored,
81
+#               as  are  lines whose first non-whitespace character
82
+#               is a `#'.
83
+# 
84
+#        o      A logical line starts with non-whitespace  text.  A
85
+#               line  that starts with whitespace continues a logi-
86
+#               cal line.
87
+# 
88
+#        The name is a local address (no domain part).  Use  double
89
+#        quotes  when the name contains any special characters such
90
+#        as whitespace, `#', `:', or `@'. The  name  is  folded  to
91
+#        lowercase, in order to make database lookups case insensi-
92
+#        tive.
93
+# 
94
+#        In addition, when an alias  exists  for  owner-name,  this
95
+#        will  override the envelope sender address, so that deliv-
96
+#        ery diagnostics are directed to owner-name, instead of the
97
+#        originator    of    the    message   (for   details,   see
98
+#        owner_request_special,       expand_owner_alias        and
99
+#        reset_owner_alias).   This  is  typically  used  to direct
100
+#        delivery errors to the maintainer of a mailing  list,  who
101
+#        is in a better position to deal with mailing list delivery
102
+#        problems than the originator of the undelivered mail.
103
+# 
104
+#        The value contains one or more of the following:
105
+# 
106
+#        address
107
+#               Mail is forwarded to address, which  is  compatible
108
+#               with the RFC 822 standard.
109
+# 
110
+#        /file/name
111
+#               Mail  is  appended  to /file/name. See local(8) for
112
+#               details of delivery to file.  Delivery is not  lim-
113
+#               ited  to regular files.  For example, to dispose of
114
+#               unwanted mail, deflect it to /dev/null.
115
+# 
116
+#        |command
117
+#               Mail is piped into command. Commands  that  contain
118
+#               special  characters,  such as whitespace, should be
119
+#               enclosed between double quotes.  See  local(8)  for
120
+#               details of delivery to command.
121
+# 
122
+#               When the command fails, a limited amount of command
123
+#               output is mailed back  to  the  sender.   The  file
124
+#               /usr/include/sysexits.h  defines  the expected exit
125
+#               status codes. For example, use "|exit 67" to  simu-
126
+#               late  a  "user  unknown"  error,  and  "|exit 0" to
127
+#               implement an expensive black hole.
128
+# 
129
+#        :include:/file/name
130
+#               Mail is sent to  the  destinations  listed  in  the
131
+#               named file.  Lines in :include: files have the same
132
+#               syntax as the right-hand side of alias entries.
133
+# 
134
+#               A  destination  can  be  any  destination  that  is
135
+#               described in this manual page. However, delivery to
136
+#               "|command" and /file/name is disallowed by default.
137
+#               To  enable,  edit  the  allow_mail_to_commands  and
138
+#               allow_mail_to_files configuration parameters.
139
+# 
140
+# ADDRESS EXTENSION
141
+#        When alias database search fails, and the recipient local-
142
+#        part  contains  the  optional  recipient  delimiter (e.g.,
143
+#        user+foo), the  search  is  repeated  for  the  unextended
144
+#        address (e.g., user).
145
+# 
146
+#        The   propagate_unmatched_extensions   parameter  controls
147
+#        whether an unmatched address extension  (+foo)  is  propa-
148
+#        gated to the result of table lookup.
149
+# 
150
+# CASE FOLDING
151
+#        The local(8) delivery agent always folds the search string
152
+#        to lowercase before database lookup.
153
+# 
154
+# REGULAR EXPRESSION TABLES
155
+#        This section describes how the table lookups  change  when
156
+#        the table is given in the form of regular expressions. For
157
+#        a description of regular expression lookup  table  syntax,
158
+#        see  regexp_table(5) or pcre_table(5). NOTE: these formats
159
+#        do not use ":" at the end of a pattern.
160
+# 
161
+#        Each regular expression is applied to  the  entire  search
162
+#        string.  Thus,  a  search string user+foo is not broken up
163
+#        into user and foo.
164
+# 
165
+#        Regular expressions are applied in the order as  specified
166
+#        in  the  table,  until  a regular expression is found that
167
+#        matches the search string.
168
+# 
169
+#        Lookup results are the same as with indexed file  lookups.
170
+#        For  security  reasons there is no support for $1, $2 etc.
171
+#        substring interpolation.
172
+# 
173
+# SECURITY
174
+#        The local(8) delivery agent disallows  regular  expression
175
+#        substitution  of $1 etc. in alias_maps, because that would
176
+#        open a security hole.
177
+# 
178
+#        The local(8) delivery agent will silently ignore  requests
179
+#        to  use  the proxymap(8) server within alias_maps. Instead
180
+#        it will open the table directly.  Before  Postfix  version
181
+#        2.2,  the  local(8)  delivery  agent will terminate with a
182
+#        fatal error.
183
+# 
184
+# CONFIGURATION PARAMETERS
185
+#        The following main.cf parameters are especially  relevant.
186
+#        The  text  below  provides  only  a parameter summary. See
187
+#        postconf(5) for more details including examples.
188
+# 
189
+#        alias_database (see 'postconf -d' output)
190
+#               The alias databases for local(8) delivery that  are
191
+#               updated with "newaliases" or with "sendmail -bi".
192
+# 
193
+#        alias_maps (see 'postconf -d' output)
194
+#               The  alias  databases  that  are  used for local(8)
195
+#               delivery.
196
+# 
197
+#        allow_mail_to_commands (alias, forward)
198
+#               Restrict local(8) mail delivery  to  external  com-
199
+#               mands.
200
+# 
201
+#        allow_mail_to_files (alias, forward)
202
+#               Restrict  local(8) mail delivery to external files.
203
+# 
204
+#        expand_owner_alias (no)
205
+#               When delivering to an alias "aliasname" that has an
206
+#               "owner-aliasname" companion alias, set the envelope
207
+#               sender   address   to   the   expansion   of    the
208
+#               "owner-aliasname" alias.
209
+# 
210
+#        propagate_unmatched_extensions (canonical, virtual)
211
+#               What  address  lookup tables copy an address exten-
212
+#               sion from the lookup key to the lookup result.
213
+# 
214
+#        owner_request_special (yes)
215
+#               Enable special treatment for owner-listname entries
216
+#               in the aliases(5) file, and don't split owner-list-
217
+#               name and listname-request address  localparts  when
218
+#               the recipient_delimiter is set to "-".
219
+# 
220
+#        recipient_delimiter (empty)
221
+#               The set of characters that can separate a user name
222
+#               from its extension (example: user+foo), or a  .for-
223
+#               ward  file  name from its extension (example: .for-
224
+#               ward+foo).
225
+# 
226
+#        Available in Postfix version 2.3 and later:
227
+# 
228
+#        frozen_delivered_to (yes)
229
+#               Update the local(8) delivery agent's  idea  of  the
230
+#               Delivered-To:     address    (see    prepend_deliv-
231
+#               ered_header) only once, at the start of a  delivery
232
+#               attempt;  do  not  update the Delivered-To: address
233
+#               while expanding aliases or .forward files.
234
+# 
235
+# STANDARDS
236
+#        RFC 822 (ARPA Internet Text Messages)
237
+# 
238
+# SEE ALSO
239
+#        local(8), local delivery agent
240
+#        newaliases(1), create/update alias database
241
+#        postalias(1), create/update alias database
242
+#        postconf(5), configuration parameters
243
+# 
244
+# README FILES
245
+#        Use "postconf readme_directory" or  "postconf  html_direc-
246
+#        tory" to locate this information.
247
+#        DATABASE_README, Postfix lookup table overview
248
+# 
249
+# LICENSE
250
+#        The  Secure  Mailer  license must be distributed with this
251
+#        software.
252
+# 
253
+# AUTHOR(S)
254
+#        Wietse Venema
255
+#        IBM T.J. Watson Research
256
+#        P.O. Box 704
257
+#        Yorktown Heights, NY 10598, USA
258
+# 
259
+#        Wietse Venema
260
+#        Google, Inc.
261
+#        111 8th Avenue
262
+#        New York, NY 10011, USA
263
+# 
264
+#                                                                     ALIASES(5)

+ 288
- 0
postfix/canonical View File

@@ -0,0 +1,288 @@
1
+# CANONICAL(5)                                                      CANONICAL(5)
2
+# 
3
+# NAME
4
+#        canonical - Postfix canonical table format
5
+# 
6
+# SYNOPSIS
7
+#        postmap /etc/postfix/canonical
8
+# 
9
+#        postmap -q "string" /etc/postfix/canonical
10
+# 
11
+#        postmap -q - /etc/postfix/canonical <inputfile
12
+# 
13
+# DESCRIPTION
14
+#        The  optional canonical(5) table specifies an address map-
15
+#        ping for local and non-local  addresses.  The  mapping  is
16
+#        used  by the cleanup(8) daemon, before mail is stored into
17
+#        the queue.  The address mapping is recursive.
18
+# 
19
+#        Normally, the canonical(5) table is specified  as  a  text
20
+#        file  that serves as input to the postmap(1) command.  The
21
+#        result, an indexed file in dbm or db format, is  used  for
22
+#        fast  searching  by  the  mail system. Execute the command
23
+#        "postmap /etc/postfix/canonical"  to  rebuild  an  indexed
24
+#        file after changing the corresponding text file.
25
+# 
26
+#        When  the  table  is provided via other means such as NIS,
27
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
28
+#        indexed files.
29
+# 
30
+#        Alternatively,  the  table  can  be  provided  as  a regu-
31
+#        lar-expression map where patterns  are  given  as  regular
32
+#        expressions,  or  lookups  can  be  directed  to TCP-based
33
+#        server. In those cases, the lookups are done in a slightly
34
+#        different way as described below under "REGULAR EXPRESSION
35
+#        TABLES" or "TCP-BASED TABLES".
36
+# 
37
+#        By default the canonical(5) mapping affects  both  message
38
+#        header  addresses  (i.e. addresses that appear inside mes-
39
+#        sages) and message envelope addresses  (for  example,  the
40
+#        addresses  that  are used in SMTP protocol commands). This
41
+#        is controlled with the canonical_classes parameter.
42
+# 
43
+#        NOTE: Postfix versions 2.2 and later rewrite message head-
44
+#        ers  from  remote  SMTP clients only if the client matches
45
+#        the  local_header_rewrite_clients  parameter,  or  if  the
46
+#        remote_header_rewrite_domain configuration parameter spec-
47
+#        ifies a non-empty value. To get the behavior before  Post-
48
+#        fix    2.2,    specify   "local_header_rewrite_clients   =
49
+#        static:all".
50
+# 
51
+#        Typically, one would use the canonical(5) table to replace
52
+#        login   names   by  Firstname.Lastname,  or  to  clean  up
53
+#        addresses produced by legacy mail systems.
54
+# 
55
+#        The canonical(5) mapping is not to be confused  with  vir-
56
+#        tual  alias  support or with local aliasing. To change the
57
+#        destination but not the headers,  use  the  virtual(5)  or
58
+#        aliases(5) map instead.
59
+# 
60
+# CASE FOLDING
61
+#        The  search  string is folded to lowercase before database
62
+#        lookup. As of Postfix 2.3, the search string is  not  case
63
+#        folded  with database types such as regexp: or pcre: whose
64
+#        lookup fields can match both upper and lower case.
65
+# 
66
+# TABLE FORMAT
67
+#        The input format for the postmap(1) command is as follows:
68
+# 
69
+#        pattern address
70
+#               When  pattern matches a mail address, replace it by
71
+#               the corresponding address.
72
+# 
73
+#        blank lines and comments
74
+#               Empty lines and whitespace-only lines are  ignored,
75
+#               as  are  lines whose first non-whitespace character
76
+#               is a `#'.
77
+# 
78
+#        multi-line text
79
+#               A logical line starts with non-whitespace  text.  A
80
+#               line  that starts with whitespace continues a logi-
81
+#               cal line.
82
+# 
83
+# TABLE SEARCH ORDER
84
+#        With lookups from indexed files such as DB or DBM, or from
85
+#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
86
+#        user@domain query produces a sequence of query patterns as
87
+#        described below.
88
+# 
89
+#        Each  query pattern is sent to each specified lookup table
90
+#        before trying the next query pattern,  until  a  match  is
91
+#        found.
92
+# 
93
+#        user@domain address
94
+#               Replace  user@domain  by address. This form has the
95
+#               highest precedence.
96
+# 
97
+#               This is useful to clean up  addresses  produced  by
98
+#               legacy  mail  systems.  It can also be used to pro-
99
+#               duce Firstname.Lastname style  addresses,  but  see
100
+#               below for a simpler solution.
101
+# 
102
+#        user address
103
+#               Replace  user@site by address when site is equal to
104
+#               $myorigin, when site is listed  in  $mydestination,
105
+#               or   when  it  is  listed  in  $inet_interfaces  or
106
+#               $proxy_interfaces.
107
+# 
108
+#               This form is useful for replacing  login  names  by
109
+#               Firstname.Lastname.
110
+# 
111
+#        @domain address
112
+#               Replace other addresses in domain by address.  This
113
+#               form has the lowest precedence.
114
+# 
115
+#               Note: @domain is a wild-card.  When  this  form  is
116
+#               applied  to  recipient  addresses, the Postfix SMTP
117
+#               server accepts mail for any  recipient  in  domain,
118
+#               regardless  of whether that recipient exists.  This
119
+#               may  turn  your  mail  system  into  a  backscatter
120
+#               source: Postfix first accepts mail for non-existent
121
+#               recipients and then tries to return  that  mail  as
122
+#               "undeliverable" to the often forged sender address.
123
+# 
124
+# RESULT ADDRESS REWRITING
125
+#        The lookup result is subject to address rewriting:
126
+# 
127
+#        o      When the result  has  the  form  @otherdomain,  the
128
+#               result becomes the same user in otherdomain.
129
+# 
130
+#        o      When  "append_at_myorigin=yes", append "@$myorigin"
131
+#               to addresses without "@domain".
132
+# 
133
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
134
+#               to addresses without ".domain".
135
+# 
136
+# ADDRESS EXTENSION
137
+#        When a mail address localpart contains the optional recip-
138
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
139
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
140
+#        @domain.
141
+# 
142
+#        The  propagate_unmatched_extensions   parameter   controls
143
+#        whether  an  unmatched  address extension (+foo) is propa-
144
+#        gated to the result of table lookup.
145
+# 
146
+# REGULAR EXPRESSION TABLES
147
+#        This section describes how the table lookups  change  when
148
+#        the table is given in the form of regular expressions. For
149
+#        a description of regular expression lookup  table  syntax,
150
+#        see regexp_table(5) or pcre_table(5).
151
+# 
152
+#        Each  pattern  is  a regular expression that is applied to
153
+#        the entire address being looked up. Thus, user@domain mail
154
+#        addresses  are  not  broken up into their user and @domain
155
+#        constituent parts, nor is user+foo broken up into user and
156
+#        foo.
157
+# 
158
+#        Patterns  are applied in the order as specified in the ta-
159
+#        ble, until a pattern is  found  that  matches  the  search
160
+#        string.
161
+# 
162
+#        Results  are  the  same as with indexed file lookups, with
163
+#        the additional feature that parenthesized substrings  from
164
+#        the pattern can be interpolated as $1, $2 and so on.
165
+# 
166
+# TCP-BASED TABLES
167
+#        This  section  describes how the table lookups change when
168
+#        lookups are directed to a TCP-based server. For a descrip-
169
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
170
+#        ble(5).  This feature is not available up to and including
171
+#        Postfix version 2.4.
172
+# 
173
+#        Each lookup operation uses the entire address once.  Thus,
174
+#        user@domain mail addresses are not broken  up  into  their
175
+#        user and @domain constituent parts, nor is user+foo broken
176
+#        up into user and foo.
177
+# 
178
+#        Results are the same as with indexed file lookups.
179
+# 
180
+# BUGS
181
+#        The table format does not understand quoting  conventions.
182
+# 
183
+# CONFIGURATION PARAMETERS
184
+#        The  following main.cf parameters are especially relevant.
185
+#        The text below provides  only  a  parameter  summary.  See
186
+#        postconf(5) for more details including examples.
187
+# 
188
+#        canonical_classes
189
+#               What  addresses  are  subject  to canonical address
190
+#               mapping.
191
+# 
192
+#        canonical_maps
193
+#               List of canonical mapping tables.
194
+# 
195
+#        recipient_canonical_maps
196
+#               Address  mapping  lookup  table  for  envelope  and
197
+#               header recipient addresses.
198
+# 
199
+#        sender_canonical_maps
200
+#               Address  mapping  lookup  table  for  envelope  and
201
+#               header sender addresses.
202
+# 
203
+#        propagate_unmatched_extensions
204
+#               A list of address rewriting  or  forwarding  mecha-
205
+#               nisms  that propagate an address extension from the
206
+#               original address to the result.   Specify  zero  or
207
+#               more   of   canonical,   virtual,  alias,  forward,
208
+#               include, or generic.
209
+# 
210
+#        Other parameters of interest:
211
+# 
212
+#        inet_interfaces
213
+#               The network interface addresses  that  this  system
214
+#               receives mail on.  You need to stop and start Post-
215
+#               fix when this parameter changes.
216
+# 
217
+#        local_header_rewrite_clients
218
+#               Rewrite message header addresses in mail from these
219
+#               clients  and  update  incomplete addresses with the
220
+#               domain name in $myorigin or $mydomain; either don't
221
+#               rewrite  message headers from other clients at all,
222
+#               or rewrite message headers  and  update  incomplete
223
+#               addresses   with   the   domain  specified  in  the
224
+#               remote_header_rewrite_domain parameter.
225
+# 
226
+#        proxy_interfaces
227
+#               Other interfaces that this machine receives mail on
228
+#               by way of a proxy agent or network address transla-
229
+#               tor.
230
+# 
231
+#        masquerade_classes
232
+#               List of address classes  subject  to  masquerading:
233
+#               zero  or  more of envelope_sender, envelope_recipi-
234
+#               ent, header_sender, header_recipient.
235
+# 
236
+#        masquerade_domains
237
+#               List of domains that hide  their  subdomain  struc-
238
+#               ture.
239
+# 
240
+#        masquerade_exceptions
241
+#               List  of user names that are not subject to address
242
+#               masquerading.
243
+# 
244
+#        mydestination
245
+#               List of domains that  this  mail  system  considers
246
+#               local.
247
+# 
248
+#        myorigin
249
+#               The domain that is appended to locally-posted mail.
250
+# 
251
+#        owner_request_special
252
+#               Give special treatment to owner-xxx and xxx-request
253
+#               addresses.
254
+# 
255
+#        remote_header_rewrite_domain
256
+#               Don't  rewrite  message headers from remote clients
257
+#               at all when this parameter is empty; otherwise, re-
258
+#               write  message  headers  and  append  the specified
259
+#               domain name to incomplete addresses.
260
+# 
261
+# SEE ALSO
262
+#        cleanup(8), canonicalize and enqueue mail
263
+#        postmap(1), Postfix lookup table manager
264
+#        postconf(5), configuration parameters
265
+#        virtual(5), virtual aliasing
266
+# 
267
+# README FILES
268
+#        Use "postconf readme_directory" or  "postconf  html_direc-
269
+#        tory" to locate this information.
270
+#        DATABASE_README, Postfix lookup table overview
271
+#        ADDRESS_REWRITING_README, address rewriting guide
272
+# 
273
+# LICENSE
274
+#        The  Secure  Mailer  license must be distributed with this
275
+#        software.
276
+# 
277
+# AUTHOR(S)
278
+#        Wietse Venema
279
+#        IBM T.J. Watson Research
280
+#        P.O. Box 704
281
+#        Yorktown Heights, NY 10598, USA
282
+# 
283
+#        Wietse Venema
284
+#        Google, Inc.
285
+#        111 8th Avenue
286
+#        New York, NY 10011, USA
287
+# 
288
+#                                                                   CANONICAL(5)

+ 1
- 0
postfix/dynamicmaps.cf View File

@@ -0,0 +1 @@
1
+# dict-type	so-name (pathname)	dict-function	mkmap-function

+ 250
- 0
postfix/generic View File

@@ -0,0 +1,250 @@
1
+# GENERIC(5)                                                          GENERIC(5)
2
+# 
3
+# NAME
4
+#        generic - Postfix generic table format
5
+# 
6
+# SYNOPSIS
7
+#        postmap /etc/postfix/generic
8
+# 
9
+#        postmap -q "string" /etc/postfix/generic
10
+# 
11
+#        postmap -q - /etc/postfix/generic <inputfile
12
+# 
13
+# DESCRIPTION
14
+#        The optional generic(5) table specifies an address mapping
15
+#        that applies when mail is delivered. This is the  opposite
16
+#        of  canonical(5)  mapping,  which  applies  when  mail  is
17
+#        received.
18
+# 
19
+#        Typically, one would use the generic(5) table on a  system
20
+#        that  does  not have a valid Internet domain name and that
21
+#        uses  something  like  localdomain.local   instead.    The
22
+#        generic(5)  table  is  then  used by the smtp(8) client to
23
+#        transform local mail addresses into  valid  Internet  mail
24
+#        addresses  when  mail  has to be sent across the Internet.
25
+#        See the EXAMPLE section at the end of this document.
26
+# 
27
+#        The  generic(5)  mapping  affects  both   message   header
28
+#        addresses (i.e. addresses that appear inside messages) and
29
+#        message envelope addresses  (for  example,  the  addresses
30
+#        that are used in SMTP protocol commands).
31
+# 
32
+#        Normally, the generic(5) table is specified as a text file
33
+#        that serves as  input  to  the  postmap(1)  command.   The
34
+#        result,  an  indexed file in dbm or db format, is used for
35
+#        fast searching by the mail  system.  Execute  the  command
36
+#        "postmap  /etc/postfix/generic" to rebuild an indexed file
37
+#        after changing the corresponding text file.
38
+# 
39
+#        When the table is provided via other means  such  as  NIS,
40
+#        LDAP  or  SQL,  the  same lookups are done as for ordinary
41
+#        indexed files.
42
+# 
43
+#        Alternatively, the  table  can  be  provided  as  a  regu-
44
+#        lar-expression  map  where  patterns  are given as regular
45
+#        expressions, or  lookups  can  be  directed  to  TCP-based
46
+#        server.  In those case, the lookups are done in a slightly
47
+#        different way as described below under "REGULAR EXPRESSION
48
+#        TABLES" or "TCP-BASED TABLES".
49
+# 
50
+# CASE FOLDING
51
+#        The  search  string is folded to lowercase before database
52
+#        lookup. As of Postfix 2.3, the search string is  not  case
53
+#        folded  with database types such as regexp: or pcre: whose
54
+#        lookup fields can match both upper and lower case.
55
+# 
56
+# TABLE FORMAT
57
+#        The input format for the postmap(1) command is as follows:
58
+# 
59
+#        pattern result
60
+#               When  pattern matches a mail address, replace it by
61
+#               the corresponding result.
62
+# 
63
+#        blank lines and comments
64
+#               Empty lines and whitespace-only lines are  ignored,
65
+#               as  are  lines whose first non-whitespace character
66
+#               is a `#'.
67
+# 
68
+#        multi-line text
69
+#               A logical line starts with non-whitespace  text.  A
70
+#               line  that starts with whitespace continues a logi-
71
+#               cal line.
72
+# 
73
+# TABLE SEARCH ORDER
74
+#        With lookups from indexed files such as DB or DBM, or from
75
+#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
76
+#        user@domain query produces a sequence of query patterns as
77
+#        described below.
78
+# 
79
+#        Each  query pattern is sent to each specified lookup table
80
+#        before trying the next query pattern,  until  a  match  is
81
+#        found.
82
+# 
83
+#        user@domain address
84
+#               Replace  user@domain  by address. This form has the
85
+#               highest precedence.
86
+# 
87
+#        user address
88
+#               Replace user@site by address when site is equal  to
89
+#               $myorigin,  when  site is listed in $mydestination,
90
+#               or  when  it  is  listed  in  $inet_interfaces   or
91
+#               $proxy_interfaces.
92
+# 
93
+#        @domain address
94
+#               Replace other addresses in domain by address.  This
95
+#               form has the lowest precedence.
96
+# 
97
+# RESULT ADDRESS REWRITING
98
+#        The lookup result is subject to address rewriting:
99
+# 
100
+#        o      When the result  has  the  form  @otherdomain,  the
101
+#               result becomes the same user in otherdomain.
102
+# 
103
+#        o      When  "append_at_myorigin=yes", append "@$myorigin"
104
+#               to addresses without "@domain".
105
+# 
106
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
107
+#               to addresses without ".domain".
108
+# 
109
+# ADDRESS EXTENSION
110
+#        When a mail address localpart contains the optional recip-
111
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
112
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
113
+#        @domain.
114
+# 
115
+#        The  propagate_unmatched_extensions   parameter   controls
116
+#        whether  an  unmatched  address extension (+foo) is propa-
117
+#        gated to the result of table lookup.
118
+# 
119
+# REGULAR EXPRESSION TABLES
120
+#        This section describes how the table lookups  change  when
121
+#        the table is given in the form of regular expressions. For
122
+#        a description of regular expression lookup  table  syntax,
123
+#        see regexp_table(5) or pcre_table(5).
124
+# 
125
+#        Each  pattern  is  a regular expression that is applied to
126
+#        the entire address being looked up. Thus, user@domain mail
127
+#        addresses  are  not  broken up into their user and @domain
128
+#        constituent parts, nor is user+foo broken up into user and
129
+#        foo.
130
+# 
131
+#        Patterns  are applied in the order as specified in the ta-
132
+#        ble, until a pattern is  found  that  matches  the  search
133
+#        string.
134
+# 
135
+#        Results  are  the  same as with indexed file lookups, with
136
+#        the additional feature that parenthesized substrings  from
137
+#        the pattern can be interpolated as $1, $2 and so on.
138
+# 
139
+# TCP-BASED TABLES
140
+#        This  section  describes how the table lookups change when
141
+#        lookups are directed to a TCP-based server. For a descrip-
142
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
143
+#        ble(5).  This feature is not available up to and including
144
+#        Postfix version 2.4.
145
+# 
146
+#        Each lookup operation uses the entire address once.  Thus,
147
+#        user@domain mail addresses are not broken  up  into  their
148
+#        user and @domain constituent parts, nor is user+foo broken
149
+#        up into user and foo.
150
+# 
151
+#        Results are the same as with indexed file lookups.
152
+# 
153
+# EXAMPLE
154
+#        The following shows a  generic  mapping  with  an  indexed
155
+#        file.   When  mail is sent to a remote host via SMTP, this
156
+#        replaces his@localdomain.local by his  ISP  mail  address,
157
+#        replaces  her@localdomain.local  by  her ISP mail address,
158
+#        and replaces other local addresses  by  his  ISP  account,
159
+#        with  an address extension of +local (this example assumes
160
+#        that the ISP supports "+" style address extensions).
161
+# 
162
+#        /etc/postfix/main.cf:
163
+#            smtp_generic_maps = hash:/etc/postfix/generic
164
+# 
165
+#        /etc/postfix/generic:
166
+#            his@localdomain.local   hisaccount@hisisp.example
167
+#            her@localdomain.local   heraccount@herisp.example
168
+#            @localdomain.local      hisaccount+local@hisisp.example
169
+# 
170
+#        Execute the command "postmap  /etc/postfix/generic"  when-
171
+#        ever  the table is changed.  Instead of hash, some systems
172
+#        use dbm database files. To find out what tables your  sys-
173
+#        tem supports use the command "postconf -m".
174
+# 
175
+# BUGS
176
+#        The  table format does not understand quoting conventions.
177
+# 
178
+# CONFIGURATION PARAMETERS
179
+#        The following main.cf parameters are especially  relevant.
180
+#        The  text  below  provides  only  a parameter summary. See
181
+#        postconf(5) for more details including examples.
182
+# 
183
+#        smtp_generic_maps
184
+#               Address  mapping  lookup  table  for  envelope  and
185
+#               header  sender and recipient addresses while deliv-
186
+#               ering mail via SMTP.
187
+# 
188
+#        propagate_unmatched_extensions
189
+#               A list of address rewriting  or  forwarding  mecha-
190
+#               nisms  that propagate an address extension from the
191
+#               original address to the result.   Specify  zero  or
192
+#               more   of   canonical,   virtual,  alias,  forward,
193
+#               include, or generic.
194
+# 
195
+#        Other parameters of interest:
196
+# 
197
+#        inet_interfaces
198
+#               The network interface addresses  that  this  system
199
+#               receives mail on.  You need to stop and start Post-
200
+#               fix when this parameter changes.
201
+# 
202
+#        proxy_interfaces
203
+#               Other interfaces that this machine receives mail on
204
+#               by way of a proxy agent or network address transla-
205
+#               tor.
206
+# 
207
+#        mydestination
208
+#               List of domains that  this  mail  system  considers
209
+#               local.
210
+# 
211
+#        myorigin
212
+#               The domain that is appended to locally-posted mail.
213
+# 
214
+#        owner_request_special
215
+#               Give special treatment to owner-xxx and xxx-request
216
+#               addresses.
217
+# 
218
+# SEE ALSO
219
+#        postmap(1), Postfix lookup table manager
220
+#        postconf(5), configuration parameters
221
+#        smtp(8), Postfix SMTP client
222
+# 
223
+# README FILES
224
+#        Use  "postconf  readme_directory" or "postconf html_direc-
225
+#        tory" to locate this information.
226
+#        ADDRESS_REWRITING_README, address rewriting guide
227
+#        DATABASE_README, Postfix lookup table overview
228
+#        STANDARD_CONFIGURATION_README, configuration examples
229
+# 
230
+# LICENSE
231
+#        The Secure Mailer license must be  distributed  with  this
232
+#        software.
233
+# 
234
+# HISTORY
235
+#        A genericstable feature appears in the Sendmail MTA.
236
+# 
237
+#        This feature is available in Postfix 2.2 and later.
238
+# 
239
+# AUTHOR(S)
240
+#        Wietse Venema
241
+#        IBM T.J. Watson Research
242
+#        P.O. Box 704
243
+#        Yorktown Heights, NY 10598, USA
244
+# 
245
+#        Wietse Venema
246
+#        Google, Inc.
247
+#        111 8th Avenue
248
+#        New York, NY 10011, USA
249
+# 
250
+#                                                                     GENERIC(5)

+ 549
- 0
postfix/header_checks View File

@@ -0,0 +1,549 @@
1
+# HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
2
+# 
3
+# NAME
4
+#        header_checks - Postfix built-in content inspection
5
+# 
6
+# SYNOPSIS
7
+#        header_checks = pcre:/etc/postfix/header_checks
8
+#        mime_header_checks = pcre:/etc/postfix/mime_header_checks
9
+#        nested_header_checks = pcre:/etc/postfix/nested_header_checks
10
+#        body_checks = pcre:/etc/postfix/body_checks
11
+# 
12
+#        milter_header_checks = pcre:/etc/postfix/milter_header_checks
13
+# 
14
+#        smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
15
+#        smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
16
+#        smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
17
+#        smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
18
+# 
19
+#        postmap -q "string" pcre:/etc/postfix/filename
20
+#        postmap -q - pcre:/etc/postfix/filename <inputfile
21
+# 
22
+# DESCRIPTION
23
+#        This  document  describes access control on the content of
24
+#        message headers and message body lines; it is  implemented
25
+#        by  the  Postfix  cleanup(8) server before mail is queued.
26
+#        See access(5) for access control  on  remote  SMTP  client
27
+#        information.
28
+# 
29
+#        Each  message  header  or  message  body  line is compared
30
+#        against a list of patterns.  When a  match  is  found  the
31
+#        corresponding action is executed, and the matching process
32
+#        is repeated for the next message header  or  message  body
33
+#        line.
34
+# 
35
+#        Note: message headers are examined one logical header at a
36
+#        time, even when a message  header  spans  multiple  lines.
37
+#        Body lines are always examined one line at a time.
38
+# 
39
+#        For  examples, see the EXAMPLES section at the end of this
40
+#        manual page.
41
+# 
42
+#        Postfix header or body_checks are designed to stop a flood
43
+#        of  mail from worms or viruses; they do not decode attach-
44
+#        ments, and they do not unzip archives. See  the  documents
45
+#        referenced  below  in the README FILES section if you need
46
+#        more sophisticated content analysis.
47
+# 
48
+# FILTERS WHILE RECEIVING MAIL
49
+#        Postfix implements the  following  four  built-in  content
50
+#        inspection classes while receiving mail:
51
+# 
52
+#        header_checks (default: empty)
53
+#               These   are  applied  to  initial  message  headers
54
+#               (except for the headers  that  are  processed  with
55
+#               mime_header_checks).
56
+# 
57
+#        mime_header_checks (default: $header_checks)
58
+#               These  are  applied to MIME related message headers
59
+#               only.
60
+# 
61
+#               This feature is available in Postfix 2.0 and later.
62
+# 
63
+#        nested_header_checks (default: $header_checks)
64
+#               These  are  applied  to message headers of attached
65
+#               email messages (except for  the  headers  that  are
66
+#               processed with mime_header_checks).
67
+# 
68
+#               This feature is available in Postfix 2.0 and later.
69
+# 
70
+#        body_checks
71
+#               These are applied to all other  content,  including
72
+#               multi-part message boundaries.
73
+# 
74
+#               With Postfix versions before 2.0, all content after
75
+#               the initial message headers is treated as body con-
76
+#               tent.
77
+# 
78
+# FILTERS AFTER RECEIVING MAIL
79
+#        Postfix  supports a subset of the built-in content inspec-
80
+#        tion classes after the message is received:
81
+# 
82
+#        milter_header_checks (default: empty)
83
+#               These are applied to headers that  are  added  with
84
+#               Milter applications.
85
+# 
86
+#               This feature is available in Postfix 2.7 and later.
87
+# 
88
+# FILTERS WHILE DELIVERING MAIL
89
+#        Postfix supports all four content inspection classes while
90
+#        delivering mail via SMTP.
91
+# 
92
+#        smtp_header_checks (default: empty)
93
+# 
94
+#        smtp_mime_header_checks (default: empty)
95
+# 
96
+#        smtp_nested_header_checks (default: empty)
97
+# 
98
+#        smtp_body_checks (default: empty)
99
+#               These  features  are  available  in Postfix 2.5 and
100
+#               later.
101
+# 
102
+# COMPATIBILITY
103
+#        With Postfix version 2.2 and earlier specify "postmap -fq"
104
+#        to query a table that contains case sensitive patterns. By
105
+#        default, regexp: and pcre: patterns are case  insensitive.
106
+# 
107
+# TABLE FORMAT
108
+#        This  document  assumes  that header and body_checks rules
109
+#        are specified in the form of  Postfix  regular  expression
110
+#        lookup  tables.  Usually  the best performance is obtained
111
+#        with pcre (Perl Compatible Regular Expression) tables. The
112
+#        regexp  (POSIX  regular  expressions)  tables  are usually
113
+#        slower, but more widely available.  Use the command "post-
114
+#        conf  -m" to find out what lookup table types your Postfix
115
+#        system supports.
116
+# 
117
+#        The general format of Postfix regular expression tables is
118
+#        given  below.   For  a  discussion  of specific pattern or
119
+#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
120
+#        respectively.
121
+# 
122
+#        /pattern/flags action
123
+#               When  /pattern/  matches  the input string, execute
124
+#               the corresponding action. See below for a  list  of
125
+#               possible actions.
126
+# 
127
+#        !/pattern/flags action
128
+#               When  /pattern/  does  not  match the input string,
129
+#               execute the corresponding action.
130
+# 
131
+#        if /pattern/flags
132
+# 
133
+#        endif  If the input string matches /pattern/,  then  match
134
+#               that  input  string against the patterns between if
135
+#               and endif.  The if..endif can nest.
136
+# 
137
+#               Note: do not prepend whitespace to patterns  inside
138
+#               if..endif.
139
+# 
140
+#        if !/pattern/flags
141
+# 
142
+#        endif  If  the input string does not match /pattern/, then
143
+#               match  that  input  string  against  the   patterns
144
+#               between if and endif. The if..endif can nest.
145
+# 
146
+#        blank lines and comments
147
+#               Empty  lines and whitespace-only lines are ignored,
148
+#               as are lines whose first  non-whitespace  character
149
+#               is a `#'.
150
+# 
151
+#        multi-line text
152
+#               A  pattern/action  line  starts with non-whitespace
153
+#               text. A line that starts with whitespace  continues
154
+#               a logical line.
155
+# 
156
+# TABLE SEARCH ORDER
157
+#        For  each  line of message input, the patterns are applied
158
+#        in the order as specified in the table. When a pattern  is
159
+#        found  that  matches  the  input  line,  the corresponding
160
+#        action is  executed  and  then  the  next  input  line  is
161
+#        inspected.
162
+# 
163
+# TEXT SUBSTITUTION
164
+#        Substitution  of  substrings  from  the matched expression
165
+#        into the action string is possible using the  conventional
166
+#        Perl  syntax  ($1,  $2,  etc.).   The macros in the result
167
+#        string may need to be written as  ${n}  or  $(n)  if  they
168
+#        aren't followed by whitespace.
169
+# 
170
+#        Note:  since negated patterns (those preceded by !) return
171
+#        a result when the expression does not match, substitutions
172
+#        are not available for negated patterns.
173
+# 
174
+# ACTIONS
175
+#        Action names are case insensitive. They are shown in upper
176
+#        case for consistency with other Postfix documentation.
177
+# 
178
+#        BCC user@domain
179
+#               Add the specified address as a BCC  recipient,  and
180
+#               inspect  the next input line. The address must have
181
+#               a local part and domain part.  The  number  of  BCC
182
+#               addresses  that can be added is limited only by the
183
+#               amount of available storage space.
184
+# 
185
+#               Note 1: the BCC address is added as if it was spec-
186
+#               ified  with  NOTIFY=NONE.  The  sender  will not be
187
+#               notified when the BCC address is undeliverable,  as
188
+#               long  as  all  down-stream  software implements RFC
189
+#               3461.
190
+# 
191
+#               Note 2: this ignores duplicate addresses (with  the
192
+#               same delivery status notification options).
193
+# 
194
+#               This feature is available in Postfix 3.0 and later.
195
+# 
196
+#               This feature is not supported with smtp header/body
197
+#               checks.
198
+# 
199
+#        DISCARD optional text...
200
+#               Claim  successful delivery and silently discard the
201
+#               message.  Do not inspect the remainder of the input
202
+#               message.   Log the optional text if specified, oth-
203
+#               erwise log a generic message.
204
+# 
205
+#               Note:  this  action  disables  further  header   or
206
+#               body_checks  inspection  of the current message and
207
+#               affects all recipients.  To discard only one recip-
208
+#               ient without discarding the entire message, use the
209
+#               transport(5) table to direct mail to the discard(8)
210
+#               service.
211
+# 
212
+#               This feature is available in Postfix 2.0 and later.
213
+# 
214
+#               This feature is not supported with smtp header/body
215
+#               checks.
216
+# 
217
+#        DUNNO  Pretend  that the input line did not match any pat-
218
+#               tern, and inspect the next input line. This  action
219
+#               can be used to shorten the table search.
220
+# 
221
+#               For  backwards  compatibility reasons, Postfix also
222
+#               accepts OK but it is (and always has been)  treated
223
+#               as DUNNO.
224
+# 
225
+#               This feature is available in Postfix 2.1 and later.
226
+# 
227
+#        FILTER transport:destination
228
+#               Override the content_filter parameter setting,  and
229
+#               inspect  the next input line.  After the message is
230
+#               queued, send the entire message through the  speci-
231
+#               fied  external  content  filter. The transport name
232
+#               specifies the first field of a mail delivery  agent
233
+#               definition in master.cf; the syntax of the next-hop
234
+#               destination is described in the manual page of  the
235
+#               corresponding  delivery  agent.   More  information
236
+#               about external content filters is  in  the  Postfix
237
+#               FILTER_README file.
238
+# 
239
+#               Note  1: do not use $number regular expression sub-
240
+#               stitutions for transport or destination unless  you
241
+#               know that the information has a trusted origin.
242
+# 
243
+#               Note  2:  this  action  overrides  the main.cf con-
244
+#               tent_filter setting, and affects all recipients  of
245
+#               the  message.  In  the  case  that  multiple FILTER
246
+#               actions fire, only the last one is executed.
247
+# 
248
+#               Note 3: the purpose of the  FILTER  command  is  to
249
+#               override  message routing.  To override the recipi-
250
+#               ent's transport but not the  next-hop  destination,
251
+#               specify  an  empty  filter destination (Postfix 2.7
252
+#               and later), or specify a transport:destination that
253
+#               delivers   through  a  different  Postfix  instance
254
+#               (Postfix 2.6 and earlier). Other options are  using
255
+#               the  recipient-dependent transport_maps or the sen-
256
+#               der-dependent   sender_dependent_default_transport-
257
+#               _maps features.
258
+# 
259
+#               This feature is available in Postfix 2.0 and later.
260
+# 
261
+#               This feature is not supported with smtp header/body
262
+#               checks.
263
+# 
264
+#        HOLD optional text...
265
+#               Arrange  for  the  message to be placed on the hold
266
+#               queue, and inspect the next input line.   The  mes-
267
+#               sage  remains  on hold until someone either deletes
268
+#               it or releases it for delivery.  Log  the  optional
269
+#               text if specified, otherwise log a generic message.
270
+# 
271
+#               Mail that is placed on hold can  be  examined  with
272
+#               the  postcat(1)  command,  and  can be destroyed or
273
+#               released with the postsuper(1) command.
274
+# 
275
+#               Note: use "postsuper -r" to release mail  that  was
276
+#               kept  on  hold for a significant fraction of $maxi-
277
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
278
+#               longer.  Use "postsuper -H" only for mail that will
279
+#               not expire within a few delivery attempts.
280
+# 
281
+#               Note: this action affects  all  recipients  of  the
282
+#               message.
283
+# 
284
+#               This feature is available in Postfix 2.0 and later.
285
+# 
286
+#               This feature is not supported with smtp header/body
287
+#               checks.
288
+# 
289
+#        IGNORE Delete the current line from the input, and inspect
290
+#               the next input line. See STRIP for  an  alternative
291
+#               that logs the action.
292
+# 
293
+#        INFO optional text...
294
+#               Log an "info:" record with the optional text... (or
295
+#               log a generic text), and  inspect  the  next  input
296
+#               line.  This action is useful for routine logging or
297
+#               for debugging.
298
+# 
299
+#               This feature is available in Postfix 2.8 and later.
300
+# 
301
+#        PASS optional text...
302
+#               Log  a "pass:" record with the optional text... (or
303
+#               log a generic text), and turn off header, body, and
304
+#               Milter  inspection  for  the remainder of this mes-
305
+#               sage.
306
+# 
307
+#               Note: this feature relies on trust  in  information
308
+#               that is easy to forge.
309
+# 
310
+#               This feature is available in Postfix 3.2 and later.
311
+# 
312
+#               This feature is not supported with smtp header/body
313
+#               checks.
314
+# 
315
+#        PREPEND text...
316
+#               Prepend  one  line  with  the  specified  text, and
317
+#               inspect the next input line.
318
+# 
319
+#               Notes:
320
+# 
321
+#               o      The prepended text is output on  a  separate
322
+#                      line,  immediately  before  the  input  that
323
+#                      triggered the PREPEND action.
324
+# 
325
+#               o      The prepended text is not considered part of
326
+#                      the  input  stream:  it  is  not  subject to
327
+#                      header/body checks or address rewriting, and
328
+#                      it does not affect the way that Postfix adds
329
+#                      missing message headers.
330
+# 
331
+#               o      When prepending text before a message header
332
+#                      line,  the  prepended text must begin with a
333
+#                      valid message header label.
334
+# 
335
+#               o      This  action  cannot  be  used  to   prepend
336
+#                      multi-line text.
337
+# 
338
+#               This feature is available in Postfix 2.1 and later.
339
+# 
340
+#               This   feature   is   not   supported   with   mil-
341
+#               ter_header_checks.
342
+# 
343
+#        REDIRECT user@domain
344
+#               Write  a  message  redirection request to the queue
345
+#               file, and inspect the next input  line.  After  the
346
+#               message is queued, it will be sent to the specified
347
+#               address instead of the intended recipient(s).
348
+# 
349
+#               Note: this action overrides the FILTER action,  and
350
+#               affects  all recipients of the message. If multiple
351
+#               REDIRECT actions fire, only the last  one  is  exe-
352
+#               cuted.
353
+# 
354
+#               This feature is available in Postfix 2.1 and later.
355
+# 
356
+#               This feature is not supported with smtp header/body
357
+#               checks.
358
+# 
359
+#        REPLACE text...
360
+#               Replace  the  current line with the specified text,
361
+#               and inspect the next input line.
362
+# 
363
+#               This feature is available in Postfix 2.2 and later.
364
+#               The  description below applies to Postfix 2.2.2 and
365
+#               later.
366
+# 
367
+#               Notes:
368
+# 
369
+#               o      When replacing a message  header  line,  the
370
+#                      replacement  text  must  begin  with a valid
371
+#                      header label.
372
+# 
373
+#               o      The replaced text remains part of the  input
374
+#                      stream.  Unlike  the result from the PREPEND
375
+#                      action, a replaced  message  header  may  be
376
+#                      subject  to address rewriting and may affect
377
+#                      the way that Postfix  adds  missing  message
378
+#                      headers.
379
+# 
380
+#        REJECT optional text...
381
+#               Reject  the  entire  message.  Do  not  inspect the
382
+#               remainder  of  the  input  message.    Reply   with
383
+#               optional  text...  when the optional text is speci-
384
+#               fied, otherwise reply with a generic error message.
385
+# 
386
+#               Note:   this  action  disables  further  header  or
387
+#               body_checks inspection of the current  message  and
388
+#               affects all recipients.
389
+# 
390
+#               Postfix version 2.3 and later support enhanced sta-
391
+#               tus codes.  When no code is specified at the begin-
392
+#               ning of optional text..., Postfix inserts a default
393
+#               enhanced status code of "5.7.1".
394
+# 
395
+#               This feature is not supported with smtp header/body
396
+#               checks.
397
+# 
398
+#        STRIP optional text...
399
+#               Log a "strip:" record with the optional text... (or
400
+#               log a generic text), delete the input line from the
401
+#               input,  and inspect the next input line. See IGNORE
402
+#               for a silent alternative.
403
+# 
404
+#               This feature is available in Postfix 3.2 and later.
405
+# 
406
+#        WARN optional text...
407
+#               Log  a  "warning:" record with the optional text...
408
+#               (or log a generic text), and inspect the next input
409
+#               line.  This  action is useful for debugging and for
410
+#               testing a  pattern  before  applying  more  drastic
411
+#               actions.
412
+# 
413
+# BUGS
414
+#        Empty lines never match, because some map types mis-behave
415
+#        when given a zero-length search string.   This  limitation
416
+#        may  be  removed for regular expression tables in a future
417
+#        release.
418
+# 
419
+#        Many people overlook the main limitations  of  header  and
420
+#        body_checks rules.
421
+# 
422
+#        o      These  rules  operate on one logical message header
423
+#               or one body line at a time. A decision made for one
424
+#               line is not carried over to the next line.
425
+# 
426
+#        o      If  text  in the message body is encoded (RFC 2045)
427
+#               then the rules need to be specified for the encoded
428
+#               form.
429
+# 
430
+#        o      Likewise,  when  message  headers  are encoded (RFC
431
+#               2047) then the rules need to be specified  for  the
432
+#               encoded form.
433
+# 
434
+#        Message  headers added by the cleanup(8) daemon itself are
435
+#        excluded from inspection. Examples of such message headers
436
+#        are From:, To:, Message-ID:, Date:.
437
+# 
438
+#        Message  headers  deleted by the cleanup(8) daemon will be
439
+#        examined before they are deleted. Examples are: Bcc:, Con-
440
+#        tent-Length:, Return-Path:.
441
+# 
442
+# CONFIGURATION PARAMETERS
443
+#        body_checks
444
+#               Lookup tables with content filter rules for message
445
+#               body lines.  These filters see one physical line at
446
+#               a  time,  in  chunks  of at most $line_length_limit
447
+#               bytes.
448
+# 
449
+#        body_checks_size_limit
450
+#               The amount of  content  per  message  body  segment
451
+#               (attachment) that is subjected to $body_checks fil-
452
+#               tering.
453
+# 
454
+#        header_checks
455
+# 
456
+#        mime_header_checks (default: $header_checks)
457
+# 
458
+#        nested_header_checks (default: $header_checks)
459
+#               Lookup tables with content filter rules for message
460
+#               header  lines:  respectively,  these are applied to
461
+#               the initial message  headers  (not  including  MIME
462
+#               headers),  to the MIME headers anywhere in the mes-
463
+#               sage, and to the initial headers of  attached  mes-
464
+#               sages.
465
+# 
466
+#               Note:  these filters see one logical message header
467
+#               at a time, even when a message header spans  multi-
468
+#               ple  lines.  Message  headers  that are longer than
469
+#               $header_size_limit characters are truncated.
470
+# 
471
+#        disable_mime_input_processing
472
+#               While receiving mail, give no special treatment  to
473
+#               MIME  related  message  headers; all text after the
474
+#               initial message headers is considered to be part of
475
+#               the  message body. This means that header_checks is
476
+#               applied to all the  initial  message  headers,  and
477
+#               that body_checks is applied to the remainder of the
478
+#               message.
479
+# 
480
+#               Note: when used in this  manner,  body_checks  will
481
+#               process  a  multi-line message header one line at a
482
+#               time.
483
+# 
484
+# EXAMPLES
485
+#        Header pattern to block attachments  with  bad  file  name
486
+#        extensions.   For  convenience, the PCRE /x flag is speci-
487
+#        fied, so that there is no need  to  collapse  the  pattern
488
+#        into   a   single  line  of  text.   The  purpose  of  the
489
+#        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
490
+#        strings.
491
+# 
492
+#        /etc/postfix/main.cf:
493
+#            header_checks = pcre:/etc/postfix/header_checks.pcre
494
+# 
495
+#        /etc/postfix/header_checks.pcre:
496
+#            /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
497
+#              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
498
+#              hlp|ht[at]|
499
+#              inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
500
+#              \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
501
+#              ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
502
+#              vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
503
+#                REJECT Attachment name "$2" may not end with ".$4"
504
+# 
505
+#        Body pattern to stop a specific HTML browser vulnerability
506
+#        exploit.
507
+# 
508
+#        /etc/postfix/main.cf:
509
+#            body_checks = regexp:/etc/postfix/body_checks
510
+# 
511
+#        /etc/postfix/body_checks:
512
+#            /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
513
+#                REJECT IFRAME vulnerability exploit
514
+# 
515
+# SEE ALSO
516
+#        cleanup(8), canonicalize and enqueue Postfix message
517
+#        pcre_table(5), format of PCRE lookup tables
518
+#        regexp_table(5), format of POSIX regular expression tables
519
+#        postconf(1), Postfix configuration utility
520
+#        postmap(1), Postfix lookup table management
521
+#        postsuper(1), Postfix janitor
522
+#        postcat(1), show Postfix queue file contents
523
+#        RFC 2045, base64 and quoted-printable encoding rules
524
+#        RFC 2047, message header encoding for non-ASCII text
525
+# 
526
+# README FILES
527
+#        Use "postconf readme_directory" or  "postconf  html_direc-
528
+#        tory" to locate this information.
529
+#        DATABASE_README, Postfix lookup table overview
530
+#        CONTENT_INSPECTION_README, Postfix content inspection overview
531
+#        BUILTIN_FILTER_README, Postfix built-in content inspection
532
+#        BACKSCATTER_README, blocking returned forged mail
533
+# 
534
+# LICENSE
535
+#        The  Secure  Mailer  license must be distributed with this
536
+#        software.
537
+# 
538
+# AUTHOR(S)
539
+#        Wietse Venema
540
+#        IBM T.J. Watson Research
541
+#        P.O. Box 704
542
+#        Yorktown Heights, NY 10598, USA
543
+# 
544
+#        Wietse Venema
545
+#        Google, Inc.
546
+#        111 8th Avenue
547
+#        New York, NY 10011, USA
548
+# 
549
+#                                                               HEADER_CHECKS(5)

+ 678
- 0
postfix/main.cf View File

@@ -0,0 +1,678 @@
1
+# Global Postfix configuration file. This file lists only a subset
2
+# of all parameters. For the syntax, and for a complete parameter
3
+# list, see the postconf(5) manual page (command: "man 5 postconf").
4
+#
5
+# For common configuration examples, see BASIC_CONFIGURATION_README
6
+# and STANDARD_CONFIGURATION_README. To find these documents, use
7
+# the command "postconf html_directory readme_directory", or go to
8
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
9
+#
10
+# For best results, change no more than 2-3 parameters at a time,
11
+# and test if Postfix still works after every change.
12
+
13
+# COMPATIBILITY
14
+#
15
+# The compatibility_level determines what default settings Postfix
16
+# will use for main.cf and master.cf settings. These defaults will
17
+# change over time.
18
+#
19
+# To avoid breaking things, Postfix will use backwards-compatible
20
+# default settings and log where it uses those old backwards-compatible
21
+# default settings, until the system administrator has determined
22
+# if any backwards-compatible default settings need to be made
23
+# permanent in main.cf or master.cf.
24
+#
25
+# When this review is complete, update the compatibility_level setting
26
+# below as recommended in the RELEASE_NOTES file.
27
+#
28
+# The level below is what should be used with new (not upgrade) installs.
29
+#
30
+compatibility_level = 2
31
+
32
+# SOFT BOUNCE
33
+#
34
+# The soft_bounce parameter provides a limited safety net for
35
+# testing.  When soft_bounce is enabled, mail will remain queued that
36
+# would otherwise bounce. This parameter disables locally-generated
37
+# bounces, and prevents the SMTP server from rejecting mail permanently
38
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
39
+# is no cure for address rewriting mistakes or mail routing mistakes.
40
+#
41
+#soft_bounce = no
42
+
43
+# LOCAL PATHNAME INFORMATION
44
+#
45
+# The queue_directory specifies the location of the Postfix queue.
46
+# This is also the root directory of Postfix daemons that run chrooted.
47
+# See the files in examples/chroot-setup for setting up Postfix chroot
48
+# environments on different UNIX systems.
49
+#
50
+queue_directory = /var/spool/postfix
51
+
52
+# The command_directory parameter specifies the location of all
53
+# postXXX commands.
54
+#
55
+command_directory = /usr/sbin
56
+
57
+# The daemon_directory parameter specifies the location of all Postfix
58
+# daemon programs (i.e. programs listed in the master.cf file). This
59
+# directory must be owned by root.
60
+#
61
+daemon_directory = /usr/lib/postfix
62
+
63
+# The data_directory parameter specifies the location of Postfix-writable
64
+# data files (caches, random numbers). This directory must be owned
65
+# by the mail_owner account (see below).
66
+#
67
+data_directory = /var/lib/postfix
68
+
69
+# QUEUE AND PROCESS OWNERSHIP
70
+#
71
+# The mail_owner parameter specifies the owner of the Postfix queue
72
+# and of most Postfix daemon processes.  Specify the name of a user
73
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
74
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
75
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
76
+# USER.
77
+#
78
+mail_owner = postfix
79
+
80
+# The default_privs parameter specifies the default rights used by
81
+# the local delivery agent for delivery to external file or command.
82
+# These rights are used in the absence of a recipient user context.
83
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
84
+#
85
+#default_privs = nobody
86
+
87
+# INTERNET HOST AND DOMAIN NAMES
88
+# 
89
+# The myhostname parameter specifies the internet hostname of this
90
+# mail system. The default is to use the fully-qualified domain name
91
+# from gethostname(). $myhostname is used as a default value for many
92
+# other configuration parameters.
93
+#
94
+#myhostname = host.domain.tld
95
+#myhostname = virtual.domain.tld
96
+
97
+# The mydomain parameter specifies the local internet domain name.
98
+# The default is to use $myhostname minus the first component.
99
+# $mydomain is used as a default value for many other configuration
100
+# parameters.
101
+#
102
+#mydomain = domain.tld
103
+
104
+# SENDING MAIL
105
+# 
106
+# The myorigin parameter specifies the domain that locally-posted
107
+# mail appears to come from. The default is to append $myhostname,
108
+# which is fine for small sites.  If you run a domain with multiple
109
+# machines, you should (1) change this to $mydomain and (2) set up
110
+# a domain-wide alias database that aliases each user to
111
+# user@that.users.mailhost.
112
+#
113
+# For the sake of consistency between sender and recipient addresses,
114
+# myorigin also specifies the default domain name that is appended
115
+# to recipient addresses that have no @domain part.
116
+#
117
+#myorigin = $myhostname
118
+#myorigin = $mydomain
119
+
120
+# RECEIVING MAIL
121
+
122
+# The inet_interfaces parameter specifies the network interface
123
+# addresses that this mail system receives mail on.  By default,
124
+# the software claims all active interfaces on the machine. The
125
+# parameter also controls delivery of mail to user@[ip.address].
126
+#
127
+# See also the proxy_interfaces parameter, for network addresses that
128
+# are forwarded to us via a proxy or network address translator.
129
+#
130
+# Note: you need to stop/start Postfix when this parameter changes.
131
+#
132
+#inet_interfaces = all
133
+#inet_interfaces = $myhostname
134
+#inet_interfaces = $myhostname, localhost
135
+
136
+# The proxy_interfaces parameter specifies the network interface
137
+# addresses that this mail system receives mail on by way of a
138
+# proxy or network address translation unit. This setting extends
139
+# the address list specified with the inet_interfaces parameter.
140
+#
141
+# You must specify your proxy/NAT addresses when your system is a
142
+# backup MX host for other domains, otherwise mail delivery loops
143
+# will happen when the primary MX host is down.
144
+#
145
+#proxy_interfaces =
146
+#proxy_interfaces = 1.2.3.4
147
+
148
+# The mydestination parameter specifies the list of domains that this
149
+# machine considers itself the final destination for.
150
+#
151
+# These domains are routed to the delivery agent specified with the
152
+# local_transport parameter setting. By default, that is the UNIX
153
+# compatible delivery agent that lookups all recipients in /etc/passwd
154
+# and /etc/aliases or their equivalent.
155
+#
156
+# The default is $myhostname + localhost.$mydomain + localhost.  On
157
+# a mail domain gateway, you should also include $mydomain.
158
+#
159
+# Do not specify the names of virtual domains - those domains are
160
+# specified elsewhere (see VIRTUAL_README).
161
+#
162
+# Do not specify the names of domains that this machine is backup MX
163
+# host for. Specify those names via the relay_domains settings for
164
+# the SMTP server, or use permit_mx_backup if you are lazy (see
165
+# STANDARD_CONFIGURATION_README).
166
+#
167
+# The local machine is always the final destination for mail addressed
168
+# to user@[the.net.work.address] of an interface that the mail system
169
+# receives mail on (see the inet_interfaces parameter).
170
+#
171
+# Specify a list of host or domain names, /file/name or type:table
172
+# patterns, separated by commas and/or whitespace. A /file/name
173
+# pattern is replaced by its contents; a type:table is matched when
174
+# a name matches a lookup key (the right-hand side is ignored).
175
+# Continue long lines by starting the next line with whitespace.
176
+#
177
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
178
+#
179
+#mydestination = $myhostname, localhost.$mydomain, localhost
180
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
181
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
182
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
183
+
184
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
185
+#
186
+# The local_recipient_maps parameter specifies optional lookup tables
187
+# with all names or addresses of users that are local with respect
188
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
189
+#
190
+# If this parameter is defined, then the SMTP server will reject
191
+# mail for unknown local users. This parameter is defined by default.
192
+#
193
+# To turn off local recipient checking in the SMTP server, specify
194
+# local_recipient_maps = (i.e. empty).
195
+#
196
+# The default setting assumes that you use the default Postfix local
197
+# delivery agent for local delivery. You need to update the
198
+# local_recipient_maps setting if:
199
+#
200
+# - You define $mydestination domain recipients in files other than
201
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
202
+#   For example, you define $mydestination domain recipients in    
203
+#   the $virtual_mailbox_maps files.
204
+#
205
+# - You redefine the local delivery agent in master.cf.
206
+#
207
+# - You redefine the "local_transport" setting in main.cf.
208
+#
209
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
210
+#   feature of the Postfix local delivery agent (see local(8)).
211
+#
212
+# Details are described in the LOCAL_RECIPIENT_README file.
213
+#
214
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
215
+# to access the passwd file via the proxymap service, in order to
216
+# overcome chroot restrictions. The alternative, having a copy of
217
+# the system passwd file in the chroot jail is just not practical.
218
+#
219
+# The right-hand side of the lookup tables is conveniently ignored.
220
+# In the left-hand side, specify a bare username, an @domain.tld
221
+# wild-card, or specify a user@domain.tld address.
222
+# 
223
+#local_recipient_maps = unix:passwd.byname $alias_maps
224
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
225
+#local_recipient_maps =
226
+
227
+# The unknown_local_recipient_reject_code specifies the SMTP server
228
+# response code when a recipient domain matches $mydestination or
229
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
230
+# and the recipient address or address local-part is not found.
231
+#
232
+# The default setting is 550 (reject mail) but it is safer to start
233
+# with 450 (try again later) until you are certain that your
234
+# local_recipient_maps settings are OK.
235
+#
236
+unknown_local_recipient_reject_code = 550
237
+
238
+# TRUST AND RELAY CONTROL
239
+
240
+# The mynetworks parameter specifies the list of "trusted" SMTP
241
+# clients that have more privileges than "strangers".
242
+#
243
+# In particular, "trusted" SMTP clients are allowed to relay mail
244
+# through Postfix.  See the smtpd_recipient_restrictions parameter
245
+# in postconf(5).
246
+#
247
+# You can specify the list of "trusted" network addresses by hand
248
+# or you can let Postfix do it for you (which is the default).
249
+#
250
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
251
+# clients in the same IP subnetworks as the local machine.
252
+# On Linux, this does works correctly only with interfaces specified
253
+# with the "ifconfig" command.
254
+# 
255
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
256
+# clients in the same IP class A/B/C networks as the local machine.
257
+# Don't do this with a dialup site - it would cause Postfix to "trust"
258
+# your entire provider's network.  Instead, specify an explicit
259
+# mynetworks list by hand, as described below.
260
+#  
261
+# Specify "mynetworks_style = host" when Postfix should "trust"
262
+# only the local machine.
263
+# 
264
+#mynetworks_style = class
265
+#mynetworks_style = subnet
266
+#mynetworks_style = host
267
+
268
+# Alternatively, you can specify the mynetworks list by hand, in
269
+# which case Postfix ignores the mynetworks_style setting.
270
+#
271
+# Specify an explicit list of network/netmask patterns, where the
272
+# mask specifies the number of bits in the network part of a host
273
+# address.
274
+#
275
+# You can also specify the absolute pathname of a pattern file instead
276
+# of listing the patterns here. Specify type:table for table-based lookups
277
+# (the value on the table right-hand side is not used).
278
+#
279
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
280
+#mynetworks = $config_directory/mynetworks
281
+#mynetworks = hash:/etc/postfix/network_table
282
+
283
+# The relay_domains parameter restricts what destinations this system will
284
+# relay mail to.  See the smtpd_recipient_restrictions description in
285
+# postconf(5) for detailed information.
286
+#
287
+# By default, Postfix relays mail
288
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
289
+# - from "untrusted" clients to destinations that match $relay_domains or
290
+#   subdomains thereof, except addresses with sender-specified routing.
291
+# The default relay_domains value is $mydestination.
292
+# 
293
+# In addition to the above, the Postfix SMTP server by default accepts mail
294
+# that Postfix is final destination for:
295
+# - destinations that match $inet_interfaces or $proxy_interfaces,
296
+# - destinations that match $mydestination
297
+# - destinations that match $virtual_alias_domains,
298
+# - destinations that match $virtual_mailbox_domains.
299
+# These destinations do not need to be listed in $relay_domains.
300
+# 
301
+# Specify a list of hosts or domains, /file/name patterns or type:name
302
+# lookup tables, separated by commas and/or whitespace.  Continue
303
+# long lines by starting the next line with whitespace. A file name
304
+# is replaced by its contents; a type:name table is matched when a
305
+# (parent) domain appears as lookup key.
306
+#
307
+# NOTE: Postfix will not automatically forward mail for domains that
308
+# list this system as their primary or backup MX host. See the
309
+# permit_mx_backup restriction description in postconf(5).
310
+#
311
+#relay_domains = $mydestination
312
+
313
+# INTERNET OR INTRANET
314
+
315
+# The relayhost parameter specifies the default host to send mail to
316
+# when no entry is matched in the optional transport(5) table. When
317
+# no relayhost is given, mail is routed directly to the destination.
318
+#
319
+# On an intranet, specify the organizational domain name. If your
320
+# internal DNS uses no MX records, specify the name of the intranet
321
+# gateway host instead.
322
+#
323
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
324
+# [address] or [address]:port; the form [host] turns off MX lookups.
325
+#
326
+# If you're connected via UUCP, see also the default_transport parameter.
327
+#
328
+#relayhost = $mydomain
329
+#relayhost = [gateway.my.domain]
330
+#relayhost = [mailserver.isp.tld]
331
+#relayhost = uucphost
332
+#relayhost = [an.ip.add.ress]
333
+
334
+# REJECTING UNKNOWN RELAY USERS
335
+#
336
+# The relay_recipient_maps parameter specifies optional lookup tables
337
+# with all addresses in the domains that match $relay_domains.
338
+#
339
+# If this parameter is defined, then the SMTP server will reject
340
+# mail for unknown relay users. This feature is off by default.
341
+#
342
+# The right-hand side of the lookup tables is conveniently ignored.
343
+# In the left-hand side, specify an @domain.tld wild-card, or specify
344
+# a user@domain.tld address.
345
+# 
346
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
347
+
348
+# INPUT RATE CONTROL
349
+#
350
+# The in_flow_delay configuration parameter implements mail input
351
+# flow control. This feature is turned on by default, although it
352
+# still needs further development (it's disabled on SCO UNIX due
353
+# to an SCO bug).
354
+# 
355
+# A Postfix process will pause for $in_flow_delay seconds before
356
+# accepting a new message, when the message arrival rate exceeds the
357
+# message delivery rate. With the default 100 SMTP server process
358
+# limit, this limits the mail inflow to 100 messages a second more
359
+# than the number of messages delivered per second.
360
+# 
361
+# Specify 0 to disable the feature. Valid delays are 0..10.
362
+# 
363
+#in_flow_delay = 1s
364
+
365
+# ADDRESS REWRITING
366
+#
367
+# The ADDRESS_REWRITING_README document gives information about
368
+# address masquerading or other forms of address rewriting including
369
+# username->Firstname.Lastname mapping.
370
+
371
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
372
+#
373
+# The VIRTUAL_README document gives information about the many forms
374
+# of domain hosting that Postfix supports.
375
+
376
+# "USER HAS MOVED" BOUNCE MESSAGES
377
+#
378
+# See the discussion in the ADDRESS_REWRITING_README document.
379
+
380
+# TRANSPORT MAP
381
+#
382
+# See the discussion in the ADDRESS_REWRITING_README document.
383
+
384
+# ALIAS DATABASE
385
+#
386
+# The alias_maps parameter specifies the list of alias databases used
387
+# by the local delivery agent. The default list is system dependent.
388
+#
389
+# On systems with NIS, the default is to search the local alias
390
+# database, then the NIS alias database. See aliases(5) for syntax
391
+# details.
392
+# 
393
+# If you change the alias database, run "postalias /etc/aliases" (or
394
+# wherever your system stores the mail alias file), or simply run
395
+# "newaliases" to build the necessary DBM or DB file.
396
+#
397
+# It will take a minute or so before changes become visible.  Use
398
+# "postfix reload" to eliminate the delay.
399
+#
400
+#alias_maps = dbm:/etc/aliases
401
+#alias_maps = hash:/etc/aliases
402
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
403
+#alias_maps = netinfo:/aliases
404
+
405
+# The alias_database parameter specifies the alias database(s) that
406
+# are built with "newaliases" or "sendmail -bi".  This is a separate
407
+# configuration parameter, because alias_maps (see above) may specify
408
+# tables that are not necessarily all under control by Postfix.
409
+#
410
+#alias_database = dbm:/etc/aliases
411
+#alias_database = dbm:/etc/mail/aliases
412
+#alias_database = hash:/etc/aliases
413
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
414
+
415
+# ADDRESS EXTENSIONS (e.g., user+foo)
416
+#
417
+# The recipient_delimiter parameter specifies the separator between
418
+# user names and address extensions (user+foo). See canonical(5),
419
+# local(8), relocated(5) and virtual(5) for the effects this has on
420
+# aliases, canonical, virtual, relocated and .forward file lookups.
421
+# Basically, the software tries user+foo and .forward+foo before
422
+# trying user and .forward.
423
+#
424
+#recipient_delimiter = +
425
+
426
+# DELIVERY TO MAILBOX
427
+#
428
+# The home_mailbox parameter specifies the optional pathname of a
429
+# mailbox file relative to a user's home directory. The default
430
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
431
+# "Maildir/" for qmail-style delivery (the / is required).
432
+#
433
+#home_mailbox = Mailbox
434
+#home_mailbox = Maildir/
435
+ 
436
+# The mail_spool_directory parameter specifies the directory where
437
+# UNIX-style mailboxes are kept. The default setting depends on the
438
+# system type.
439
+#
440
+#mail_spool_directory = /var/mail
441
+#mail_spool_directory = /var/spool/mail
442
+
443
+# The mailbox_command parameter specifies the optional external
444
+# command to use instead of mailbox delivery. The command is run as
445
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
446
+# Exception:  delivery for root is done as $default_user.
447
+#
448
+# Other environment variables of interest: USER (recipient username),
449
+# EXTENSION (address extension), DOMAIN (domain part of address),
450
+# and LOCAL (the address localpart).
451
+#
452
+# Unlike other Postfix configuration parameters, the mailbox_command
453
+# parameter is not subjected to $parameter substitutions. This is to
454
+# make it easier to specify shell syntax (see example below).
455
+#
456
+# Avoid shell meta characters because they will force Postfix to run
457
+# an expensive shell process. Procmail alone is expensive enough.
458
+#
459
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
460
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
461
+#
462
+#mailbox_command = /some/where/procmail
463
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
464
+
465
+# The mailbox_transport specifies the optional transport in master.cf
466
+# to use after processing aliases and .forward files. This parameter
467
+# has precedence over the mailbox_command, fallback_transport and
468
+# luser_relay parameters.
469
+#
470
+# Specify a string of the form transport:nexthop, where transport is
471
+# the name of a mail delivery transport defined in master.cf.  The
472
+# :nexthop part is optional. For more details see the sample transport
473
+# configuration file.
474
+#
475
+# NOTE: if you use this feature for accounts not in the UNIX password
476
+# file, then you must update the "local_recipient_maps" setting in
477
+# the main.cf file, otherwise the SMTP server will reject mail for    
478
+# non-UNIX accounts with "User unknown in local recipient table".
479
+#
480
+# Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
481
+# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
482
+#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
483
+#
484
+# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
485
+# subsequent line in master.cf.
486
+#mailbox_transport = cyrus
487
+
488
+# The fallback_transport specifies the optional transport in master.cf
489
+# to use for recipients that are not found in the UNIX passwd database.
490
+# This parameter has precedence over the luser_relay parameter.
491
+#
492
+# Specify a string of the form transport:nexthop, where transport is
493
+# the name of a mail delivery transport defined in master.cf.  The
494
+# :nexthop part is optional. For more details see the sample transport
495
+# configuration file.
496
+#
497
+# NOTE: if you use this feature for accounts not in the UNIX password
498
+# file, then you must update the "local_recipient_maps" setting in
499
+# the main.cf file, otherwise the SMTP server will reject mail for    
500
+# non-UNIX accounts with "User unknown in local recipient table".
501
+#
502
+#fallback_transport = lmtp:unix:/file/name
503
+#fallback_transport = cyrus
504
+#fallback_transport =
505
+
506
+# The luser_relay parameter specifies an optional destination address
507
+# for unknown recipients.  By default, mail for unknown@$mydestination,
508
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
509
+# as undeliverable.
510
+#
511
+# The following expansions are done on luser_relay: $user (recipient
512
+# username), $shell (recipient shell), $home (recipient home directory),
513
+# $recipient (full recipient address), $extension (recipient address
514
+# extension), $domain (recipient domain), $local (entire recipient
515
+# localpart), $recipient_delimiter. Specify ${name?value} or
516
+# ${name:value} to expand value only when $name does (does not) exist.
517
+#
518
+# luser_relay works only for the default Postfix local delivery agent.
519
+#
520
+# NOTE: if you use this feature for accounts not in the UNIX password
521
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
522
+# the main.cf file, otherwise the SMTP server will reject mail for    
523
+# non-UNIX accounts with "User unknown in local recipient table".
524
+#
525
+#luser_relay = $user@other.host
526
+#luser_relay = $local@other.host
527
+#luser_relay = admin+$local
528
+  
529
+# JUNK MAIL CONTROLS
530
+# 
531
+# The controls listed here are only a very small subset. The file
532
+# SMTPD_ACCESS_README provides an overview.
533
+
534
+# The header_checks parameter specifies an optional table with patterns
535
+# that each logical message header is matched against, including
536
+# headers that span multiple physical lines.
537
+#
538
+# By default, these patterns also apply to MIME headers and to the
539
+# headers of attached messages. With older Postfix versions, MIME and
540
+# attached message headers were treated as body text.
541
+#
542
+# For details, see "man header_checks".
543
+#
544
+#header_checks = regexp:/etc/postfix/header_checks
545
+
546
+# FAST ETRN SERVICE
547
+#
548
+# Postfix maintains per-destination logfiles with information about
549
+# deferred mail, so that mail can be flushed quickly with the SMTP
550
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
551
+# See the ETRN_README document for a detailed description.
552
+# 
553
+# The fast_flush_domains parameter controls what destinations are
554
+# eligible for this service. By default, they are all domains that
555
+# this server is willing to relay mail to.
556
+# 
557
+#fast_flush_domains = $relay_domains
558
+
559
+# SHOW SOFTWARE VERSION OR NOT
560
+#
561
+# The smtpd_banner parameter specifies the text that follows the 220
562
+# code in the SMTP server's greeting banner. Some people like to see
563
+# the mail version advertised. By default, Postfix shows no version.
564
+#
565
+# You MUST specify $myhostname at the start of the text. That is an
566
+# RFC requirement. Postfix itself does not care.
567
+#
568
+#smtpd_banner = $myhostname ESMTP $mail_name
569
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
570
+
571
+# PARALLEL DELIVERY TO THE SAME DESTINATION
572
+#
573
+# How many parallel deliveries to the same user or domain? With local
574
+# delivery, it does not make sense to do massively parallel delivery
575
+# to the same user, because mailbox updates must happen sequentially,
576
+# and expensive pipelines in .forward files can cause disasters when
577
+# too many are run at the same time. With SMTP deliveries, 10
578
+# simultaneous connections to the same domain could be sufficient to
579
+# raise eyebrows.
580
+# 
581
+# Each message delivery transport has its XXX_destination_concurrency_limit
582
+# parameter.  The default is $default_destination_concurrency_limit for
583
+# most delivery transports. For the local delivery agent the default is 2.
584
+
585
+#local_destination_concurrency_limit = 2
586
+#default_destination_concurrency_limit = 20
587
+
588
+# DEBUGGING CONTROL
589
+#
590
+# The debug_peer_level parameter specifies the increment in verbose
591
+# logging level when an SMTP client or server host name or address
592
+# matches a pattern in the debug_peer_list parameter.
593
+#
594
+debug_peer_level = 2
595
+
596
+# The debug_peer_list parameter specifies an optional list of domain
597
+# or network patterns, /file/name patterns or type:name tables. When
598
+# an SMTP client or server host name or address matches a pattern,
599
+# increase the verbose logging level by the amount specified in the
600
+# debug_peer_level parameter.
601
+#
602
+#debug_peer_list = 127.0.0.1
603
+#debug_peer_list = some.domain
604
+
605
+# The debugger_command specifies the external command that is executed
606
+# when a Postfix daemon program is run with the -D option.
607
+#
608
+# Use "command .. & sleep 5" so that the debugger can attach before
609
+# the process marches on. If you use an X-based debugger, be sure to
610
+# set up your XAUTHORITY environment variable before starting Postfix.
611
+#
612
+debugger_command =
613
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
614
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
615
+
616
+# If you can't use X, use this to capture the call stack when a
617
+# daemon crashes. The result is in a file in the configuration
618
+# directory, and is named after the process name and the process ID.
619
+#
620
+# debugger_command =
621
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
622
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
623
+#	>$config_directory/$process_name.$process_id.log & sleep 5
624
+#
625
+# Another possibility is to run gdb under a detached screen session.
626
+# To attach to the screen session, su root and run "screen -r
627
+# <id_string>" where <id_string> uniquely matches one of the detached
628
+# sessions (from "screen -list").
629
+#
630
+# debugger_command =
631
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
632
+#	-dmS $process_name gdb $daemon_directory/$process_name
633
+#	$process_id & sleep 1
634
+
635
+# INSTALL-TIME CONFIGURATION INFORMATION
636
+#
637
+# The following parameters are used when installing a new Postfix version.
638
+# 
639
+# sendmail_path: The full pathname of the Postfix sendmail command.
640
+# This is the Sendmail-compatible mail posting interface.
641
+# 
642
+sendmail_path = /usr/sbin/sendmail
643
+
644
+# newaliases_path: The full pathname of the Postfix newaliases command.
645
+# This is the Sendmail-compatible command to build alias databases.
646
+#
647
+newaliases_path = /usr/bin/newaliases
648
+
649
+# mailq_path: The full pathname of the Postfix mailq command.  This
650
+# is the Sendmail-compatible mail queue listing command.
651
+# 
652
+mailq_path = /usr/bin/mailq
653
+
654
+# setgid_group: The group for mail submission and queue management
655
+# commands.  This must be a group name with a numerical group ID that
656
+# is not shared with other accounts, not even with the Postfix account.
657
+#
658
+setgid_group = postdrop
659
+
660
+# html_directory: The location of the Postfix HTML documentation.
661
+#
662
+html_directory = no
663
+
664
+# manpage_directory: The location of the Postfix on-line manual pages.
665
+#
666
+manpage_directory = /usr/share/man
667
+
668
+# sample_directory: The location of the Postfix sample configuration files.
669
+# This parameter is obsolete as of Postfix 2.1.
670
+#
671
+sample_directory = /etc/postfix
672
+
673
+# readme_directory: The location of the Postfix README files.
674
+#
675
+readme_directory = /usr/share/doc/postfix/readme
676
+inet_protocols = ipv4
677
+meta_directory = /etc/postfix
678
+shlib_directory = /usr/lib/postfix

+ 132
- 0
postfix/master.cf View File

@@ -0,0 +1,132 @@
1
+#
2
+# Postfix master process configuration file.  For details on the format
3
+# of the file, see the master(5) manual page (command: "man 5 master" or
4
+# on-line: http://www.postfix.org/master.5.html).
5
+#
6
+# Do not forget to execute "postfix reload" after editing this file.
7
+#
8
+# ================================================================