Add postfix configs

2021-01-05 04:21:09 +00:00 · 2021-01-05 04:21:09 +00:00 · a871f01188
parent de343d9b88
commit a871f01188
4 changed files with 134 additions and 0 deletions
--- a/configs/postfix/APKBUILD
+++ b/configs/postfix/APKBUILD
@ -0,0 +1,24 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-config-postfix
+pkgver=2021.01.05
+pkgrel=5
+pkgdesc="Postfix configuration files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="postfix redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private"
+options="!check"
+install="$pkgname.pre-install"
+source="
+	master.cf
+	main.cf
+"
+
+package() {
+	install -Dm644 master.cf "$pkgdir"/etc/postfix.redxen/master.cf
+	install -Dm644 main.cf "$pkgdir"/etc/postfix.redxen/main.cf
+}
+
+sha512sums="b50bfb986c3ac6c2f14b15c101772312128869d3e6a77075a67e913115a43ace484a1f50604c79296c224410bbff86769abf9b0352aa97a5b646c4a627f0edad  master.cf
+1d7112b6fd6a0c0a9a7507ca33dc78607b8bb0cad88cf0f13b1be6cd496d389fa0b946088e2fdb30300a39e20951c0d7c76b51e98fc5c09b014701e8bbddec0b  main.cf"
--- a/configs/postfix/main.cf
+++ b/configs/postfix/main.cf
@ -0,0 +1,68 @@
+# General
+smtpd_banner = $myhostname ESMTP RedXen Mail. DO NOT MESS WITH US OR WE WILL CUT YOUR BALLS OFF!
+
+inet_interfaces = all
+inet_protocols = all
+
+myorigin = redxen.eu
+myhostname = mail.$myorigin
+mydomain = $myorigin
+mydestination = mail.redxen.eu, smtp.redxen.eu, redxen.eu
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+
+relayhost =
+relay_domains = $mydestination
+
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+biff = no
+append_dot_mydomain = no
+delay_warning_time = 1h
+readme_directory = no
+compatibility_level = 2
+mailbox_size_limit = 0
+recipient_delimiter = +
+notify_classes = resource, software, bounce
+
+# SMTP TLS
+smtp_tls_CApath = /etc/ssl/certs
+smtp_tls_security_level = may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+smtpd_use_tls = yes
+smtpd_tls_cert_file = /etc/ssl/redxen/letsencrypt/chain.crt
+smtpd_tls_key_file = /etc/ssl/redxen/letsencrypt/private.key
+smtpd_tls_security_level = encrypt
+
+# Restrictions
+smtpd_sender_restrictions    = reject_unknown_sender_domain
+smtpd_relay_restrictions     = permit_sasl_authenticated,
+                               reject_unauth_destination
+smtpd_recipient_restrictions = permit_sasl_authenticated,
+                               reject_non_fqdn_recipient,
+                               reject_unknown_recipient_domain,
+                               reject_unknown_reverse_client_hostname,
+                               reject_rbl_client sbl.spamhaus.org,
+                               reject_rbl_client xbl.spamhaus.org,
+                               reject_rhsbl_client dbl.spamhaus.org,
+                               reject_rhsbl_reverse_client dbl.spamhaus.org,
+                               reject_rhsbl_sender dbl.spamhaus.org
+smtpd_helo_restrictions      = reject_rhsbl_helo dbl.spamhaus.org
+
+# Dovecot auth
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = /run/dovecot/auth
+smtpd_sasl_security_options=noanonymous
+smtpd_sasl_local_domain=$myhostname
+
+# Dovecot LMTP
+mailbox_transport = lmtp:unix:/run/dovecot/lmtp
+
+# OpenDKIM & RSpamD
+#milter_default_action = tempfail
+#milter_protocol = 6
+
+#smtpd_milters = local:/run/opendkim/opendkim.sock inet:127.0.0.1:11332
+#non_smtpd_milters = local:/run/opendkim/opendkim.sock inet:127.0.0.1:11332
+#internal_mail_filter_classes = bounce, notify
--- a/configs/postfix/master.cf
+++ b/configs/postfix/master.cf
@ -0,0 +1,37 @@
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+submission inet n       -       y       -       -       smtpd
+	-o smtpd_sasl_auth_enable=yes
+	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtp      unix  -       -       n       -       -       smtp
+smtp      inet  n       -       n       -       -       smtpd
+	-o smtpd_sasl_auth_enable=yes
+smtps     inet  n       -       n       -       -       smtpd
+	-o smtpd_sasl_auth_enable=yes
+	-o syslog_name=postfix/$service_name
+	-o smtpd_tls_wrappermode=yes
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+relay     unix  -       -       y       -       -       smtp
+	-o syslog_name=postfix/$service_name
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
--- a/configs/postfix/redxen-config-postfix.pre-install
+++ b/configs/postfix/redxen-config-postfix.pre-install
@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser dovecot rxletsenc
+
+return 0