| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 |
- # inter-mx with postscreen on 25/tcp
- smtp inet n - n - 1 postscreen
- 10025 inet n - n - 1 postscreen
- -o postscreen_upstream_proxy_protocol=haproxy
- -o syslog_name=haproxy
- smtpd pass - - n - - smtpd
- -o smtpd_sasl_auth_enable=no
- -o smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
- # smtpd tls-wrapped (smtps) on 465/tcp
- # TLS protocol can be modified by setting smtps_smtpd_tls_mandatory_protocols in extra.cf
- smtps inet n - n - - smtpd
- -o smtpd_tls_wrappermode=yes
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
- -o tls_preempt_cipherlist=yes
- -o cleanup_service_name=smtp_sender_cleanup
- -o syslog_name=postfix/smtps
- 10465 inet n - n - - smtpd
- -o smtpd_upstream_proxy_protocol=haproxy
- -o smtpd_tls_wrappermode=yes
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
- -o tls_preempt_cipherlist=yes
- -o cleanup_service_name=smtp_sender_cleanup
- -o syslog_name=postfix/smtps-haproxy
- # smtpd with starttls on 587/tcp
- # TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
- submission inet n - n - - smtpd
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o smtpd_enforce_tls=yes
- -o smtpd_tls_security_level=encrypt
- -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
- -o tls_preempt_cipherlist=yes
- -o cleanup_service_name=smtp_sender_cleanup
- -o syslog_name=postfix/submission
- 10587 inet n - n - - smtpd
- -o smtpd_upstream_proxy_protocol=haproxy
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o smtpd_enforce_tls=yes
- -o smtpd_tls_security_level=encrypt
- -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
- -o tls_preempt_cipherlist=yes
- -o cleanup_service_name=smtp_sender_cleanup
- -o syslog_name=postfix/submission-haproxy
- # used by SOGo
- # smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function
- 588 inet n - n - - smtpd
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o smtpd_tls_auth_only=no
- -o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
- -o cleanup_service_name=smtp_sender_cleanup
- -o syslog_name=postfix/sogo
- # used to reinject quarantine mails
- 590 inet n - n - - smtpd
- -o smtpd_helo_restrictions=
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_tls_auth_only=no
- -o smtpd_milters=
- -o non_smtpd_milters=
- -o syslog_name=postfix/quarantine
- # used to send bcc mails
- 591 inet n - n - - smtpd
- -o smtpd_helo_restrictions=
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_tls_auth_only=no
- -o smtpd_milters=
- -o non_smtpd_milters=
- -o syslog_name=postfix/bcc
- # enforced smtp connector
- smtp_enforced_tls unix - - n - - smtp
- -o smtp_tls_security_level=encrypt
- -o syslog_name=enforced-tls-smtp
- -o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
- # smtp connector used, when a transport map matched
- # this helps to have different sasl maps than we have with sender dependent transport maps
- smtp_via_transport_maps unix - - n - - smtp
- -o smtp_sasl_password_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
- tlsproxy unix - - n - 0 tlsproxy
- dnsblog unix - - n - 0 dnsblog
- pickup fifo n - n 60 1 pickup
- cleanup unix n - n - 0 cleanup
- qmgr fifo n - n 300 1 qmgr
- tlsmgr unix - - n 1000? 1 tlsmgr
- rewrite unix - - n - - trivial-rewrite
- bounce unix - - n - 0 bounce
- defer unix - - n - 0 bounce
- trace unix - - n - 0 bounce
- verify unix - - n - 1 verify
- flush unix n - n 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - n - - smtp
- relay unix - - n - - smtp
- showq unix n - n - - showq
- error unix - - n - - error
- retry unix - - n - - error
- discard unix - - n - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - n - - lmtp flags=O
- anvil unix - - n - 1 anvil
- scache unix - - n - 1 scache
- maildrop unix - n n - - pipe flags=DRhu
- user=vmail argv=/usr/bin/maildrop -d ${recipient}
- # used to anonymize sender IP
- smtp_sender_cleanup unix n - y - 0 cleanup
- -o header_checks=$smtp_header_checks
- # start whitelist_fwd
- 127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
- # end whitelist_fwd
- # start watchdog-specific
- # logs to local7 (hidden)
- 589 inet n - n - - smtpd
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o syslog_name=watchdog
- -o syslog_facility=local7
- -o smtpd_milters=
- -o cleanup_service_name=watchdog_cleanup
- -o non_smtpd_milters=
- watchdog_cleanup unix n - n - 0 cleanup
- -o syslog_name=watchdog
- -o syslog_facility=local7
- -o queue_service_name=watchdog_qmgr
- watchdog_qmgr fifo n - n 300 1 qmgr
- -o syslog_facility=local7
- -o syslog_name=watchdog
- -o rewrite_service_name=watchdog_rewrite
- watchdog_rewrite unix - - n - - trivial-rewrite
- -o syslog_facility=local7
- -o syslog_name=watchdog
- -o local_transport=watchdog_discard
- watchdog_discard unix - - n - - discard
- -o syslog_facility=local7
- -o syslog_name=watchdog
- # end watchdog-specific
|
