|
|
@@ -15,6 +15,7 @@ smtps inet n - n - - smtpd
|
|
|
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
|
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
|
|
|
-o tls_preempt_cipherlist=yes
|
|
|
+ -o cleanup_service_name=smtp_sender_cleanup
|
|
|
-o syslog_name=postfix/smtps
|
|
|
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
|
|
|
10465 inet n - n - - smtpd
|
|
|
@@ -23,6 +24,7 @@ smtps inet n - n - - smtpd
|
|
|
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
|
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
|
|
|
-o tls_preempt_cipherlist=yes
|
|
|
+ -o cleanup_service_name=smtp_sender_cleanup
|
|
|
-o syslog_name=postfix/smtps-haproxy
|
|
|
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
|
|
|
|
|
|
@@ -34,6 +36,7 @@ submission inet n - n - - smtpd
|
|
|
-o smtpd_tls_security_level=encrypt
|
|
|
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
|
|
|
-o tls_preempt_cipherlist=yes
|
|
|
+ -o cleanup_service_name=smtp_sender_cleanup
|
|
|
-o syslog_name=postfix/submission
|
|
|
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
|
|
|
10587 inet n - n - - smtpd
|
|
|
@@ -43,6 +46,7 @@ submission inet n - n - - smtpd
|
|
|
-o smtpd_tls_security_level=encrypt
|
|
|
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
|
|
|
-o tls_preempt_cipherlist=yes
|
|
|
+ -o cleanup_service_name=smtp_sender_cleanup
|
|
|
-o syslog_name=postfix/submission-haproxy
|
|
|
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
|
|
|
|
|
|
@@ -52,6 +56,7 @@ submission inet n - n - - smtpd
|
|
|
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
|
-o smtpd_tls_auth_only=no
|
|
|
-o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
|
|
|
+ -o cleanup_service_name=smtp_sender_cleanup
|
|
|
-o syslog_name=postfix/sogo
|
|
|
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
|
|
|
|
|
|
@@ -70,6 +75,7 @@ smtp_enforced_tls unix - - n - - smtp
|
|
|
-o smtp_tls_security_level=encrypt
|
|
|
-o syslog_name=enforced-tls-smtp
|
|
|
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
|
|
|
+
|
|
|
# smtp connector used, when a transport map matched
|
|
|
# this helps to have different sasl maps than we have with sender dependent transport maps
|
|
|
smtp_via_transport_maps unix - - n - - smtp
|
|
|
@@ -103,6 +109,10 @@ scache unix - - n - 1 scache
|
|
|
maildrop unix - n n - - pipe flags=DRhu
|
|
|
user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
|
|
|
|
|
+# used to anonymize sender IP
|
|
|
+smtp_sender_cleanup unix n - y - 0 cleanup
|
|
|
+ -o header_checks=$smtp_header_checks
|
|
|
+
|
|
|
# start whitelist_fwd
|
|
|
127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
|
|
|
127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh
|
|
|
@@ -132,5 +142,4 @@ watchdog_rewrite unix - - n - - trivial-rewrit
|
|
|
watchdog_discard unix - - n - - discard
|
|
|
-o syslog_facility=local7
|
|
|
-o syslog_name=watchdog
|
|
|
-
|
|
|
# end watchdog-specific
|
Dmitriy Alekseev