# -*- mode: python; coding: utf-8 -*- include("ip") header("Fichier de configuration des démons de postfix.") @# +------------------------+ @# | Utils pour le template | @# +------------------------+ # Indique si c'est un MX principal ou secondaire. main = has("mail-mx-main") secondary = has("mail-mx-secondary") # Indique si c'est un MX public, par exemple le serveur # des adherents est utilise uniquement en interne public = has("mail-mx-public") # Si vrai alors delivre localement les mails des adherents. users = has("users") tracker = has("tracker") pub = pubip() adm = admip() loc = "127.0.0.1" if has("titanic"): ext = "82.225.39.54" @# Postfix master process configuration file. Each line describes how @# a mailer component program should be run. The fields that make up @# each line are described below. A "-" field value requests that a @# default value be used for that field. @# @# Service: any name that is valid for the specified transport type @# (the next field). With INET transports, a service is specified as @# host:port. The host part (and colon) may be omitted. Either host @# or port may be given in symbolic form or in numeric form. Examples @# for the SMTP server: localhost:smtp receives mail via the loopback @# interface only; 10025 receives mail on port 10025. @# @# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain @# sockets, "fifo" for named pipes. @# @# Private: whether or not access is restricted to the mail system. @# Default is private service. Internet (inet) sockets can't be private. @# @# Unprivileged: whether the service runs with root privileges or as @# the owner of the Postfix system (the owner name is controlled by the @# mail_owner configuration variable in the main.cf file). @# @# Chroot: whether or not the service runs chrooted to the mail queue @# directory (pathname is controlled by the queue_directory configuration @# variable in the main.cf file). Presently, all Postfix daemons can run @# chrooted, except for the pipe, virtual and local delivery daemons. @# The files in the examples/chroot-setup subdirectory describe how @# to set up a Postfix chroot environment for your type of machine. @# @# Wakeup time: automatically wake up the named service after the @# specified number of seconds. A ? at the end of the wakeup time @# field requests that wake up events be sent only to services that @# are actually being used. Specify 0 for no wakeup. Presently, only @# the pickup, queue manager and flush daemons need a wakeup timer. @# @# Max procs: the maximum number of processes that may execute this @# service simultaneously. Default is to use a globally configurable @# limit (the default_process_limit configuration parameter in main.cf). @# Specify 0 for no process count limit. @# @# Command + args: the command to be executed. The command name is @# relative to the Postfix program directory (pathname is controlled by @# the program_directory configuration variable). Adding one or more @# -v options turns on verbose logging for that service; adding a -D @# option enables symbolic debugging (see the debugger_command variable @# in the main.cf configuration file). See individual command man pages @# for specific command-line options, if any. @# @# In order to use the "uucp" message tranport below, set up entries @# in the transport table. @# @# In order to use the "cyrus" message transport below, configure it @# in main.cf as the mailbox_transport. @# @# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. @# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. @# @# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR @# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD @# @# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL @# DELIVER MAIL MULTIPLE TIMES. @# @# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. @# @# ========================================================================== @# service type private unpriv chroot wakeup maxproc command + args @# (yes) (yes) (yes) (never) (50) @# ========================================================================== if main: @smtp inet n - - - - smtpd @smtps inet n - - - - smtpd @ -o smtpd_tls_wrappermode=yes @ -o smtpd_sasl_auth_enable=yes @ -o smtpd_client_restrictions=permit_sasl_authenticated,reject elif tracker: @smtp inet n - - - - smtpd @ -o receive_override_options=no_address_mappings else: if has("titanic"): print ext + ":smtp inet n - - - - smtpd" print pub + ":smtp inet n - - - - smtpd" print adm + ":smtp inet n - - - - smtpd" if not public: print " -o content_filter=lmtp:[amavis.adm.crans.org]:10024" print loc + ":smtp inet n - - - - smtpd" #628 inet n - - - - qmqpd @pickup fifo n - - 60 1 pickup @cleanup unix n - - - 0 cleanup @qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 nqmgr @rewrite unix - - - - - trivial-rewrite @bounce unix - - - - 0 bounce @defer unix - - - - 0 bounce @trace unix - - - - 0 bounce @verify unix - - - - 1 verify @flush unix n - - 1000? 0 flush @proxymap unix - - n - - proxymap @smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops @relay unix - - - - - smtp if main: @ -o fallback_relay= @showq unix n - - - - showq @error unix - - - - - error @retry unix - - - - - error @discard unix - - - - - discard @local unix - n n - - local @virtual unix - n n - - virtual @lmtp unix - - n - 5 lmtp @anvil unix - - - - 1 anvil @scache unix - - - - 1 scache @slow unix - - n - 1 smtp @# @# Interfaces to non-Postfix software. Be sure to examine the manual @# pages of the non-Postfix software to find out what options it wants. @# The Cyrus deliver program has changed incompatibly. @# @cyrus unix - n n - - pipe @ flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m $${extension} $${user} if has("news"): @corbeau unix - n n - - pipe @user=respbats:adm argv=/usr/scripts/corbeau @uucp unix - n n - - pipe @ flags=Fqhu user=uucp argv=uux -r -n -z -a$$sender - $$nexthop!rmail ($$recipient) @ifmail unix - n n - - pipe @ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $$nexthop ($$recipient) @bsmtp unix - n n - - pipe @ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$$nexthop -f$$sender $$recipient @scalemail-backend unix - n n - 2 pipe @ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $${nexthop} $${user} $${extension} @# only used by postfix-tls @smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes @587 inet n - - - - smtpd -o smtpd_enforce_tls=yes @tlsmgr unix - - n 300 1 tlsmgr if users: @# Smtp pour la reception des mails venant des autres MX @# a verifier que ca vient du vlan adm. print adm + ":smtp inet n - n - - smtpd" @ -o content_filter= @ -o local_recipient_maps= @ -o smtpd_helo_restrictions= @ -o smtpd_client_restrictions= @ -o smtpd_sender_restrictions= @ -o smtpd_recipient_restrictions=permit_mynetworks,reject @ -o mynetworks=10.231.136.0/24 if main: @# Smtp pour la recuperation en local des mails d'amavis print loc + ":10025 inet n - n - - smtpd" @ -o content_filter= @ -o smtpd_delay_reject=no @ -o smtpd_client_restrictions=permit_mynetworks,reject @ -o smtpd_helo_restrictions= @ -o smtpd_sender_restrictions= @ -o smtpd_recipient_restrictions=permit_mynetworks,reject @ -o smtpd_data_restrictions=reject_unauth_pipelining @ -o smtpd_end_of_data_restrictions= @ -o smtpd_restriction_classes= @ -o mynetworks=127.0.0.0/8 @ -o smtpd_error_sleep_time=0 @ -o smtpd_soft_error_limit=1001 @ -o smtpd_hard_error_limit=1000 @ -o smtpd_client_connection_count_limit=0 @ -o smtpd_client_connection_rate_limit=0 @ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters @ -o local_header_rewrite_clients=