crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
crans_bcfg2/Python/etc/postfix/master.cf
Michel Blockelet 8b8ae19055 [postfix] Transport slow pour les SMTP relous 
Ignore-this: 526080e80e89c5e08e27937275de980b
C'est mieux quand c'est mis dans bcfg2, histoire de ne pas avoir un MX qui
n'envoie plus rien parce que la moitie de ses fichiers ont ete modifies

darcs-hash:20121004221215-ddb99-90072f8d78b0e1653e7dbc03bc7bd05a6601e752.gz
2012-10-05 00:12:15 +02:00

196 lines
8.3 KiB
Python
Raw Blame History

# -*- mode: python; coding: utf-8 -*-
include("ip")
header("Fichier de configuration des démons de postfix.")
@# +------------------------+
@# | Utils pour le template |
@# +------------------------+
# Indique si c'est un MX principal ou secondaire.
main = has("mail-mx-main")
secondary = has("mail-mx-secondary")
# Indique si c'est un MX public, par exemple le serveur
# des adherents est utilise uniquement en interne
public = has("mail-mx-public")
# Si vrai alors delivre localement les mails des adherents.
users = has("users")
tracker = has("tracker")
pub = pubip()
adm = admip()
loc = "127.0.0.1"
if has("titanic"):
ext = "82.225.39.54"
@# Postfix master process configuration file. Each line describes how
@# a mailer component program should be run. The fields that make up
@# each line are described below. A "-" field value requests that a
@# default value be used for that field.
@#
@# Service: any name that is valid for the specified transport type
@# (the next field). With INET transports, a service is specified as
@# host:port. The host part (and colon) may be omitted. Either host
@# or port may be given in symbolic form or in numeric form. Examples
@# for the SMTP server: localhost:smtp receives mail via the loopback
@# interface only; 10025 receives mail on port 10025.
@#
@# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
@# sockets, "fifo" for named pipes.
@#
@# Private: whether or not access is restricted to the mail system.
@# Default is private service. Internet (inet) sockets can't be private.
@#
@# Unprivileged: whether the service runs with root privileges or as
@# the owner of the Postfix system (the owner name is controlled by the
@# mail_owner configuration variable in the main.cf file).
@#
@# Chroot: whether or not the service runs chrooted to the mail queue
@# directory (pathname is controlled by the queue_directory configuration
@# variable in the main.cf file). Presently, all Postfix daemons can run
@# chrooted, except for the pipe, virtual and local delivery daemons.
@# The files in the examples/chroot-setup subdirectory describe how
@# to set up a Postfix chroot environment for your type of machine.
@#
@# Wakeup time: automatically wake up the named service after the
@# specified number of seconds. A ? at the end of the wakeup time
@# field requests that wake up events be sent only to services that
@# are actually being used. Specify 0 for no wakeup. Presently, only
@# the pickup, queue manager and flush daemons need a wakeup timer.
@#
@# Max procs: the maximum number of processes that may execute this
@# service simultaneously. Default is to use a globally configurable
@# limit (the default_process_limit configuration parameter in main.cf).
@# Specify 0 for no process count limit.
@#
@# Command + args: the command to be executed. The command name is
@# relative to the Postfix program directory (pathname is controlled by
@# the program_directory configuration variable). Adding one or more
@# -v options turns on verbose logging for that service; adding a -D
@# option enables symbolic debugging (see the debugger_command variable
@# in the main.cf configuration file). See individual command man pages
@# for specific command-line options, if any.
@#
@# In order to use the "uucp" message tranport below, set up entries
@# in the transport table.
@#
@# In order to use the "cyrus" message transport below, configure it
@# in main.cf as the mailbox_transport.
@#
@# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
@# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
@#
@# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR
@# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD
@#
@# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL
@# DELIVER MAIL MULTIPLE TIMES.
@#
@# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
@#
@# ==========================================================================
@# service type private unpriv chroot wakeup maxproc command + args
@# (yes) (yes) (yes) (never) (50)
@# ==========================================================================
if main:
@smtp inet n - - - - smtpd
@smtps inet n - - - - smtpd
@ -o smtpd_tls_wrappermode=yes
@ -o smtpd_sasl_auth_enable=yes
@ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
elif tracker:
@smtp inet n - - - - smtpd
@ -o receive_override_options=no_address_mappings
else:
if has("titanic"):
print ext + ":smtp inet n - - - - smtpd"
print pub + ":smtp inet n - - - - smtpd"
print adm + ":smtp inet n - - - - smtpd"
if not public:
print " -o content_filter=lmtp:[amavis.adm.crans.org]:10024"
print loc + ":smtp inet n - - - - smtpd"
#628 inet n - - - - qmqpd
@pickup fifo n - - 60 1 pickup
@cleanup unix n - - - 0 cleanup
@qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 nqmgr
@rewrite unix - - - - - trivial-rewrite
@bounce unix - - - - 0 bounce
@defer unix - - - - 0 bounce
@trace unix - - - - 0 bounce
@verify unix - - - - 1 verify
@flush unix n - - 1000? 0 flush
@proxymap unix - - n - - proxymap
@smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
@relay unix - - - - - smtp
if main:
@ -o fallback_relay=
@showq unix n - - - - showq
@error unix - - - - - error
@retry unix - - - - - error
@discard unix - - - - - discard
@local unix - n n - - local
@virtual unix - n n - - virtual
@lmtp unix - - n - 5 lmtp
@anvil unix - - - - 1 anvil
@scache unix - - - - 1 scache
@slow unix - - n - 1 smtp
@#
@# Interfaces to non-Postfix software. Be sure to examine the manual
@# pages of the non-Postfix software to find out what options it wants.
@# The Cyrus deliver program has changed incompatibly.
@#
@cyrus unix - n n - - pipe
@ flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m $${extension} $${user}
if has("news"):
@corbeau unix - n n - - pipe
@user=respbats:adm argv=/usr/scripts/corbeau
@uucp unix - n n - - pipe
@ flags=Fqhu user=uucp argv=uux -r -n -z -a$$sender - $$nexthop!rmail ($$recipient)
@ifmail unix - n n - - pipe
@ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $$nexthop ($$recipient)
@bsmtp unix - n n - - pipe
@ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$$nexthop -f$$sender $$recipient
@scalemail-backend unix - n n - 2 pipe
@ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $${nexthop} $${user} $${extension}
@# only used by postfix-tls
@smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
@587 inet n - - - - smtpd -o smtpd_enforce_tls=yes
@tlsmgr unix - - n 300 1 tlsmgr
if users:
@# Smtp pour la reception des mails venant des autres MX
@# a verifier que ca vient du vlan adm.
print adm + ":smtp inet n - n - - smtpd"
@ -o content_filter=
@ -o local_recipient_maps=
@ -o smtpd_helo_restrictions=
@ -o smtpd_client_restrictions=
@ -o smtpd_sender_restrictions=
@ -o smtpd_recipient_restrictions=permit_mynetworks,reject
@ -o mynetworks=10.231.136.0/24
if main:
@# Smtp pour la recuperation en local des mails d'amavis
print loc + ":10025 inet n - n - - smtpd"
@ -o content_filter=
@ -o smtpd_delay_reject=no
@ -o smtpd_client_restrictions=permit_mynetworks,reject
@ -o smtpd_helo_restrictions=
@ -o smtpd_sender_restrictions=
@ -o smtpd_recipient_restrictions=permit_mynetworks,reject
@ -o smtpd_data_restrictions=reject_unauth_pipelining
@ -o smtpd_end_of_data_restrictions=
@ -o smtpd_restriction_classes=
@ -o mynetworks=127.0.0.0/8
@ -o smtpd_error_sleep_time=0
@ -o smtpd_soft_error_limit=1001
@ -o smtpd_hard_error_limit=1000
@ -o smtpd_client_connection_count_limit=0
@ -o smtpd_client_connection_rate_limit=0
@ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
@ -o local_header_rewrite_clients=
Reference in a new issue View git blame Copy permalink