AnsibleRoles/ensure_postfix
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: AnsibleRoles:bd41187b0114e64f8ccdc1a1cddd7fb831f3b41a
Branches Tags
AnsibleRoles:master
..
compare: AnsibleRoles:e936ecdc5cc648b8f2445096d89a34b841aa5e02
Branches Tags
AnsibleRoles:master

2 Commits
bd41187b01 ... e936ecdc5c

Author SHA1 Message Date
Jason Rothstein
e936ecdc5c Fedora 40 support 
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
 2024-06-02 12:25:14 -05:00
Jason Rothstein
7a636a88f5 Fix Fedora 39 support 
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
 2024-06-02 12:25:02 -05:00
28 changed files with 5429 additions and 0 deletions
Expand all files Collapse all files

135
templates/Fedora/40/etc/opendkim.conf Normal file
View File

@@ -0,0 +1,135 @@
## BASIC OPENDKIM CONFIGURATION FILE
## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more
## BEFORE running OpenDKIM you must:
## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
## - generate keys for your domain (if signing)
## - edit your DNS records to publish your public keys (if signing)
## See /usr/share/doc/opendkim/INSTALL for detailed instructions.
## DEPRECATED CONFIGURATION OPTIONS
##
## The following configuration options are no longer valid. They should be
## removed from your existing configuration file to prevent potential issues.
## Failure to do so may result in opendkim being unable to start.
##
## Removed in 2.10.0:
## AddAllSignatureResults
## ADSPAction
## ADSPNoSuchDomain
## BogusPolicy
## DisableADSP
## LDAPSoftStart
## LocalADSP
## NoDiscardableMailTo
## On-PolicyError
## SendADSPReports
## UnprotectedPolicy
## CONFIGURATION OPTIONS
## Specifies the path to the process ID file.
#PidFile /run/opendkim/opendkim.pid
## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
## messages.
Mode v
## Log activity to the system log.
Syslog yes
## Log additional entries indicating successful signing or verification of messages.
SyslogSuccess yes
## If logging is enabled, include detailed logging about why or why not a message was
## signed or verified. This causes an increase in the amount of log data generated
## for each message, so set this to No (or comment it out) if it gets too noisy.
LogWhy yes
## Attempt to become the specified user before starting operations.
UserID opendkim:opendkim
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
#Socket local:/run/opendkim/opendkim.sock
## Required to use local socket with MTAs that access the socket as a non-
## privileged user (e.g. Postfix)
Umask 002
## This specifies a text file in which to store DKIM transaction statistics.
## OpenDKIM must be manually compiled with --enable-stats to enable this feature.
# Statistics /var/spool/opendkim/stats.dat
## Specifies whether or not the filter should generate report mail back
## to senders when verification fails and an address for such a purpose
## is provided. See opendkim.conf(5) for details.
SendReports yes
## Specifies the sending address to be used on From: headers of outgoing
## failure reports. By default, the e-mail address of the user executing
## the filter is used (executing_user@hostname).
# ReportAddress "Example.com Postmaster" <postmaster@example.com>
ReportAddress "Postmaster" <{{ postmaster_email }}>
## Add a DKIM-Filter header field to messages passing through this filter
## to identify messages it has processed.
SoftwareHeader yes
## SIGNING OPTIONS
## Selects the canonicalization method(s) to be used when signing messages.
Canonicalization relaxed/relaxed
## Domain(s) whose mail should be signed by this filter. Mail from other domains will
## be verified rather than being signed. Uncomment and use your domain name.
## This parameter is not required if a SigningTable is in use.
# Domain example.com
## Defines the name of the selector to be used when signing messages.
Selector default
## Specifies the minimum number of key bits for acceptable keys and signatures.
MinimumKeyBits 1024
## Gives the location of a private key to be used for signing ALL messages. This
## directive is ignored if KeyTable is enabled.
# KeyFile /etc/opendkim/keys/default.private
## Gives the location of a file mapping key names to signing keys. In simple terms,
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
## directive in the configuration file. Requires SigningTable be enabled.
# KeyTable /etc/opendkim/KeyTable
## Defines a table used to select one or more signatures to apply to a message based
## on the address found in the From: header field. In simple terms, this tells
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
# SigningTable refile:/etc/opendkim/SigningTable
## Identifies a set of "external" hosts that may send mail through the server as one
## of the signing domains without credentials as such.
# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
# InternalHosts refile:/etc/opendkim/TrustedHosts
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
## whose mail should be neither signed nor verified by this filter. See man
## page for file format.
# PeerList X.X.X.X
## Always oversign From (sign using actual From and a null From to prevent
## malicious signatures header fields (From and/or others) between the signer
## and the verifier. From is oversigned by default in the Fedora package
## because it is often the identity key used by reputation systems and thus
## somewhat security sensitive.
OversignHeaders From
## Instructs the DKIM library to maintain its own local cache of keys and
## policies retrieved from DNS, rather than relying on the nameserver for
## caching service. Useful if the nameserver being used by the filter is
## not local.
# QueryCache yes

6
templates/Fedora/40/etc/opendkim/KeyTable Normal file
View File

@@ -0,0 +1,6 @@
# OPENDKIM KEY TABLE
# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf,
# then uncomment the following line and replace example.com with your domain
# name, then restart OpenDKIM. Additional keys may be added on separate lines.
#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private

25
templates/Fedora/40/etc/opendkim/SigningTable Normal file
View File

@@ -0,0 +1,25 @@
# OPENDKIM SIGNING TABLE
# This table controls how to apply one or more signatures to outgoing messages based
# on the address found in the From: header field. In simple terms, this tells
# OpenDKIM "how" to apply your keys.
# To use this file, uncomment the SigningTable option in /etc/opendkim.conf,
# then uncomment one of the usage examples below and replace example.com with your
# domain name, then restart OpenDKIM.
# WILDCARD EXAMPLE
# Enables signing for any address on the listed domain(s), but will work only if
# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf.
# Create additional lines for additional domains.
#*@example.com default._domainkey.example.com
# NON-WILDCARD EXAMPLE
# If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then
# wildcards will not work. Instead, full user@host is checked first, then simply host,
# then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under
# "SigningTable" for more details.
#example.com default._domainkey.example.com

9
templates/Fedora/40/etc/opendkim/TrustedHosts Normal file
View File

@@ -0,0 +1,9 @@
# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
#host.example.com
#192.168.1.0/24

443
templates/Fedora/40/etc/opendmarc.conf Normal file
View File

@@ -0,0 +1,443 @@
## opendmarc.conf -- configuration file for OpenDMARC filter
##
## Copyright (c) 2012-2015, 2018, 2021, The Trusted Domain Project.
## All rights reserved.
## DEPRECATED CONFIGURATION OPTIONS
##
## The following configuration options are no longer valid. They should be
## removed from your existing configuration file to prevent potential issues.
## Failure to do so may result in opendmarc being unable to start.
##
## Renamed in 1.3.0:
## ForensicReports became FailureReports
## ForensicReportsBcc became FailureReportsBcc
## ForensicReportsOnNone became FailureReportsOnNone
## ForensicReportsSentBy became FailureReportsSentBy
## CONFIGURATION OPTIONS
## AuthservID (string)
## defaults to MTA name
##
## Sets the "authserv-id" to use when generating the Authentication-Results:
## header field after verifying a message. If the string "HOSTNAME" is
## provided, the name of the host running the filter (as returned by the
## gethostname(3) function) will be used.
#
# AuthservID name
## AuthservIDWithJobID { true | false }
## default "false"
##
## If "true", requests that the authserv-id portion of the added
## Authentication-Results header fields contain the job ID of the message
## being evaluated.
#
# AuthservIDWithJobID false
## AutoRestart { true | false }
## default "false"
##
## Automatically re-start on failures. Use with caution; if the filter fails
## instantly after it starts, this can cause a tight fork(2) loop.
#
# AutoRestart false
## AutoRestartCount n
## default 0
##
## Sets the maximum automatic restart count. After this number of automatic
## restarts, the filter will give up and terminate. A value of 0 implies no
## limit.
#
# AutoRestartCount 0
## AutoRestartRate n/t[u]
## default (no limit)
##
## Sets the maximum automatic restart rate. If the filter begins restarting
## faster than the rate defined here, it will give up and terminate. This
## is a string of the form n/t[u] where n is an integer limiting the count
## of restarts in the given interval and t[u] defines the time interval
## through which the rate is calculated; t is an integer and u defines the
## units thus represented ("s" or "S" for seconds, the default; "m" or "M"
## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a
## value of "10/1h" limits the restarts to 10 in one hour. There is no
## default, meaning restart rate is not limited.
#
# AutoRestartRate n/t[u]
## Background { true | false }
## default "true"
##
## Causes opendmarc to fork and exits immediately, leaving the service
## running in the background.
#
# Background true
## BaseDirectory (string)
## default (none)
##
## If set, instructs the filter to change to the specified directory using
## chdir(2) before doing anything else. This means any files referenced
## elsewhere in the configuration file can be specified relative to this
## directory. It's also useful for arranging that any crash dumps will be
## saved to a specific location.
#
# BaseDirectory /var/run/opendmarc
## ChangeRootDirectory (string)
## default (none)
##
## Requests that the operating system change the effective root directory of
## the process to the one specified here prior to beginning execution.
## chroot(2) requires superuser access. A warning will be generated if
## UserID is not also set.
#
# ChangeRootDirectory /var/chroot/opendmarc
## CopyFailuresTo (string)
## default (none)
##
## Requests addition of the specified email address to the envelope of
## any message that fails the DMARC evaluation.
#
# CopyFailuresTo postmaster@localhost
## DomainWhitelist (string)
## default (none)
##
## A brief list of whitelisted domains for which ARC signature headers are
## trusted as determined by evaluating entries in the "arc.chain" field found
## in a locally generated Authentication-Results header.
##
## This list will be concatenated with DomainWhitelistFile (if provided).
##
#
# DomainWhitelist example.com
## DomainWhitelistFile path
## default (none)
##
## A comprehensive list of whitelisted domains for which ARC signature headers
## are trusted as determined by evaluating entries in the "arc.chain" field
## found in a locally generated Authentication-Results header.
##
## This list will be concatenated with DomainWhitelist (if provided).
##
#
# DomainWhitelistFile /etc/opendmarc/whitelist.domains
## DomainWhitelistSize
## default 3000
##
## The maximum number of entries in the DomainWhitelist including both entries
## in the DomainWhitelist configuration parameter (above) and entries in the
## DomainWhitelistFile. This number will be increased by approximately 20% to
## increase the efficiency of the hashing algorithm.
##
#
# DomainWhitelistSize 3000
## DNSTimeout (integer)
## default 5
##
## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait.
## (NOT YET IMPLEMENTED)
#
# DNSTimeout 5
## EnableCoredumps { true | false }
## default "false"
##
## On systems that have such support, make an explicit request to the kernel
## to dump cores when the filter crashes for some reason. Some modern UNIX
## systems suppress core dumps during crashes for security reasons if the
## user ID has changed during the lifetime of the process. Currently only
## supported on Linux.
#
# EnableCoreDumps false
## FailureReports { true | false }
## default "false"
##
## Enables generation of failure reports when the DMARC test fails and the
## purported sender of the message has requested such reports. Reports are
## formatted per RFC6591.
#
# FailureReports false
## FailureReportsBcc (string)
## default (none)
##
## When failure reports are enabled and one is to be generated, always
## send one to the address(es) specified here. If a failure report is
## requested by the domain owner, the address(es) are added in a Bcc: field.
## If no request is made, they address(es) are used in a To: field. There
## is no default.
#
# FailureReportsBcc postmaster@example.coom
FailureReportsBcc {{ postmaster_email }}
## FailureReportsOnNone { true | false }
## default "false"
##
## Supplements the "FailureReports" setting by generating reports for
## domains that advertise "none" policies. By default, reports are only
## generated (when enabled) for sending domains advertising a "quarantine"
## or "reject" policy.
#
# FailureReportsOnNone false
## FailureReportsSentBy string
## default "USER@HOSTNAME"
##
## Specifies the email address to use in the From: field of failure
## reports generated by the filter. The default is to use the userid of
## the user running the filter and the local hostname to construct an
## email address. "postmaster" is used in place of the userid if a name
## could not be determined.
#
# FailureReportsSentBy USER@HOSTNAME
FailureReportsSentBy {{ postmaster_email }}
## HistoryFile path
## default (none)
##
## If set, specifies the location of a text file to which records are written
## that can be used to generate DMARC aggregate reports. Records are groups
## of rows containing information about a single received message, and
## include all relevant information needed to generate a DMARC aggregate
## report. It is expected that this will not be used in its raw form, but
## rather periodically imported into a relational database from which the
## aggregate reports can be extracted by a tool such as opendmarc-import(8).
#
# HistoryFile /var/spool/opendmarc/opendmarc.dat
## HoldQuarantinedMessages { true | false }
## default "false"
##
## If set, the milter will signal to the mta that messages with
## p=quarantine, which fail dmarc authentication, should be held in
## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA.
## If false, messsages will be accepted and passed along with the
## regular mail flow, and the quarantine will be left up to downstream
## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
## including the Authentication-Results header added by OpenDMARC
#
# HoldQuarantinedMessages false
## IgnoreAuthenticatedClients { true | false }
## default "false"
##
## If set, causes mail from authenticated clients (i.e., those that used
## SMTP AUTH) to be ignored by the filter.
#
# IgnoreAuthenticatedClients false
## HoldQuarantinedMessages { true | false }
## default "false"
##
## If set, the milter will signal to the mta that messages with
## p=quarantine, which fail dmarc authentication, should be held in
## the MTA's "Hold" or "Quarantine" queue. The name varies by MTA.
## If false, messsages will be accepted and passed along with the
## regular mail flow, and the quarantine will be left up to downstream
## MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
## including the Authentication-Results header added by OpenDMARC
#
# HoldQuarantinedMessages false
## IgnoreHosts path
## default (internal)
##
## Specifies the path to a file that contains a list of hostnames, IP
## addresses, and/or CIDR expressions identifying hosts whose SMTP
## connections are to be ignored by the filter. If not specified, defaults
## to "127.0.0.1" only.
#
# IgnoreHosts /etc/opendmarc/ignore.hosts
## IgnoreMailFrom domain[,...]
## default (none)
##
## Gives a list of domain names whose mail (based on the From: domain) is to
## be ignored by the filter. The list should be comma-separated. Matching
## against this list is case-insensitive. The default is an empty list,
## meaning no mail is ignored.
#
# IgnoreMailFrom example.com
## MilterDebug (integer)
## default 0
##
## Sets the debug level to be requested from the milter library.
#
# MilterDebug 0
## PidFile path
## default (none)
##
## Specifies the path to a file that should be created at process start
## containing the process ID.
#
# PidFile /var/run/opendmarc.pid
## PublicSuffixList path
## default (none)
##
## Specifies the path to a file that contains top-level domains (TLDs) that
## will be used to compute the Organizational Domain for a given domain name,
## as described in the DMARC specification. If not provided, the filter will
## not be able to determine the Organizational Domain and only the presented
## domain will be evaluated. This file should be periodically updated.
## One location to retrieve the file from is https://publicsuffix.org/list/
#
# PublicSuffixList path
## RecordAllMessages { true | false }
## default "false"
##
## If set and "HistoryFile" is in use, all received messages are recorded
## to the history file. If not set (the default), only messages for which
## the From: domain published a DMARC record will be recorded in the
## history file.
#
# RecordAllMessages false
## RejectFailures { true | false }
## default "false"
##
## If set, messages will be rejected if they fail the DMARC evaluation, or
## temp-failed if evaluation could not be completed. By default, no message
## will be rejected or temp-failed regardless of the outcome of the DMARC
## evaluation of the message. Instead, an Authentication-Results header
## field will be added.
#
# RejectFailures false
RejectFailures true
## RejectMultiValueFrom { true | false }
## default "false"
##
## If set, messages with multiple addresses in the From: field of the message
## will be rejected unless all domains in the field are the same. They will
## otherwise be ignored by the filter (the default).
#
# RejectMultiValueFrom false
## ReportCommand string
## default "/usr/sbin/sendmail -t"
##
## Indicates the shell command to which failure reports should be passed for
## delivery when "FailureReports" is enabled.
#
# ReportCommand /usr/sbin/sendmail -t
## RequiredHeaders { true | false }
## default "false"
##
## If set, the filter will ensure the header of the message conforms to the
## basic header field count restrictions laid out in RFC5322, Section 3.6.
## Messages failing this test are rejected without further processing. A
## From: field from which no domain name could be extracted will also be
## rejected.
#
# RequiredHeaders false
## Socket socketspec
## default (none)
##
## Specifies the socket that should be established by the filter to receive
## connections from sendmail(8) in order to provide service. socketspec is
## in one of two forms: local:path, which creates a UNIX domain socket at
## the specified path, or inet:port[@host] or inet6:port[@host] which creates
## a TCP socket on the specified port for the appropriate protocol family.
## If the host is not given as either a hostname or an IP address, the
## socket will be listening on all interfaces. This option is mandatory
## either in the configuration file or on the command line. If an IP
## address is used, it must be enclosed in square brackets.
#
Socket inet:8893@localhost
#Socket local:/run/opendmarc/opendmarc.sock
## SoftwareHeader { true | false }
## default "false"
##
## Causes the filter to add a "DMARC-Filter" header field indicating the
## presence of this filter in the path of the message from injection to
## delivery. The product's name, version, and the job ID are included in
## the header field's contents.
#
SoftwareHeader true
## SPFIgnoreResults { true | false }
## default "false"
##
## Causes the filter to ignore any SPF results in the header of the
## message. This is useful if you want the filter to perform SPF checks
## itself, or because you don't trust the arriving header.
#
SPFIgnoreResults true
## SPFSelfValidate { true | false }
## default false
##
## Enable internal spf checking with --with-spf
## To use libspf2 instead: --with-spf --with-spf2-include=path --with-spf2-lib=path
##
## Causes the filter to perform a fallback SPF check itself when
## it can find no SPF results in the message header. If SPFIgnoreResults
## is also set, it never looks for SPF results in headers and
## always performs the SPF check itself when this is set.
#
SPFSelfValidate true
## Syslog { true | false }
## default "false"
##
## Log via calls to syslog(3) any interesting activity.
#
Syslog true
## SyslogFacility facility-name
## default "mail"
##
## Log via calls to syslog(3) using the named facility. The facility names
## are the same as the ones allowed in syslog.conf(5).
#
# SyslogFacility mail
## TrustedAuthservIDs string
## default HOSTNAME
##
## Specifies one or more "authserv-id" values to trust as relaying true
## upstream DKIM and SPF results. The default is to use the name of
## the MTA processing the message. To specify a list, separate each entry
## with a comma. The key word "HOSTNAME" will be replaced by the name of
## the host running the filter as reported by the gethostname(3) function.
#
# TrustedAuthservIDs HOSTNAME
## UMask mask
## default (none)
##
## Requests a specific permissions mask to be used for file creation. This
## only really applies to creation of the socket when Socket specifies a
## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
## files are normally created by the mkstemp(3) function that enforces a
## specific file mode on creation regardless of the process umask. See
## umask(2) for more information.
#
UMask 007
## UserID user[:group]
## default (none)
##
## Attempts to become the specified userid before starting operations.
## The process will be assigned all of the groups and primary group ID of
## the named userid unless an alternate group is specified.
#
UserID opendmarc:mail

484
templates/Fedora/40/etc/postfix/access Normal file
View File

@@ -0,0 +1,484 @@
# ACCESS(5) ACCESS(5)
#
# NAME
# access - Postfix SMTP server access table
#
# SYNOPSIS
# postmap /etc/postfix/access
#
# postmap -q "string" /etc/postfix/access
#
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
# This document describes access control on remote SMTP
# client information: host names, network addresses, and
# envelope sender or recipient addresses; it is implemented
# by the Postfix SMTP server. See header_checks(5) or
# body_checks(5) for access control on the content of email
# messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/access" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those cases, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern action
# When pattern matches a mail address, domain or host
# address, perform the corresponding action.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# EMAIL ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches the specified mail address.
#
# domain.tld
# Matches domain.tld as the domain part of an email
# address.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# user@ Matches all mail addresses with the specified user
# part.
#
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
# Matches domain.tld.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# net.work.addr.ess
#
# net.work.addr
#
# net.work
#
# net Matches a remote IPv4 host address or network
# address range. Specify one to four decimal octets
# separated by ".". Do not specify "[]" , "/", lead-
# ing zeros, or hexadecimal forms.
#
# Network ranges are matched by repeatedly truncating
# the last ".octet" from a remote IPv4 host address
# string, until a match is found in the access table,
# or until further truncation is not possible.
#
# NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# net:work:addr:ess
#
# net:work:addr
#
# net:work
#
# net Matches a remote IPv6 host address or network
# address range. Specify three to eight hexadecimal
# octet pairs separated by ":", using the compressed
# form "::" for a sequence of zero-valued octet
# pairs. Do not specify "[]", "/", leading zeros, or
# non-compressed forms.
#
# A network range is matched by repeatedly truncating
# the last ":octetpair" from the compressed-form
# remote IPv6 host address string, until a match is
# found in the access table, or until further trunca-
# tion is not possible.
#
# NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# IPv6 support is available in Postfix 2.2 and later.
#
# ACCEPT ACTIONS
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# tion schemes such as pop-before-smtp.
#
# For other accept actions, see "OTHER ACTIONS" below.
#
# REJECT ACTIONS
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When no code is specified
# at the beginning of the text below, Postfix inserts a
# default enhanced status code of "5.7.1" in the case of
# reject actions, and "4.7.1" in the case of defer actions.
# See "ENHANCED STATUS CODES" below.
#
# 4NN text
#
# 5NN text
# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
# The following responses have special meaning for
# the Postfix SMTP server:
#
# 421 text (Postfix 2.3 and later)
#
# 521 text (Postfix 2.6 and later)
# After responding with the numerical
# three-digit code and text, disconnect imme-
# diately from the SMTP client. This frees up
# SMTP server resources so that they can be
# made available to another SMTP client.
#
# Note: The "521" response should be used only
# with botnets and other malware where inter-
# operability is of no concern. The "send 521
# and disconnect" behavior is NOT defined in
# the SMTP standard.
#
# REJECT optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_reject_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# DEFER optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_defer_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# This feature is available in Postfix 2.6 and later.
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
# result in a REJECT action. Reply with
# "$access_map_defer_code 4.7.1 optional text..."
# when the optional text is specified, otherwise
# reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
# result in an explicit or implicit PERMIT action.
# Reply with "$access_map_defer_code 4.7.1 optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# For other reject actions, see "OTHER ACTIONS" below.
#
# OTHER ACTIONS
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
#
# BCC user@domain
# Send one copy of the message to the specified
# recipient.
#
# If multiple BCC actions are specified within the
# same SMTP MAIL transaction, with Postfix 3.0 only
# the last action will be used.
#
# This feature is available in Postfix 3.0 and later.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# of the message. To discard only one recipient
# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
# DUNNO Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the
# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# sage through the specified external content filter.
# The transport name specifies the first field of a
# mail delivery agent definition in master.cf; the
# syntax of the next-hop destination is described in
# the manual page of the corresponding delivery
# agent. More information about external content
# filters is in the Postfix FILTER_README file.
#
# Note 1: do not use $number regular expression sub-
# stitutions for transport or destination unless you
# know that the information has a trusted origin.
#
# Note 2: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# Note 3: the purpose of the FILTER command is to
# override message routing. To override the recipi-
# ent's transport but not the next-hop destination,
# specify an empty filter destination (Postfix 2.7
# and later), or specify a transport:destination that
# delivers through a different Postfix instance
# (Postfix 2.6 and earlier). Other options are using
# the recipient-dependent transport_maps or the sen-
# der-dependent sender_dependent_default_transport-
# _maps features.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
# Prepend the specified message header to the mes-
# sage. When more than one PREPEND action executes,
# the first prepended header appears before the sec-
# ond etc. prepended header.
#
# Note: this action must execute before the message
# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect.
#
# Note: this action overrides the FILTER action, and
# currently overrides all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# INFO optional text...
# Log an informational record with the optional text,
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# tion.
#
# This feature is available in Postfix 3.0 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# smtpd_client_restrictions =
# check_client_access hash:/etc/postfix/access
#
# /etc/postfix/access:
# 1.2.3 REJECT
# 1.2.3.4 OK
#
# Execute the command "postmap /etc/postfix/access" after
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# smtpd(8), SMTP server
# postconf(5), configuration parameters
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# ACCESS(5)

307
templates/Fedora/40/etc/postfix/canonical Normal file
View File

@@ -0,0 +1,307 @@
# CANONICAL(5) CANONICAL(5)
#
# NAME
# canonical - Postfix canonical table format
#
# SYNOPSIS
# postmap /etc/postfix/canonical
#
# postmap -q "string" /etc/postfix/canonical
#
# postmap -q - /etc/postfix/canonical <inputfile
#
# DESCRIPTION
# The optional canonical(5) table specifies an address map-
# ping for local and non-local addresses. The mapping is
# used by the cleanup(8) daemon, before mail is stored into
# the queue. The address mapping is recursive.
#
# Normally, the canonical(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/canonical" to rebuild an indexed
# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those cases, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the
# addresses that are used in SMTP protocol commands). This
# is controlled with the canonical_classes parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message head-
# ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec-
# ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients =
# static:all".
#
# Typically, one would use the canonical(5) table to replace
# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
# tual alias support or with local aliasing. To change the
# destination but not the headers, use the virtual(5) or
# aliases(5) map instead.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern address
# When pattern matches a mail address, replace it by
# the corresponding address.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, each
# user@domain query produces a sequence of query patterns as
# described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
#
# user@domain address
# Replace user@domain by address. This form has the
# highest precedence.
#
# This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
# Note: @domain is a wild-card. When this form is
# applied to recipient addresses, the Postfix SMTP
# server accepts mail for any recipient in domain,
# regardless of whether that recipient exists. This
# may turn your mail system into a backscatter
# source: Postfix first accepts mail for non-existent
# recipients and then tries to return that mail as
# "undeliverable" to the often forged sender address.
#
# To avoid backscatter with mail for a wild-card
# domain, replace the wild-card mapping with explicit
# 1:1 mappings, or add a reject_unverified_recipient
# restriction for that domain:
#
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_recipient_access
# inline:{example.com=reject_unverified_recipient}
# unverified_recipient_reject_code = 550
#
# In the above example, Postfix may contact a remote
# server if the recipient is rewritten to a remote
# address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes (envelope_sender, envelope_recipient,
# header_sender, header_recipient)
# What addresses are subject to canonical_maps
# address mapping.
#
# canonical_maps (empty)
# Optional address mapping lookup tables for message
# headers and envelopes.
#
# recipient_canonical_maps (empty)
# Optional address mapping lookup tables for envelope
# and header recipient addresses.
#
# sender_canonical_maps (empty)
# Optional address mapping lookup tables for envelope
# and header sender addresses.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# local_header_rewrite_clients (permit_inet_interfaces)
# Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
# rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete
# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# masquerade_classes (envelope_sender, header_sender,
# header_recipient)
# What addresses are subject to address masquerading.
#
# masquerade_domains (empty)
# Optional list of domains whose subdomain structure
# will be stripped off in email addresses.
#
# masquerade_exceptions (empty)
# Optional list of user names that are not subjected
# to address masquerading, even when their addresses
# match $masquerade_domains.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# remote_header_rewrite_domain (empty)
# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# virtual(5), virtual aliasing
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# CANONICAL(5)

1
templates/Fedora/40/etc/postfix/dynamicmaps.cf Normal file
View File

@@ -0,0 +1 @@
# dict-type so-name (pathname) dict-function mkmap-function

1
templates/Fedora/40/etc/postfix/dynamicmaps.cf.d/ldap Normal file
View File

@@ -0,0 +1 @@
ldap /usr/lib64/postfix/postfix-ldap.so dict_ldap_open

1
templates/Fedora/40/etc/postfix/dynamicmaps.cf.d/mysql Normal file
View File

@@ -0,0 +1 @@
mysql /usr/lib64/postfix/postfix-mysql.so dict_mysql_open

1
templates/Fedora/40/etc/postfix/dynamicmaps.cf.d/pcre Normal file
View File

@@ -0,0 +1 @@
pcre /usr/lib64/postfix/postfix-pcre.so dict_pcre_open

252
templates/Fedora/40/etc/postfix/generic Normal file
View File

@@ -0,0 +1,252 @@
# GENERIC(5) GENERIC(5)
#
# NAME
# generic - Postfix generic table format
#
# SYNOPSIS
# postmap /etc/postfix/generic
#
# postmap -q "string" /etc/postfix/generic
#
# postmap -q - /etc/postfix/generic <inputfile
#
# DESCRIPTION
# The optional generic(5) table specifies an address mapping
# that applies when mail is delivered. This is the opposite
# of canonical(5) mapping, which applies when mail is
# received.
#
# Typically, one would use the generic(5) table on a system
# that does not have a valid Internet domain name and that
# uses something like localdomain.local instead. The
# generic(5) table is then used by the smtp(8) client to
# transform local mail addresses into valid Internet mail
# addresses when mail has to be sent across the Internet.
# See the EXAMPLE section at the end of this document.
#
# The generic(5) mapping affects both message header
# addresses (i.e. addresses that appear inside messages) and
# message envelope addresses (for example, the addresses
# that are used in SMTP protocol commands).
#
# Normally, the generic(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/generic" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those cases, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, each
# user@domain query produces a sequence of query patterns as
# described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
#
# user@domain address
# Replace user@domain by address. This form has the
# highest precedence.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# @domain address
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is available in Postfix 2.5 and
# later.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# EXAMPLE
# The following shows a generic mapping with an indexed
# file. When mail is sent to a remote host via SMTP, this
# replaces his@localdomain.local by his ISP mail address,
# replaces her@localdomain.local by her ISP mail address,
# and replaces other local addresses by his ISP account,
# with an address extension of +local (this example assumes
# that the ISP supports "+" style address extensions).
#
# /etc/postfix/main.cf:
# smtp_generic_maps = hash:/etc/postfix/generic
#
# /etc/postfix/generic:
# his@localdomain.local hisaccount@hisisp.example
# her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example
#
# Execute the command "postmap /etc/postfix/generic" when-
# ever the table is changed. Instead of hash, some systems
# use dbm database files. To find out what tables your sys-
# tem supports use the command "postconf -m".
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# smtp_generic_maps (empty)
# Optional lookup tables that perform address rewrit-
# ing in the Postfix SMTP client, typically to trans-
# form a locally valid address into a globally valid
# address when sending mail across the Internet.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# smtp(8), Postfix SMTP client
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# STANDARD_CONFIGURATION_README, configuration examples
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# HISTORY
# A genericstable feature appears in the Sendmail MTA.
#
# This feature is available in Postfix 2.2 and later.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# GENERIC(5)

549
templates/Fedora/40/etc/postfix/header_checks Normal file
View File

@@ -0,0 +1,549 @@
# HEADER_CHECKS(5) HEADER_CHECKS(5)
#
# NAME
# header_checks - Postfix built-in content inspection
#
# SYNOPSIS
# header_checks = pcre:/etc/postfix/header_checks
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
# body_checks = pcre:/etc/postfix/body_checks
#
# milter_header_checks = pcre:/etc/postfix/milter_header_checks
#
# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
#
# postmap -q "string" pcre:/etc/postfix/filename
# postmap -q - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
# This document describes access control on the content of
# message headers and message body lines; it is implemented
# by the Postfix cleanup(8) server before mail is queued.
# See access(5) for access control on remote SMTP client
# information.
#
# Each message header or message body line is compared
# against a list of patterns. When a match is found the
# corresponding action is executed, and the matching process
# is repeated for the next message header or message body
# line.
#
# Note: message headers are examined one logical header at a
# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# For examples, see the EXAMPLES section at the end of this
# manual page.
#
# Postfix header or body_checks are designed to stop a flood
# of mail from worms or viruses; they do not decode attach-
# ments, and they do not unzip archives. See the documents
# referenced below in the README FILES section if you need
# more sophisticated content analysis.
#
# FILTERS WHILE RECEIVING MAIL
# Postfix implements the following four built-in content
# inspection classes while receiving mail:
#
# header_checks (default: empty)
# These are applied to initial message headers
# (except for the headers that are processed with
# mime_header_checks).
#
# mime_header_checks (default: $header_checks)
# These are applied to MIME related message headers
# only.
#
# This feature is available in Postfix 2.0 and later.
#
# nested_header_checks (default: $header_checks)
# These are applied to message headers of attached
# email messages (except for the headers that are
# processed with mime_header_checks).
#
# This feature is available in Postfix 2.0 and later.
#
# body_checks
# These are applied to all other content, including
# multi-part message boundaries.
#
# With Postfix versions before 2.0, all content after
# the initial message headers is treated as body con-
# tent.
#
# FILTERS AFTER RECEIVING MAIL
# Postfix supports a subset of the built-in content inspec-
# tion classes after the message is received:
#
# milter_header_checks (default: empty)
# These are applied to headers that are added with
# Milter applications.
#
# This feature is available in Postfix 2.7 and later.
#
# FILTERS WHILE DELIVERING MAIL
# Postfix supports all four content inspection classes while
# delivering mail via SMTP.
#
# smtp_header_checks (default: empty)
#
# smtp_mime_header_checks (default: empty)
#
# smtp_nested_header_checks (default: empty)
#
# smtp_body_checks (default: empty)
# These features are available in Postfix 2.5 and
# later.
#
# COMPATIBILITY
# With Postfix version 2.2 and earlier specify "postmap -fq"
# to query a table that contains case sensitive patterns. By
# default, regexp: and pcre: patterns are case insensitive.
#
# TABLE FORMAT
# This document assumes that header and body_checks rules
# are specified in the form of Postfix regular expression
# lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables. The
# regexp (POSIX regular expressions) tables are usually
# slower, but more widely available. Use the command "post-
# conf -m" to find out what lookup table types your Postfix
# system supports.
#
# The general format of Postfix regular expression tables is
# given below. For a discussion of specific pattern or
# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
#
# /pattern/flags action
# When /pattern/ matches the input string, execute
# the corresponding action. See below for a list of
# possible actions.
#
# !/pattern/flags action
# When /pattern/ does not match the input string,
# execute the corresponding action.
#
# if /pattern/flags
#
# endif If the input string matches /pattern/, then match
# that input string against the patterns between if
# and endif. The if..endif can nest.
#
# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif If the input string does not match /pattern/, then
# match that input string against the patterns
# between if and endif. The if..endif can nest.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A pattern/action line starts with non-whitespace
# text. A line that starts with whitespace continues
# a logical line.
#
# TABLE SEARCH ORDER
# For each line of message input, the patterns are applied
# in the order as specified in the table. When a pattern is
# found that matches the input line, the corresponding
# action is executed and then the next input line is
# inspected.
#
# TEXT SUBSTITUTION
# Substitution of substrings from the matched expression
# into the action string is possible using the conventional
# Perl syntax ($1, $2, etc.). The macros in the result
# string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
# Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions
# are not available for negated patterns.
#
# ACTIONS
# Action names are case insensitive. They are shown in upper
# case for consistency with other Postfix documentation.
#
# BCC user@domain
# Add the specified address as a BCC recipient, and
# inspect the next input line. The address must have
# a local part and domain part. The number of BCC
# addresses that can be added is limited only by the
# amount of available storage space.
#
# Note 1: the BCC address is added as if it was spec-
# ified with NOTIFY=NONE. The sender will not be
# notified when the BCC address is undeliverable, as
# long as all down-stream software implements RFC
# 3461.
#
# Note 2: this ignores duplicate addresses (with the
# same delivery status notification options).
#
# This feature is available in Postfix 3.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Do not inspect the remainder of the input
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# DUNNO Pretend that the input line did not match any pat-
# tern, and inspect the next input line. This action
# can be used to shorten the table search.
#
# For backwards compatibility reasons, Postfix also
# accepts OK but it is (and always has been) treated
# as DUNNO.
#
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
# Override the content_filter parameter setting, and
# inspect the next input line. After the message is
# queued, send the entire message through the speci-
# fied external content filter. The transport name
# specifies the first field of a mail delivery agent
# definition in master.cf; the syntax of the next-hop
# destination is described in the manual page of the
# corresponding delivery agent. More information
# about external content filters is in the Postfix
# FILTER_README file.
#
# Note 1: do not use $number regular expression sub-
# stitutions for transport or destination unless you
# know that the information has a trusted origin.
#
# Note 2: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# Note 3: the purpose of the FILTER command is to
# override message routing. To override the recipi-
# ent's transport but not the next-hop destination,
# specify an empty filter destination (Postfix 2.7
# and later), or specify a transport:destination that
# delivers through a different Postfix instance
# (Postfix 2.6 and earlier). Other options are using
# the recipient-dependent transport_maps or the sen-
# der-dependent sender_dependent_default_transport-
# _maps features.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# HOLD optional text...
# Arrange for the message to be placed on the hold
# queue, and inspect the next input line. The mes-
# sage remains on hold until someone either deletes
# it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# IGNORE Delete the current line from the input, and inspect
# the next input line. See STRIP for an alternative
# that logs the action.
#
# INFO optional text...
# Log an "info:" record with the optional text... (or
# log a generic text), and inspect the next input
# line. This action is useful for routine logging or
# for debugging.
#
# This feature is available in Postfix 2.8 and later.
#
# PASS optional text...
# Log a "pass:" record with the optional text... (or
# log a generic text), and turn off header, body, and
# Milter inspection for the remainder of this mes-
# sage.
#
# Note: this feature relies on trust in information
# that is easy to forge.
#
# This feature is available in Postfix 3.2 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# PREPEND text...
# Prepend one line with the specified text, and
# inspect the next input line.
#
# Notes:
#
# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend
# multi-line text.
#
# This feature is available in Postfix 2.1 and later.
#
# This feature is not supported with mil-
# ter_header_checks.
#
# REDIRECT user@domain
# Write a message redirection request to the queue
# file, and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
# Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple
# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# This feature is not supported with smtp header/body
# checks.
#
# REPLACE text...
# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
# o When replacing a message header line, the
# replacement text must begin with a valid
# header label.
#
# o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND
# action, a replaced message header may be
# subject to address rewriting and may affect
# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
# Reject the entire message. Do not inspect the
# remainder of the input message. Reply with
# optional text... when the optional text is speci-
# fied, otherwise reply with a generic error message.
#
# Note: this action disables further header or
# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# tus codes. When no code is specified at the begin-
# ning of optional text..., Postfix inserts a default
# enhanced status code of "5.7.1".
#
# This feature is not supported with smtp header/body
# checks.
#
# STRIP optional text...
# Log a "strip:" record with the optional text... (or
# log a generic text), delete the input line from the
# input, and inspect the next input line. See IGNORE
# for a silent alternative.
#
# This feature is available in Postfix 3.2 and later.
#
# WARN optional text...
# Log a "warning:" record with the optional text...
# (or log a generic text), and inspect the next input
# line. This action is useful for debugging and for
# testing a pattern before applying more drastic
# actions.
#
# BUGS
# Empty lines never match, because some map types mis-behave
# when given a zero-length search string. This limitation
# may be removed for regular expression tables in a future
# release.
#
# Many people overlook the main limitations of header and
# body_checks rules.
#
# o These rules operate on one logical message header
# or one body line at a time. A decision made for one
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# then the rules need to be specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# encoded form.
#
# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# CONFIGURATION PARAMETERS
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
# header_checks
#
# mime_header_checks (default: $header_checks)
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
# header lines: respectively, these are applied to
# the initial message headers (not including MIME
# headers), to the MIME headers anywhere in the mes-
# sage, and to the initial headers of attached mes-
# sages.
#
# Note: these filters see one logical message header
# at a time, even when a message header spans multi-
# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
# While receiving mail, give no special treatment to
# MIME related message headers; all text after the
# initial message headers is considered to be part of
# the message body. This means that header_checks is
# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
# Note: when used in this manner, body_checks will
# process a multi-line message header one line at a
# time.
#
# EXAMPLES
# Header pattern to block attachments with bad file name
# extensions. For convenience, the PCRE /x flag is speci-
# fied, so that there is no need to collapse the pattern
# into a single line of text. The purpose of the
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
# strings.
#
# /etc/postfix/main.cf:
# header_checks = pcre:/etc/postfix/header_checks.pcre
#
# /etc/postfix/header_checks.pcre:
# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
# hlp|ht[at]|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
# REJECT Attachment name "$2" may not end with ".$4"
#
# Body pattern to stop a specific HTML browser vulnerability
# exploit.
#
# /etc/postfix/main.cf:
# body_checks = regexp:/etc/postfix/body_checks
#
# /etc/postfix/body_checks:
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# REJECT IFRAME vulnerability exploit
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue Postfix message
# pcre_table(5), format of PCRE lookup tables
# regexp_table(5), format of POSIX regular expression tables
# postconf(1), Postfix configuration utility
# postmap(1), Postfix lookup table management
# postsuper(1), Postfix janitor
# postcat(1), show Postfix queue file contents
# RFC 2045, base64 and quoted-printable encoding rules
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BUILTIN_FILTER_README, Postfix built-in content inspection
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# HEADER_CHECKS(5)

774
templates/Fedora/40/etc/postfix/main.cf Normal file
View File

@@ -0,0 +1,774 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# TIP: use the command "postconf -n" to view main.cf parameter
# settings, "postconf parametername" to view a specific parameter,
# and "postconf 'parametername=value'" to set a specific parameter.
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3.7
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = host), Postfix "trusts" only
# the local machine.
#
# Specify "mynetworks_style = subnet" when Postfix should "trust"
# SMTP clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" or "ip" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
# smtpd_recipient_restrictions descriptions in postconf(5) for detailed
# information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks, or is
# SASL authenticated) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is empty.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains =
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailbox_transport = lmtp:inet:localhost:24
virtual_transport = lmtp:inet:localhost:24
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix/README_FILES
# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.
# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
# smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_cert_file = /etc/postfix/certificates/pubcert.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
# smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_key_file = /etc/postfix/certificates/privkey.pem
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
smtpd_tls_security_level = may
# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
smtp_tls_CApath = /etc/pki/tls/certs
# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
smtp_tls_security_level = may
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
{% if ensure_postfix.milter_list is defined and ensure_postfix.milter_list is iterable %}
# The Milter List
{% for milter in ensure_postfix.milter_list %}
# -- {{ milter.description }} -- {{ milter.protocol }}:{{ milter.hostname }}:{{ milter.port }}
{% endfor %}
smtpd_milters = {% for milter in ensure_postfix.milter_list %} {{ milter.protocol }}:{{ milter.hostname }}:{{ milter.port }} {% endfor %}
{% endif %}
{% if postfix_domains is defined and postfix_domains is iterable %}
virtual_mailbox_domains = {% for domain in postfix_domains %} {{ domain }} {% endfor %}
{% endif %}
2bounce_notice_recipient = {{ postmaster_email }}
bounce_notice_recipient = {{ postmaster_email }}
delay_notice_recipient = {{ postmaster_email }}
error_notice_recipient = {{ postmaster_email }}
smtpd_helo_required = yes
disable_vrfy_command = yes
message_size_limit = {{ postfix_message_size_limit }}
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_client_restrictions = reject_unknown_reverse_client_hostname reject_unauth_pipelining
smtpd_discard_ehlo_keywords = silent-discard, dsn

745
templates/Fedora/40/etc/postfix/main.cf.proto Normal file
View File

@@ -0,0 +1,745 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# TIP: use the command "postconf -n" to view main.cf parameter
# settings, "postconf parametername" to view a specific parameter,
# and "postconf 'parametername=value'" to set a specific parameter.
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3.7
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = host), Postfix "trusts" only
# the local machine.
#
# Specify "mynetworks_style = subnet" when Postfix should "trust"
# SMTP clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" or "ip" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
# smtpd_recipient_restrictions descriptions in postconf(5) for detailed
# information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks, or is
# SASL authenticated) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is empty.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains =
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path =
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path =
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path =
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group =
# html_directory: The location of the Postfix HTML documentation.
#
html_directory =
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory =
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.
# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
smtpd_tls_security_level = may
# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
smtp_tls_CApath = /etc/pki/tls/certs
# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
smtp_tls_security_level = may

145
templates/Fedora/40/etc/postfix/master.cf Normal file
View File

@@ -0,0 +1,145 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

145
templates/Fedora/40/etc/postfix/master.cf.proto Normal file
View File

@@ -0,0 +1,145 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

447
templates/Fedora/40/etc/postfix/postfix-files Normal file
View File

@@ -0,0 +1,447 @@
#
# Do not edit this file.
#
# This file controls the postfix-install script for installation of
# Postfix programs, configuration files and documentation, as well
# as the post-install script for setting permissions and for updating
# Postfix configuration files. See the respective manual pages within
# the script files.
#
# Do not list $command_directory or $shlib_directory in this file,
# or it will be blown away by a future Postfix uninstallation
# procedure. You would not want to lose all files in /usr/sbin or
# /usr/local/lib.
#
# Each record in this file describes one file or directory.
# Fields are separated by ":". Specify a null field as "-".
# Missing fields or separators at the end are OK.
#
# File format:
# name:type:owner:group:permission:flags
# No group means don't change group ownership.
#
# File types:
# d=directory
# f=regular file
# h=hard link (*)
# l=symbolic link (*)
#
# (*) With hard links and symbolic links, the owner field becomes the
# source pathname, while the group and permissions are ignored.
#
# File flags:
# No flag means the flag is not active.
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
# r=apply owner/group recursively (post-install set/upgrade-permissions).
# o=obsolete, no longer part of Postfix
# 1=optional for non-default instance (config_dir != built-in default).
#
# Note: the "u" flag is for upgrading the permissions of existing files
# or directories after changes in Postfix architecture. For robustness
# it is a good idea to "u" all the files that have special ownership or
# permissions, so that running "make install" fixes any glitches.
#
# Note: order matters. Update shared libraries and database plugins
# before daemon/command-line programs.
$config_directory:d:root:-:755:u
$data_directory:d:$mail_owner:-:700:uc
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$sample_directory:d:root:-:755:o
$readme_directory:d:root:-:755
$html_directory:d:root:-:755
$queue_directory/active:d:$mail_owner:-:700:ucr
$queue_directory/bounce:d:$mail_owner:-:700:ucr
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
$queue_directory/defer:d:$mail_owner:-:700:ucr
$queue_directory/deferred:d:$mail_owner:-:700:ucr
$queue_directory/flush:d:$mail_owner:-:700:ucr
$queue_directory/hold:d:$mail_owner:-:700:ucr
$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/trace:d:$mail_owner:-:700:ucr
# Update shared libraries and plugins before daemon or command-line programs.
$shlib_directory/libpostfix-util.so:f:root:-:755
$shlib_directory/libpostfix-global.so:f:root:-:755
$shlib_directory/libpostfix-dns.so:f:root:-:755
$shlib_directory/libpostfix-tls.so:f:root:-:755
$shlib_directory/libpostfix-master.so:f:root:-:755
$meta_directory/dynamicmaps.cf.d:d:root:-:755
$meta_directory/dynamicmaps.cf:f:root:-:644
$meta_directory/main.cf.proto:f:root:-:644
$meta_directory/master.cf.proto:f:root:-:644
$meta_directory/postfix-files.d:d:root:-:755
$meta_directory/postfix-files:f:root:-:644
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
$daemon_directory/local:f:root:-:755
$daemon_directory/main.cf:f:root:-:644:o
$daemon_directory/master.cf:f:root:-:644:o
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
$daemon_directory/pipe:f:root:-:755
$daemon_directory/post-install:f:root:-:755
# In case meta_directory == daemon_directory.
#$daemon_directory/postfix-files:f:root:-:644:o
#$daemon_directory/postfix-files.d:d:root:-:755:o
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-tls-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$daemon_directory/postlogd:f:root:-:755
$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
$daemon_directory/qmqpd:f:root:-:755
$daemon_directory/scache:f:root:-:755
$daemon_directory/showq:f:root:-:755
$daemon_directory/smtp:f:root:-:755
$daemon_directory/smtpd:f:root:-:755
$daemon_directory/spawn:f:root:-:755
$daemon_directory/tlsproxy:f:root:-:755
$daemon_directory/tlsmgr:f:root:-:755
$daemon_directory/trivial-rewrite:f:root:-:755
$daemon_directory/verify:f:root:-:755
$daemon_directory/virtual:f:root:-:755
$daemon_directory/nqmgr:h:$daemon_directory/qmgr
$daemon_directory/lmtp:h:$daemon_directory/smtp
$command_directory/postalias:f:root:-:755
$command_directory/postcat:f:root:-:755
$command_directory/postconf:f:root:-:755
$command_directory/postfix:f:root:-:755
$command_directory/postkick:f:root:-:755
$command_directory/postlock:f:root:-:755
$command_directory/postlog:f:root:$setgid_group:2755:u
$command_directory/postmap:f:root:-:755
$command_directory/postmulti:f:root:-:755
$command_directory/postsuper:f:root:-:755
$command_directory/postdrop:f:root:$setgid_group:2755:u
$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:$sendmail_path
$mailq_path:l:$sendmail_path
$config_directory/access:f:root:-:644:p1
$config_directory/canonical:f:root:-:644:p1
$config_directory/cidr_table:f:root:-:644:o
$config_directory/generic:f:root:-:644:p1
$config_directory/generics:f:root:-:644:o
$config_directory/header_checks:f:root:-:644:p1
$config_directory/install.cf:f:root:-:644:o
$config_directory/main.cf:f:root:-:644:p
$config_directory/master.cf:f:root:-:644:p
$config_directory/pcre_table:f:root:-:644:o
$config_directory/regexp_table:f:root:-:644:o
$config_directory/relocated:f:root:-:644:p1
$config_directory/tcp_table:f:root:-:644:o
$config_directory/transport:f:root:-:644:p1
$config_directory/virtual:f:root:-:644:p1
$config_directory/postfix-script:f:root:-:755:o
$config_directory/postfix-script-sgid:f:root:-:755:o
$config_directory/postfix-script-nosgid:f:root:-:755:o
$config_directory/post-install:f:root:-:755:o
$manpage_directory/man1/mailq.postfix.1.gz:f:root:-:644
$manpage_directory/man1/newaliases.postfix.1.gz:f:root:-:644
$manpage_directory/man1/postalias.1.gz:f:root:-:644
$manpage_directory/man1/postcat.1.gz:f:root:-:644
$manpage_directory/man1/postconf.1.gz:f:root:-:644
$manpage_directory/man1/postdrop.1.gz:f:root:-:644
$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
$manpage_directory/man1/postfix.1.gz:f:root:-:644
$manpage_directory/man1/postkick.1.gz:f:root:-:644
$manpage_directory/man1/postlock.1.gz:f:root:-:644
$manpage_directory/man1/postlog.1.gz:f:root:-:644
$manpage_directory/man1/postmap.1.gz:f:root:-:644
$manpage_directory/man1/postmulti.1.gz:f:root:-:644
$manpage_directory/man1/postqueue.1.gz:f:root:-:644
$manpage_directory/man1/postsuper.1.gz:f:root:-:644
$manpage_directory/man1/sendmail.postfix.1.gz:f:root:-:644
$manpage_directory/man5/access.5.gz:f:root:-:644
$manpage_directory/man5/aliases.postfix.5.gz:f:root:-:644
$manpage_directory/man5/body_checks.5.gz:f:root:-:644
$manpage_directory/man5/bounce.5.gz:f:root:-:644
$manpage_directory/man5/canonical.5.gz:f:root:-:644
$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
$manpage_directory/man5/generic.5.gz:f:root:-:644
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
$manpage_directory/man5/master.5.gz:f:root:-:644
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
$manpage_directory/man5/postconf.5.gz:f:root:-:644
$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
$manpage_directory/man5/relocated.5.gz:f:root:-:644
$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
$manpage_directory/man5/transport.5.gz:f:root:-:644
$manpage_directory/man5/virtual.5.gz:f:root:-:644
$manpage_directory/man8/bounce.8.gz:f:root:-:644
$manpage_directory/man8/cleanup.8.gz:f:root:-:644
$manpage_directory/man8/anvil.8.gz:f:root:-:644
$manpage_directory/man8/defer.8.gz:f:root:-:644
$manpage_directory/man8/discard.8.gz:f:root:-:644
$manpage_directory/man8/dnsblog.8.gz:f:root:-:644
$manpage_directory/man8/error.8.gz:f:root:-:644
$manpage_directory/man8/flush.8.gz:f:root:-:644
$manpage_directory/man8/lmtp.8.gz:f:root:-:644
$manpage_directory/man8/local.8.gz:f:root:-:644
$manpage_directory/man8/master.8.gz:f:root:-:644
$manpage_directory/man8/nqmgr.8.gz:f:root:-:644:o
$manpage_directory/man8/oqmgr.8.gz:f:root:-:644:
$manpage_directory/man8/pickup.8.gz:f:root:-:644
$manpage_directory/man8/pipe.8.gz:f:root:-:644
$manpage_directory/man8/postlogd.8.gz:f:root:-:644
$manpage_directory/man8/postscreen.8.gz:f:root:-:644
$manpage_directory/man8/proxymap.8.gz:f:root:-:644
$manpage_directory/man8/qmgr.8.gz:f:root:-:644
$manpage_directory/man8/qmqpd.8.gz:f:root:-:644
$manpage_directory/man8/scache.8.gz:f:root:-:644
$manpage_directory/man8/showq.8.gz:f:root:-:644
$manpage_directory/man8/smtp.8.gz:f:root:-:644
$manpage_directory/man8/smtpd.postfix.8.gz:f:root:-:644
$manpage_directory/man8/spawn.8.gz:f:root:-:644
$manpage_directory/man8/tlsproxy.8.gz:f:root:-:644
$manpage_directory/man8/tlsmgr.8.gz:f:root:-:644
$manpage_directory/man8/trace.8.gz:f:root:-:644
$manpage_directory/man8/trivial-rewrite.8.gz:f:root:-:644
$manpage_directory/man8/verify.8.gz:f:root:-:644
$manpage_directory/man8/virtual.8.gz:f:root:-:644
$sample_directory/sample-aliases.cf:f:root:-:644:o
$sample_directory/sample-auth.cf:f:root:-:644:o
$sample_directory/sample-canonical.cf:f:root:-:644:o
$sample_directory/sample-compatibility.cf:f:root:-:644:o
$sample_directory/sample-debug.cf:f:root:-:644:o
$sample_directory/sample-filter.cf:f:root:-:644:o
$sample_directory/sample-flush.cf:f:root:-:644:o
$sample_directory/sample-ipv6.cf:f:root:-:644:o
$sample_directory/sample-ldap.cf:f:root:-:644:o
$sample_directory/sample-lmtp.cf:f:root:-:644:o
$sample_directory/sample-local.cf:f:root:-:644:o
$sample_directory/sample-mime.cf:f:root:-:644:o
$sample_directory/sample-misc.cf:f:root:-:644:o
$sample_directory/sample-pcre-access.cf:f:root:-:644:o
$sample_directory/sample-pcre-body.cf:f:root:-:644:o
$sample_directory/sample-pcre-header.cf:f:root:-:644:o
$sample_directory/sample-pgsql-aliases.cf:f:root:-:644:o
$sample_directory/sample-qmqpd.cf:f:root:-:644:o
$sample_directory/sample-rate.cf:f:root:-:644:o
$sample_directory/sample-regexp-access.cf:f:root:-:644:o
$sample_directory/sample-regexp-body.cf:f:root:-:644:o
$sample_directory/sample-regexp-header.cf:f:root:-:644:o
$sample_directory/sample-relocated.cf:f:root:-:644:o
$sample_directory/sample-resource.cf:f:root:-:644:o
$sample_directory/sample-rewrite.cf:f:root:-:644:o
$sample_directory/sample-scheduler.cf:f:root:-:644:o
$sample_directory/sample-smtp.cf:f:root:-:644:o
$sample_directory/sample-smtpd.cf:f:root:-:644:o
$sample_directory/sample-tls.cf:f:root:-:644:o
$sample_directory/sample-transport.cf:f:root:-:644:o
$sample_directory/sample-verify.cf:f:root:-:644:o
$sample_directory/sample-virtual.cf:f:root:-:644:o
$readme_directory/AAAREADME:f:root:-:644
$readme_directory/ADDRESS_CLASS_README:f:root:-:644
$readme_directory/ADDRESS_REWRITING_README:f:root:-:644
$readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644
$readme_directory/BACKSCATTER_README:f:root:-:644
$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
$readme_directory/BDAT_README:f:root:-:644
$readme_directory/BUILTIN_FILTER_README:f:root:-:644
$readme_directory/COMPATIBILITY_README:f:root:-:644
$readme_directory/CONNECTION_CACHE_README:f:root:-:644
$readme_directory/CONTENT_INSPECTION_README:f:root:-:644
$readme_directory/DATABASE_README:f:root:-:644
$readme_directory/DB_README:f:root:-:644
$readme_directory/DEBUG_README:f:root:-:644
$readme_directory/DSN_README:f:root:-:644
$readme_directory/ETRN_README:f:root:-:644
$readme_directory/FILTER_README:f:root:-:644
$readme_directory/FORWARD_SECRECY_README:f:root:-:644
$readme_directory/HOSTING_README:f:root:-:644:o
$readme_directory/INSTALL:f:root:-:644
$readme_directory/IPV6_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
$readme_directory/MACOSX_README:f:root:-:644:o
$readme_directory/MAILDROP_README:f:root:-:644
$readme_directory/MAILLOG_README:f:root:-:644
$readme_directory/MEMCACHE_README:f:root:-:644
$readme_directory/MILTER_README:f:root:-:644
$readme_directory/MULTI_INSTANCE_README:f:root:-:644
$readme_directory/SMTPUTF8_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/OVERVIEW:f:root:-:644
$readme_directory/PACKAGE_README:f:root:-:644
$readme_directory/POSTSCREEN_3_5_README:f:root:-:644
$readme_directory/POSTSCREEN_README:f:root:-:644
$readme_directory/QMQP_README:f:root:-:644:o
$readme_directory/QSHAPE_README:f:root:-:644
$readme_directory/RELEASE_NOTES:f:root:-:644
$readme_directory/RESTRICTION_CLASS_README:f:root:-:644
$readme_directory/SASL_README:f:root:-:644
$readme_directory/SCHEDULER_README:f:root:-:644
$readme_directory/SMTPD_ACCESS_README:f:root:-:644
$readme_directory/SMTPD_POLICY_README:f:root:-:644
$readme_directory/SMTPD_PROXY_README:f:root:-:644
$readme_directory/SOHO_README:f:root:-:644
$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644
$readme_directory/STRESS_README:f:root:-:644
$readme_directory/TLS_LEGACY_README:f:root:-:644
$readme_directory/TLS_README:f:root:-:644
$readme_directory/TUNING_README:f:root:-:644
$readme_directory/ULTRIX_README:f:root:-:644
$readme_directory/UUCP_README:f:root:-:644
$readme_directory/VERP_README:f:root:-:644
$readme_directory/VIRTUAL_README:f:root:-:644
$readme_directory/XCLIENT_README:f:root:-:644
$readme_directory/XFORWARD_README:f:root:-:644
$html_directory/ADDRESS_CLASS_README.html:f:root:-:644
$html_directory/ADDRESS_REWRITING_README.html:f:root:-:644
$html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644
$html_directory/BACKSCATTER_README.html:f:root:-:644
$html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644
$html_directory/BDAT_README.html:f:root:-:644
$html_directory/BUILTIN_FILTER_README.html:f:root:-:644
$html_directory/CDB_README.html:f:root:-:644
$html_directory/COMPATIBILITY_README.html:f:root:-:644
$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
$html_directory/CYRUS_README.html:f:root:-:644:o
$html_directory/DATABASE_README.html:f:root:-:644
$html_directory/DB_README.html:f:root:-:644
$html_directory/DEBUG_README.html:f:root:-:644
$html_directory/DSN_README.html:f:root:-:644
$html_directory/ETRN_README.html:f:root:-:644
$html_directory/FILTER_README.html:f:root:-:644
$html_directory/FORWARD_SECRECY_README.html:f:root:-:644
$html_directory/INSTALL.html:f:root:-:644
$html_directory/IPV6_README.html:f:root:-:644
$html_directory/LDAP_README.html:f:root:-:644
$html_directory/LINUX_README.html:f:root:-:644
$html_directory/LMDB_README.html:f:root:-:644
$html_directory/LOCAL_RECIPIENT_README.html:f:root:-:644
$html_directory/MAILDROP_README.html:f:root:-:644
$html_directory/MAILLOG_README.html:f:root:-:644
$html_directory/MEMCACHE_README.html:f:root:-:644
$html_directory/MILTER_README.html:f:root:-:644
$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
$html_directory/MYSQL_README.html:f:root:-:644
$html_directory/SMTPUTF8_README.html:f:root:-:644
$html_directory/SQLITE_README.html:f:root:-:644
$html_directory/NFS_README.html:f:root:-:644
$html_directory/OVERVIEW.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
$html_directory/PCRE_README.html:f:root:-:644
$html_directory/PGSQL_README.html:f:root:-:644
$html_directory/POSTSCREEN_3_5_README.html:f:root:-:644
$html_directory/POSTSCREEN_README.html:f:root:-:644
$html_directory/QMQP_README.html:f:root:-:644:o
$html_directory/QSHAPE_README.html:f:root:-:644
$html_directory/RESTRICTION_CLASS_README.html:f:root:-:644
$html_directory/SASL_README.html:f:root:-:644
$html_directory/SCHEDULER_README.html:f:root:-:644
$html_directory/SMTPD_ACCESS_README.html:f:root:-:644
$html_directory/SMTPD_POLICY_README.html:f:root:-:644
$html_directory/SMTPD_PROXY_README.html:f:root:-:644
$html_directory/SOHO_README.html:f:root:-:644
$html_directory/STANDARD_CONFIGURATION_README.html:f:root:-:644
$html_directory/STRESS_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
$html_directory/TLS_README.html:f:root:-:644
$html_directory/TUNING_README.html:f:root:-:644
$html_directory/ULTRIX_README.html:f:root:-:644:o
$html_directory/UUCP_README.html:f:root:-:644
$html_directory/VERP_README.html:f:root:-:644
$html_directory/VIRTUAL_README.html:f:root:-:644
$html_directory/XCLIENT_README.html:f:root:-:644
$html_directory/XFORWARD_README.html:f:root:-:644
$html_directory/access.5.html:f:root:-:644
$html_directory/aliases.5.html:f:root:-:644
$html_directory/anvil.8.html:f:root:-:644
$html_directory/bounce.5.html:f:root:-:644
$html_directory/bounce.8.html:f:root:-:644
$html_directory/canonical.5.html:f:root:-:644
$html_directory/cidr_table.5.html:f:root:-:644
$html_directory/cleanup.8.html:f:root:-:644
$html_directory/defer.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/discard.8.html:f:root:-:644
$html_directory/dnsblog.8.html:f:root:-:644
$html_directory/error.8.html:f:root:-:644
$html_directory/flush.8.html:f:root:-:644
$html_directory/generics.5.html:f:root:-:644:o
$html_directory/generic.5.html:f:root:-:644
$html_directory/header_checks.5.html:f:root:-:644
$html_directory/index.html:f:root:-:644
$html_directory/ldap_table.5.html:f:root:-:644
$html_directory/lmdb_table.5.html:f:root:-:644
$html_directory/lmtp.8.html:f:root:-:644
$html_directory/local.8.html:f:root:-:644
$html_directory/mailq.1.html:f:root:-:644
$html_directory/master.5.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
$html_directory/memcache_table.5.html:f:root:-:644
$html_directory/mysql_table.5.html:f:root:-:644
$html_directory/sqlite_table.5.html:f:root:-:644
$html_directory/nisplus_table.5.html:f:root:-:644
$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/oqmgr.8.html:f:root:-:644
$html_directory/pcre_table.5.html:f:root:-:644
$html_directory/pgsql_table.5.html:f:root:-:644
$html_directory/pickup.8.html:f:root:-:644
$html_directory/pipe.8.html:f:root:-:644
$html_directory/postalias.1.html:f:root:-:644
$html_directory/postcat.1.html:f:root:-:644
$html_directory/postconf.1.html:f:root:-:644
$html_directory/postconf.5.html:f:root:-:644
$html_directory/postdrop.1.html:f:root:-:644
$html_directory/postfix-logo.jpg:f:root:-:644
$html_directory/postfix-manuals.html:f:root:-:644
$html_directory/postfix-tls.1.html:f:root:-:644
$html_directory/postfix-wrapper.5.html:f:root:-:644
$html_directory/postfix.1.html:f:root:-:644
$html_directory/postkick.1.html:f:root:-:644
$html_directory/postlock.1.html:f:root:-:644
$html_directory/postlog.1.html:f:root:-:644
$html_directory/postmap.1.html:f:root:-:644
$html_directory/postmulti.1.html:f:root:-:644
$html_directory/postlogd.8.html:f:root:-:644
$html_directory/postqueue.1.html:f:root:-:644
$html_directory/postscreen.8.html:f:root:-:644
$html_directory/postsuper.1.html:f:root:-:644
$html_directory/qshape.1.html:f:root:-:644
$html_directory/proxymap.8.html:f:root:-:644
$html_directory/qmgr.8.html:f:root:-:644
$html_directory/qmqp-sink.1.html:f:root:-:644
$html_directory/qmqp-source.1.html:f:root:-:644
$html_directory/qmqpd.8.html:f:root:-:644
$html_directory/regexp_table.5.html:f:root:-:644
$html_directory/relocated.5.html:f:root:-:644
$html_directory/scache.8.html:f:root:-:644
$html_directory/sendmail.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/showq.8.html:f:root:-:644
$html_directory/smtp-sink.1.html:f:root:-:644
$html_directory/smtp-source.1.html:f:root:-:644
$html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
$html_directory/smtpd.8.html:f:root:-:644
$html_directory/socketmap_table.5.html:f:root:-:644
$html_directory/spawn.8.html:f:root:-:644
$html_directory/tlsmgr.8.html:f:root:-:644
$html_directory/tlsproxy.8.html:f:root:-:644
$html_directory/tcp_table.5.html:f:root:-:644
$html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/transport.5.html:f:root:-:644
$html_directory/trivial-rewrite.8.html:f:root:-:644
$html_directory/verify.8.html:f:root:-:644
$html_directory/virtual.5.html:f:root:-:644
$html_directory/virtual.8.html:f:root:-:644

3
templates/Fedora/40/etc/postfix/postfix-files.d/ldap Normal file
View File

@@ -0,0 +1,3 @@
$shlib_directory/postfix-ldap.so:f:root:-:755
$manpage_directory/man5/ldap_table.5.gz:f:root:-:644
$readme_directory/LDAP_README:f:root:-:644

3
templates/Fedora/40/etc/postfix/postfix-files.d/mysql Normal file
View File

@@ -0,0 +1,3 @@
$shlib_directory/postfix-mysql.so:f:root:-:755
$manpage_directory/man5/mysql_table.5.gz:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644

3
templates/Fedora/40/etc/postfix/postfix-files.d/pcre Normal file
View File

@@ -0,0 +1,3 @@
$shlib_directory/postfix-pcre.so:f:root:-:755
$manpage_directory/man5/pcre_table.5.gz:f:root:-:644
$readme_directory/PCRE_README:f:root:-:644

178
templates/Fedora/40/etc/postfix/relocated Normal file
View File

@@ -0,0 +1,178 @@
# RELOCATED(5) RELOCATED(5)
#
# NAME
# relocated - Postfix relocated table format
#
# SYNOPSIS
# postmap /etc/postfix/relocated
#
# DESCRIPTION
# The optional relocated(5) table provides the information
# that is used in "user has moved to new_location" bounce
# messages.
#
# Normally, the relocated(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/relocated" to rebuild an indexed
# file after changing the corresponding relocated table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those case, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# Table lookups are case insensitive.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# o An entry has one of the following form:
#
# pattern new_location
#
# Where new_location specifies contact information
# such as an email address, or perhaps a street
# address or telephone number.
#
# o Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# o A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches user@domain. This form has precedence over
# all other forms.
#
# user Matches user@site when site is $myorigin, when site
# is listed in $mydestination, or when site is listed
# in $inet_interfaces or $proxy_interfaces.
#
# @domain
# Matches other addresses in domain. This form has
# the lowest precedence.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions or
# when lookups are directed to a TCP-based server. For a
# description of regular expression lookup table syntax, see
# regexp_table(5) or pcre_table(5). For a description of the
# TCP client/server table lookup protocol, see tcp_table(5).
# This feature is available in Postfix 2.5 and later.
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is available in Postfix 2.5 and
# later.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# relocated_maps (empty)
# Optional lookup tables with new contact information
# for users or domains that no longer exist.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# SEE ALSO
# trivial-rewrite(8), address resolver
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# RELOCATED(5)

317
templates/Fedora/40/etc/postfix/transport Normal file
View File

@@ -0,0 +1,317 @@
# TRANSPORT(5) TRANSPORT(5)
#
# NAME
# transport - Postfix transport table format
#
# SYNOPSIS
# postmap /etc/postfix/transport
#
# postmap -q "string" /etc/postfix/transport
#
# postmap -q - /etc/postfix/transport <inputfile
#
# DESCRIPTION
# The optional transport(5) table specifies a mapping from
# email addresses to message delivery transports and
# next-hop destinations. Message delivery transports such
# as local or smtp are defined in the master.cf file, and
# next-hop destinations are typically hosts or domain names.
# The table is searched by the trivial-rewrite(8) daemon.
#
# This mapping overrides the default transport:nexthop
# selection that is built into Postfix:
#
# local_transport (default: local:$myhostname)
# This is the default for final delivery to domains
# listed with mydestination, and for [ipaddress] des-
# tinations that match $inet_interfaces or
# $proxy_interfaces. The default nexthop destination
# is the MTA hostname.
#
# virtual_transport (default: virtual:)
# This is the default for final delivery to domains
# listed with virtual_mailbox_domains. The default
# nexthop destination is the recipient domain.
#
# relay_transport (default: relay:)
# This is the default for remote delivery to domains
# listed with relay_domains. In order of decreasing
# precedence, the nexthop destination is taken from
# relay_transport, sender_dependent_relayhost_maps,
# relayhost, or from the recipient domain.
#
# default_transport (default: smtp:)
# This is the default for remote delivery to other
# destinations. In order of decreasing precedence,
# the nexthop destination is taken from sender_depen-
# dent_default_transport_maps, default_transport,
# sender_dependent_relayhost_maps, relayhost, or from
# the recipient domain.
#
# Normally, the transport(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/transport" to rebuild an indexed
# file after changing the corresponding transport table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those case, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches the recipient address or
# domain, use the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# The pattern specifies an email address, a domain name, or
# a domain name hierarchy, as described in section "TABLE
# SEARCH ORDER".
#
# The result is of the form transport:nexthop and specifies
# how or where to deliver mail. This is described in section
# "RESULT FORMAT".
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user+extension@domain transport:nexthop
# Deliver mail for user+extension@domain through
# transport to nexthop.
#
# user@domain transport:nexthop
# Deliver mail for user@domain through transport to
# nexthop.
#
# domain transport:nexthop
# Deliver mail for domain through transport to nex-
# thop.
#
# .domain transport:nexthop
# Deliver mail for any subdomain of domain through
# transport to nexthop. This applies only when the
# string transport_maps is not listed in the par-
# ent_domain_matches_subdomains configuration set-
# ting. Otherwise, a domain name matches itself and
# its subdomains.
#
# * transport:nexthop
# The special pattern * represents any address (i.e.
# it functions as the wild-card pattern, and is
# unique to Postfix transport tables).
#
# Note 1: the null recipient address is looked up as
# $empty_address_recipient@$myhostname (default: mailer-dae-
# mon@hostname).
#
# Note 2: user@domain or user+extension@domain lookup is
# available in Postfix 2.0 and later.
#
# RESULT FORMAT
# The lookup result is of the form transport:nexthop. The
# transport field specifies a mail delivery transport such
# as smtp or local. The nexthop field specifies where and
# how to deliver mail.
#
# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
# The nexthop field usually specifies one recipient domain
# or hostname. In the case of the Postfix SMTP/LMTP client,
# the nexthop field may contain a list of nexthop destina-
# tions separated by comma or whitespace (Postfix 3.5 and
# later).
#
# The syntax of a nexthop destination is transport depen-
# dent. With SMTP, specify a service on a non-default port
# as host:service, and disable MX (mail exchanger) DNS
# lookups with [host] or [host]:port. The [] form is
# required when you specify an IP address instead of a host-
# name.
#
# A null transport and null nexthop field means "do not
# change": use the delivery transport and nexthop informa-
# tion that would be used when the entire transport table
# did not exist.
#
# A non-null transport field with a null nexthop field
# resets the nexthop information to the recipient domain.
#
# A null transport field with non-null nexthop field does
# not modify the transport information.
#
# EXAMPLES
# In order to deliver internal mail directly, while using a
# mail relay for all other mail, specify a null entry for
# internal destinations (do not change the delivery trans-
# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
# In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example:
#
# example.com uucp:example
# .example.com uucp:example
#
# When no nexthop host name is specified, the destination
# domain name is used instead. For example, the following
# directs mail for user@example.com via the slow transport
# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
# that matches the address domain class (see DESCRIPTION
# above). The following sends all mail for example.com and
# its subdomains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
# In the above example, the [] suppress MX lookups. This
# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
# In the case of delivery via SMTP or LMTP, one may specify
# host:service instead of just a host:
#
# example.com smtp:bar.example:2025
#
# This directs mail for user@example.com to host bar.example
# port 2025. Instead of a numerical port a symbolic name may
# be used. Specify [] around the hostname if MX lookups must
# be disabled.
#
# Deliveries via SMTP or LMTP support multiple destinations
# (Postfix >= 3.5):
#
# example.com smtp:bar.example, foo.example
#
# This tries to deliver to bar.example before trying to
# deliver to foo.example.
#
# The error mailer can be used to bounce mail:
#
# .example.com error:mail for *.example.com is not deliverable
#
# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus,
# some.domain.hierarchy is not looked up via its parent
# domains, nor is user+foo@domain looked up as user@domain.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# The trivial-rewrite(8) server disallows regular expression
# substitution of $1 etc. in regular expression lookup
# tables, because that could open a security hole (Postfix
# version 2.3 and later).
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via
# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient (MAILER-DAEMON)
# The recipient of mail addressed to the null
# address.
#
# parent_domain_matches_subdomains (see 'postconf -d' out-
# put)
# A list of Postfix features where the pattern "exam-
# ple.com" also matches subdomains of example.com,
# instead of requiring an explicit ".example.com"
# pattern.
#
# transport_maps (empty)
# Optional lookup tables with mappings from recipient
# address to (message delivery transport, next-hop
# destination).
#
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# TRANSPORT(5)

324
templates/Fedora/40/etc/postfix/virtual Normal file
View File

@@ -0,0 +1,324 @@
# VIRTUAL(5) VIRTUAL(5)
#
# NAME
# virtual - Postfix virtual alias table format
#
# SYNOPSIS
# postmap /etc/postfix/virtual
#
# postmap -q "string" /etc/postfix/virtual
#
# postmap -q - /etc/postfix/virtual <inputfile
#
# DESCRIPTION
# The optional virtual(5) alias table rewrites recipient
# addresses for all local, all virtual, and all remote mail
# destinations. This is unlike the aliases(5) table which
# is used only for local(8) delivery. Virtual aliasing is
# recursive, and is implemented by the Postfix cleanup(8)
# daemon before mail is queued.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail for one address to one or more
# addresses.
#
# o To implement virtual alias domains where all
# addresses are aliased to addresses in other
# domains.
#
# Virtual alias domains are not to be confused with
# the virtual mailbox domains that are implemented
# with the Postfix virtual(8) mail delivery agent.
# With virtual mailbox domains, each recipient
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Use
# canonical(5) mapping to rewrite header and envelope
# addresses in general.
#
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to a TCP-based
# server. In those case, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern address, address, ...
# When pattern matches a mail address, replace it by
# the corresponding address.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, each
# user@domain query produces a sequence of query patterns as
# described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
#
# user@domain address, address, ...
# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
# This functionality overlaps with the functionality
# of the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
# @domain address, address, ...
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
# Note: @domain is a wild-card. With this form, the
# Postfix SMTP server accepts mail for any recipient
# in domain, regardless of whether that recipient
# exists. This may turn your mail system into a
# backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return
# that mail as "undeliverable" to the often forged
# sender address.
#
# To avoid backscatter with mail for a wild-card
# domain, replace the wild-card mapping with explicit
# 1:1 mappings, or add a reject_unverified_recipient
# restriction for that domain:
#
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_recipient_access
# inline:{example.com=reject_unverified_recipient}
# unverified_recipient_reject_code = 550
#
# In the above example, Postfix may contact a remote
# server if the recipient is aliased to a remote
# address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of a table lookup.
#
# VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox.
#
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash. See
# the output from "postconf -m" for available database
# types.
#
# /etc/postfix/virtual:
# virtual-alias.domain anything (right-hand content does not matter)
# postmaster@virtual-alias.domain postmaster
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops
# back to myself".
#
# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is available in Postfix 2.5 and
# later.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps ($virtual_maps)
# Optional lookup tables that alias specific mail
# addresses or domains to other local or remote
# addresses.
#
# virtual_alias_domains ($virtual_alias_maps)
# Postfix is the final destination for the specified
# list of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in
# other local or remote domains.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# VIRTUAL(5)

12
templates/Fedora/40/usr/lib/systemd/system/postfix-copytls.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Copy TLS Certificates for Postfix
[Service]
Type=oneshot
ExecStartPre=mkdir -p /etc/postfix/certificates
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ postfix_vhost }}/*.pem /etc/postfix/certificates/'
ExecStartPost=chown -R root:root /etc/postfix/certificates
[Install]
WantedBy=postfix.service

9
templates/Fedora/40/usr/lib/systemd/system/postfix-copytls.timer Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=Copy TLS Certificates for Postfix
[Timer]
OnUnitActiveSec=5min
[Install]
WantedBy=postfix.service

0
vars/Fedora-39-defaults.yml → vars/Fedora-39-default.yml
View File

110
vars/Fedora-40-default.yml Normal file
View File

@@ -0,0 +1,110 @@
---
# vars file for ensure_postfix
milter_list:
- description: 'OpenDKIM'
hostname: 'localhost'
port: '8891'
protocol: 'inet'
- description: 'OpenDMARC'
hostname: 'localhost'
port: '8893'
protocol: 'inet'
package_list:
- name: 'opendkim'
state: 'present'
- name: 'opendkim-tools'
state: 'present'
- name: 'opendmarc'
state: 'present'
- name: 'postfix'
state: 'present'
- name: 'postfix-ldap'
state: 'present'
- name: 'postfix-mysql'
state: 'present'
- name: 'postfix-pcre'
state: 'present'
- name: 'spamass-milter'
state: 'present'
- name: 'spamassassin'
state: 'present'
firewall_list:
- permanent: 'yes'
service: 'smtp'
state: 'enabled'
- permanent: 'yes'
service: 'smtps'
state: 'enabled'
- permanent: 'yes'
service: 'smtp-submission'
state: 'enabled'
service_list:
- enabled: 'yes'
name: 'opendkim.service'
state: 'started'
- enabled: 'yes'
name: 'opendmarc.service'
state: 'started'
- enabled: 'yes'
name: 'postfix.service'
state: 'started'
- enabled: 'yes'
name: 'postfix-copytls.service'
state: 'started'
- enabled: 'yes'
name: 'postfix-copytls.timer'
state: 'started'
template_list:
- dest: '/etc/postfix/dynamicmaps.cf.d/ldap'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/dynamicmaps.cf.d/ldap'
- dest: '/etc/postfix/dynamicmaps.cf.d/mysql'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/dynamicmaps.cf.d/mysql'
- dest: '/etc/postfix/dynamicmaps.cf.d/pcre'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/dynamicmaps.cf.d/pcre'
- dest: '/etc/postfix/postfix-files.d/ldap'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/postfix-files.d/ldap'
- dest: '/etc/postfix/postfix-files.d/mysql'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/postfix-files.d/mysql'
- dest: '/etc/postfix/postfix-files.d/pcre'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/postfix-files.d/pcre'
- dest: '/etc/postfix/access'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/access'
- dest: '/etc/postfix/canonical'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/canonical'
- dest: '/etc/postfix/dynamicmaps.cf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/dynamicmaps.cf'
- dest: '/etc/postfix/generic'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/generic'
- dest: '/etc/postfix/header_checks'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/header_checks'
- dest: '/etc/postfix/main.cf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/main.cf'
- dest: '/etc/postfix/main.cf.proto'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/main.cf.proto'
- dest: '/etc/postfix/master.cf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/master.cf'
- dest: '/etc/postfix/master.cf.proto'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/master.cf.proto'
- dest: '/etc/postfix/postfix-files'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/postfix-files'
- dest: '/etc/postfix/relocated'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/relocated'
- dest: '/etc/postfix/transport'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/transport'
- dest: '/etc/postfix/virtual'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/postfix/virtual'
- dest: '/etc/opendkim/KeyTable'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendkim/KeyTable'
- dest: '/etc/opendkim/SigningTable'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendkim/SigningTable'
- dest: '/etc/opendkim/TrustedHosts'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendkim/TrustedHosts'
- dest: '/etc/opendkim.conf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendkim.conf'
- dest: '/etc/opendmarc.conf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendmarc.conf'
- dest: '/usr/lib/systemd/system/postfix-copytls.service'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/postfix-copytls.service'
- dest: '/usr/lib/systemd/system/postfix-copytls.timer'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/postfix-copytls.timer'