diff --git a/install_postfix_base.sh b/install_postfix_base.sh index b93285f..ea5862b 100755 --- a/install_postfix_base.sh +++ b/install_postfix_base.sh @@ -265,7 +265,7 @@ else fi done fi -if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then +if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then IPV6=disabled fi @@ -278,7 +278,7 @@ echo "Insert e-mail address where messages to local root should be forwarded" echo "" echo "" if [[ -n "$_ADMIN_EMAIL" ]]; then - echononl "Admin e-mail address [$_ADMIN_EMAIL]: " + echononl "Admin e-mail address [$_ADMIN_EMAIL]: " read ADMIN_EMAIL if [[ "X${ADMIN_EMAIL}" = "X" ]]; then ADMIN_EMAIL=$_ADMIN_EMAIL @@ -511,7 +511,7 @@ cat << EOF > $conf_file # --- # - Parameter Settings Postfix Bases System # - -# - - automated generated config file - +# - - automated generated config file - # --- _HOSTNAME=$HOSTNAME @@ -531,7 +531,7 @@ else echo_failed fi -[[ "$IPV6" = "disabled" ]] && IPV6="" +[[ "$IPV6" = "disabled" ]] && IPV6="" # - Synchronise package index files with the repository @@ -636,7 +636,7 @@ append_dot_mydomain = no readme_directory = /usr/share/doc/postfix html_directory = /usr/share/doc/postfix/html -## - The Internet protocols Postfix will attempt to use when making +## - The Internet protocols Postfix will attempt to use when making ## - or accepting connections. ## - DEFAULT: ipv4 EOF @@ -647,7 +647,7 @@ inet_protocols = ipv4, ipv6 #inet_interfaces = all -inet_interfaces = +inet_interfaces = 127.0.0.1 ::1 #$IPV4 @@ -655,14 +655,14 @@ inet_interfaces = myhostname = $HOSTNAME -mydestination = +mydestination = $HOSTNAME localhost -## - The list of "trusted" SMTP clients that have more +## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - -mynetworks = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 @@ -690,14 +690,14 @@ inet_interfaces = myhostname = $HOSTNAME -mydestination = +mydestination = $HOSTNAME localhost -## - The list of "trusted" SMTP clients that have more +## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - -mynetworks = +mynetworks = 127.0.0.0/8 EOF @@ -725,18 +725,18 @@ cat <> /etc/postfix/main.cf ## - The method to generate the default value for the mynetworks parameter. ## - ## - mynetworks_style = host" when Postfix should "trust" only the local machine -## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP +## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP ## - clients in the same IP subnetworks as the local machine. -## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same +## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same ## - IP class A/B/C networks as the local machine. ## - #mynetworks_style = host -## - The maximal size of any local(8) individual mailbox or maildir file, -## - or zero (no limit). In fact, this limits the size of any file that is -## - written to upon local delivery, including files written by external -## - commands that are executed by the local(8) delivery agent. +## - The maximal size of any local(8) individual mailbox or maildir file, +## - or zero (no limit). In fact, this limits the size of any file that is +## - written to upon local delivery, including files written by external +## - commands that are executed by the local(8) delivery agent. ## - mailbox_size_limit = 0 @@ -755,51 +755,51 @@ recipient_delimiter = + alias_maps = hash:/etc/aliases -## - The alias databases for local(8) delivery that are updated -## - with "newaliases" or with "sendmail -bi". +## - The alias databases for local(8) delivery that are updated +## - with "newaliases" or with "sendmail -bi". ## - alias_database = hash:/etc/aliases -## - Optional address mapping lookup tables for envelope and header sender +## - Optional address mapping lookup tables for envelope and header sender ## - addresses. The table format and lookups are documented in canonical(5). ## - -## - Example: you want to rewrite the SENDER address "user@ugly.domain" -## - to "user@pretty.domain", while still being able to send mail to the +## - Example: you want to rewrite the SENDER address "user@ugly.domain" +## - to "user@pretty.domain", while still being able to send mail to the ## - RECIPIENT address "user@ugly.domain". ## - ## - Note: \$sender_canonical_maps is processed before \$canonical_maps. ## - -sender_canonical_maps = +sender_canonical_maps = btree:/etc/postfix/sender_canonical ## - smtp_generic_maps (default: empty) ## - -## - Optional lookup tables that perform address rewriting in the Postfix -## - SMTP client, typically to transform a locally valid address into a -## - globally valid address when sending mail across the Internet. This is -## - needed when the local machine does not have its own Internet domain name, -## -but uses something like localdomain.local instead. +## - Optional lookup tables that perform address rewriting in the Postfix +## - SMTP client, typically to transform a locally valid address into a +## - globally valid address when sending mail across the Internet. This is +## - needed when the local machine does not have its own Internet domain name, +## -but uses something like localdomain.local instead. ## - smtp_generic_maps = btree:/etc/postfix/generic -## - The maximal time a message is queued before it is sent back as +## - The maximal time a message is queued before it is sent back as ## - undeliverable. Defaults to 5d (5 days) ## - Specify 0 when mail delivery should be tried only once. -## - +## - maximal_queue_lifetime = 3d bounce_queue_lifetime = \$maximal_queue_lifetime ## - delay_warning_time (default: 0h) ## - -## - The time after which the sender receives a copy of the message -## - headers of mail that is still queued. To enable this feature, -## - specify a non-zero time value (an integral value plus an optional -## - one-letter suffix that specifies the time unit). -## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). -## - The default time unit is h (hours). +## - The time after which the sender receives a copy of the message +## - headers of mail that is still queued. To enable this feature, +## - specify a non-zero time value (an integral value plus an optional +## - one-letter suffix that specifies the time unit). +## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +## - The default time unit is h (hours). delay_warning_time = 1d @@ -852,7 +852,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options -# Report the SASL authenticated user name in the smtpd(8) Received message header. +# Report the SASL authenticated user name in the smtpd(8) Received message header. smtpd_sasl_authenticated_header = no @@ -862,11 +862,11 @@ smtpd_sasl_authenticated_header = no ## - Aktiviert TLS für den Mailempfang ## - ## - may: -## - Opportunistic TLS. Use TLS if this is supported by the remote +## - Opportunistic TLS. Use TLS if this is supported by the remote ## - SMTP server, otherwise use plaintext ## - -## - This overrides the obsolete parameters smtpd_use_tls and -## - smtpd_enforce_tls. This parameter is ignored with +## - This overrides the obsolete parameters smtpd_use_tls and +## - smtpd_enforce_tls. This parameter is ignored with ## - "smtpd_tls_wrappermode = yes". #smtpd_use_tls=yes smtp_tls_security_level=encrypt @@ -886,11 +886,11 @@ relayhost = ## - Aktiviert TLS für den Mailempfang ## - ## - may: -## - Opportunistic TLS. Use TLS if this is supported by the remote +## - Opportunistic TLS. Use TLS if this is supported by the remote ## - SMTP server, otherwise use plaintext ## - -## - This overrides the obsolete parameters smtpd_use_tls and -## - smtpd_enforce_tls. This parameter is ignored with +## - This overrides the obsolete parameters smtpd_use_tls and +## - smtpd_enforce_tls. This parameter is ignored with ## - "smtpd_tls_wrappermode = yes". #smtpd_use_tls=yes smtp_tls_security_level=may @@ -902,16 +902,16 @@ cat <> /etc/postfix/main.cf ## - Aktiviert TLS für den Mailversand ## - ## - may: -## - Opportunistic TLS: announce STARTTLS support to SMTP clients, +## - Opportunistic TLS: announce STARTTLS support to SMTP clients, ## - but do not require that clients use TLS encryption. # smtp_use_tls=yes smtpd_tls_security_level=may -## - 0 Disable logging of TLS activity. -## - 1 Log TLS handshake and certificate information. -## - 2 Log levels during TLS negotiation. -## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. -## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. +## - 0 Disable logging of TLS activity. +## - 1 Log TLS handshake and certificate information. +## - 2 Log levels during TLS negotiation. +## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. +## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. ## - smtpd_tls_loglevel = 1 smtp_tls_loglevel = 1 @@ -920,7 +920,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE smtpd_tls_key_file = $_TLS_KEY_FILE ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. -## - +## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - @@ -929,30 +929,30 @@ smtpd_tls_key_file = $_TLS_KEY_FILE ## - smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem -## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. -## - +## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. +## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem -## - File containing CA certificates of root CAs trusted to sign either remote SMTP -## - server certificates or intermediate CA certificates. These are loaded into +## - File containing CA certificates of root CAs trusted to sign either remote SMTP +## - server certificates or intermediate CA certificates. These are loaded into ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail. -## - +## - smtp_tls_CAfile = $_TLS_CA_FILE -## - Directory with PEM format certificate authority certificates that the Postfix SMTP -## - client uses to verify a remote SMTP server certificate. Don't forget to create the +## - Directory with PEM format certificate authority certificates that the Postfix SMTP +## - client uses to verify a remote SMTP server certificate. Don't forget to create the ## - necessary "hash" links with, for example, " -## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". +## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". ## - ## - !! Note !! -## - To use this option in chroot mode, this directory (or a copy) must be inside -## - the chroot jail. +## - To use this option in chroot mode, this directory (or a copy) must be inside +## - the chroot jail. ## - -## - Note that a chrooted daemon resolves all filenames relative to the Postfix +## - Note that a chrooted daemon resolves all filenames relative to the Postfix ## - queue directory (/var/spool/postfix) ## - #smtpd_tls_CApath = /etc/postfix/certs @@ -1070,8 +1070,8 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache # smtpd_relay_restrictions # -# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions -# parameter must specify at least one of the following restrictions. Otherwise Postfix +# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions +# parameter must specify at least one of the following restrictions. Otherwise Postfix # will refuse to receive mail: # # reject, reject_unauth_destination @@ -1081,20 +1081,20 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache # # The upstream default is: # -# smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : +# smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} : # {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}} # -# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is +# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is # set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail # and you get the following error message: # -# fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify -# at least one working instance of: reject_unauth_destination, defer_unauth_destination, +# fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify +# at least one working instance of: reject_unauth_destination, defer_unauth_destination, # reject, defer, defer_if_permit or check_relay_domains # -#smtpd_relay_restrictions = -# permit_mynetworks, -# permit_sasl_authenticated, +#smtpd_relay_restrictions = +# permit_mynetworks, +# permit_sasl_authenticated, # defer_unauth_destination EOF @@ -1182,7 +1182,7 @@ else fi -## - create directory for certificates and copy certificates +## - create directory for certificates and copy certificates ## - and coresponding keys to /etc/postfix/ssl/ ## - echononl " Create directory for certificates \"/etc/postfix/ssl\"" @@ -1198,7 +1198,7 @@ else fi -## - generate DH parameters that the Postfix SMTP server should use +## - generate DH parameters that the Postfix SMTP server should use ## - with EDH ciphers (length 512 and 1024 ## - echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" @@ -1457,7 +1457,7 @@ fi if [[ ${RELAY_PORT} -ne 25 ]] ; then echo "" - warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing here + warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing on this host here and incoming on the relay host '${RELAY_HOST}'." fi