install_postfix_base.sh: some really minor changes..
This commit is contained in:
parent
0b410ad6d8
commit
ee41a335b1
@ -265,7 +265,7 @@ else
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
|
||||
if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
|
||||
IPV6=disabled
|
||||
fi
|
||||
|
||||
@ -278,7 +278,7 @@ echo "Insert e-mail address where messages to local root should be forwarded"
|
||||
echo ""
|
||||
echo ""
|
||||
if [[ -n "$_ADMIN_EMAIL" ]]; then
|
||||
echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
|
||||
echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
|
||||
read ADMIN_EMAIL
|
||||
if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
|
||||
ADMIN_EMAIL=$_ADMIN_EMAIL
|
||||
@ -511,7 +511,7 @@ cat << EOF > $conf_file
|
||||
# ---
|
||||
# - Parameter Settings Postfix Bases System
|
||||
# -
|
||||
# - - automated generated config file -
|
||||
# - - automated generated config file -
|
||||
# ---
|
||||
|
||||
_HOSTNAME=$HOSTNAME
|
||||
@ -531,7 +531,7 @@ else
|
||||
echo_failed
|
||||
fi
|
||||
|
||||
[[ "$IPV6" = "disabled" ]] && IPV6=""
|
||||
[[ "$IPV6" = "disabled" ]] && IPV6=""
|
||||
|
||||
|
||||
# - Synchronise package index files with the repository
|
||||
@ -636,7 +636,7 @@ append_dot_mydomain = no
|
||||
readme_directory = /usr/share/doc/postfix
|
||||
html_directory = /usr/share/doc/postfix/html
|
||||
|
||||
## - The Internet protocols Postfix will attempt to use when making
|
||||
## - The Internet protocols Postfix will attempt to use when making
|
||||
## - or accepting connections.
|
||||
## - DEFAULT: ipv4
|
||||
EOF
|
||||
@ -647,7 +647,7 @@ inet_protocols = ipv4, ipv6
|
||||
|
||||
#inet_interfaces = all
|
||||
|
||||
inet_interfaces =
|
||||
inet_interfaces =
|
||||
127.0.0.1
|
||||
::1
|
||||
#$IPV4
|
||||
@ -655,14 +655,14 @@ inet_interfaces =
|
||||
|
||||
myhostname = $HOSTNAME
|
||||
|
||||
mydestination =
|
||||
mydestination =
|
||||
$HOSTNAME
|
||||
localhost
|
||||
|
||||
## - The list of "trusted" SMTP clients that have more
|
||||
## - The list of "trusted" SMTP clients that have more
|
||||
## - privileges than "strangers"
|
||||
## -
|
||||
mynetworks =
|
||||
mynetworks =
|
||||
127.0.0.0/8
|
||||
[::ffff:127.0.0.0]/104
|
||||
[::1]/128
|
||||
@ -690,14 +690,14 @@ inet_interfaces =
|
||||
|
||||
myhostname = $HOSTNAME
|
||||
|
||||
mydestination =
|
||||
mydestination =
|
||||
$HOSTNAME
|
||||
localhost
|
||||
|
||||
## - The list of "trusted" SMTP clients that have more
|
||||
## - The list of "trusted" SMTP clients that have more
|
||||
## - privileges than "strangers"
|
||||
## -
|
||||
mynetworks =
|
||||
mynetworks =
|
||||
127.0.0.0/8
|
||||
EOF
|
||||
|
||||
@ -725,18 +725,18 @@ cat <<EOF >> /etc/postfix/main.cf
|
||||
## - The method to generate the default value for the mynetworks parameter.
|
||||
## -
|
||||
## - mynetworks_style = host" when Postfix should "trust" only the local machine
|
||||
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
|
||||
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
|
||||
## - clients in the same IP subnetworks as the local machine.
|
||||
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
|
||||
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
|
||||
## - IP class A/B/C networks as the local machine.
|
||||
## -
|
||||
#mynetworks_style = host
|
||||
|
||||
|
||||
## - The maximal size of any local(8) individual mailbox or maildir file,
|
||||
## - or zero (no limit). In fact, this limits the size of any file that is
|
||||
## - written to upon local delivery, including files written by external
|
||||
## - commands that are executed by the local(8) delivery agent.
|
||||
## - The maximal size of any local(8) individual mailbox or maildir file,
|
||||
## - or zero (no limit). In fact, this limits the size of any file that is
|
||||
## - written to upon local delivery, including files written by external
|
||||
## - commands that are executed by the local(8) delivery agent.
|
||||
## -
|
||||
mailbox_size_limit = 0
|
||||
|
||||
@ -755,51 +755,51 @@ recipient_delimiter = +
|
||||
alias_maps =
|
||||
hash:/etc/aliases
|
||||
|
||||
## - The alias databases for local(8) delivery that are updated
|
||||
## - with "newaliases" or with "sendmail -bi".
|
||||
## - The alias databases for local(8) delivery that are updated
|
||||
## - with "newaliases" or with "sendmail -bi".
|
||||
## -
|
||||
alias_database =
|
||||
hash:/etc/aliases
|
||||
|
||||
## - Optional address mapping lookup tables for envelope and header sender
|
||||
## - Optional address mapping lookup tables for envelope and header sender
|
||||
## - addresses. The table format and lookups are documented in canonical(5).
|
||||
## -
|
||||
## - Example: you want to rewrite the SENDER address "user@ugly.domain"
|
||||
## - to "user@pretty.domain", while still being able to send mail to the
|
||||
## - Example: you want to rewrite the SENDER address "user@ugly.domain"
|
||||
## - to "user@pretty.domain", while still being able to send mail to the
|
||||
## - RECIPIENT address "user@ugly.domain".
|
||||
## -
|
||||
## - Note: \$sender_canonical_maps is processed before \$canonical_maps.
|
||||
## -
|
||||
sender_canonical_maps =
|
||||
sender_canonical_maps =
|
||||
btree:/etc/postfix/sender_canonical
|
||||
|
||||
|
||||
## - smtp_generic_maps (default: empty)
|
||||
## -
|
||||
## - Optional lookup tables that perform address rewriting in the Postfix
|
||||
## - SMTP client, typically to transform a locally valid address into a
|
||||
## - globally valid address when sending mail across the Internet. This is
|
||||
## - needed when the local machine does not have its own Internet domain name,
|
||||
## -but uses something like localdomain.local instead.
|
||||
## - Optional lookup tables that perform address rewriting in the Postfix
|
||||
## - SMTP client, typically to transform a locally valid address into a
|
||||
## - globally valid address when sending mail across the Internet. This is
|
||||
## - needed when the local machine does not have its own Internet domain name,
|
||||
## -but uses something like localdomain.local instead.
|
||||
## -
|
||||
smtp_generic_maps =
|
||||
btree:/etc/postfix/generic
|
||||
|
||||
## - The maximal time a message is queued before it is sent back as
|
||||
## - The maximal time a message is queued before it is sent back as
|
||||
## - undeliverable. Defaults to 5d (5 days)
|
||||
## - Specify 0 when mail delivery should be tried only once.
|
||||
## -
|
||||
## -
|
||||
maximal_queue_lifetime = 3d
|
||||
bounce_queue_lifetime = \$maximal_queue_lifetime
|
||||
|
||||
## - delay_warning_time (default: 0h)
|
||||
## -
|
||||
## - The time after which the sender receives a copy of the message
|
||||
## - headers of mail that is still queued. To enable this feature,
|
||||
## - specify a non-zero time value (an integral value plus an optional
|
||||
## - one-letter suffix that specifies the time unit).
|
||||
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
||||
## - The default time unit is h (hours).
|
||||
## - The time after which the sender receives a copy of the message
|
||||
## - headers of mail that is still queued. To enable this feature,
|
||||
## - specify a non-zero time value (an integral value plus an optional
|
||||
## - one-letter suffix that specifies the time unit).
|
||||
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
||||
## - The default time unit is h (hours).
|
||||
delay_warning_time = 1d
|
||||
|
||||
|
||||
@ -852,7 +852,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||
smtp_sasl_security_options = noanonymous
|
||||
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
|
||||
|
||||
# Report the SASL authenticated user name in the smtpd(8) Received message header.
|
||||
# Report the SASL authenticated user name in the smtpd(8) Received message header.
|
||||
smtpd_sasl_authenticated_header = no
|
||||
|
||||
|
||||
@ -862,11 +862,11 @@ smtpd_sasl_authenticated_header = no
|
||||
## - Aktiviert TLS für den Mailempfang
|
||||
## -
|
||||
## - may:
|
||||
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
||||
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
||||
## - SMTP server, otherwise use plaintext
|
||||
## -
|
||||
## - This overrides the obsolete parameters smtpd_use_tls and
|
||||
## - smtpd_enforce_tls. This parameter is ignored with
|
||||
## - This overrides the obsolete parameters smtpd_use_tls and
|
||||
## - smtpd_enforce_tls. This parameter is ignored with
|
||||
## - "smtpd_tls_wrappermode = yes".
|
||||
#smtpd_use_tls=yes
|
||||
smtp_tls_security_level=encrypt
|
||||
@ -886,11 +886,11 @@ relayhost =
|
||||
## - Aktiviert TLS für den Mailempfang
|
||||
## -
|
||||
## - may:
|
||||
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
||||
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
||||
## - SMTP server, otherwise use plaintext
|
||||
## -
|
||||
## - This overrides the obsolete parameters smtpd_use_tls and
|
||||
## - smtpd_enforce_tls. This parameter is ignored with
|
||||
## - This overrides the obsolete parameters smtpd_use_tls and
|
||||
## - smtpd_enforce_tls. This parameter is ignored with
|
||||
## - "smtpd_tls_wrappermode = yes".
|
||||
#smtpd_use_tls=yes
|
||||
smtp_tls_security_level=may
|
||||
@ -902,16 +902,16 @@ cat <<EOF >> /etc/postfix/main.cf
|
||||
## - Aktiviert TLS für den Mailversand
|
||||
## -
|
||||
## - may:
|
||||
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
|
||||
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
|
||||
## - but do not require that clients use TLS encryption.
|
||||
# smtp_use_tls=yes
|
||||
smtpd_tls_security_level=may
|
||||
|
||||
## - 0 Disable logging of TLS activity.
|
||||
## - 1 Log TLS handshake and certificate information.
|
||||
## - 2 Log levels during TLS negotiation.
|
||||
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
|
||||
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
|
||||
## - 0 Disable logging of TLS activity.
|
||||
## - 1 Log TLS handshake and certificate information.
|
||||
## - 2 Log levels during TLS negotiation.
|
||||
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
|
||||
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
|
||||
## -
|
||||
smtpd_tls_loglevel = 1
|
||||
smtp_tls_loglevel = 1
|
||||
@ -920,7 +920,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE
|
||||
smtpd_tls_key_file = $_TLS_KEY_FILE
|
||||
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
## -
|
||||
## - Dont't forget to create it, e.g with openssl:
|
||||
## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
|
||||
## -
|
||||
@ -929,30 +929,30 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
|
||||
## -
|
||||
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
|
||||
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
||||
## -
|
||||
## - Dont't forget to create it, e.g with openssl:
|
||||
## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
|
||||
## -
|
||||
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
|
||||
|
||||
|
||||
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
|
||||
## - server certificates or intermediate CA certificates. These are loaded into
|
||||
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
|
||||
## - server certificates or intermediate CA certificates. These are loaded into
|
||||
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
|
||||
## -
|
||||
## -
|
||||
smtp_tls_CAfile = $_TLS_CA_FILE
|
||||
|
||||
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
|
||||
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
|
||||
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
|
||||
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
|
||||
## - necessary "hash" links with, for example, "
|
||||
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
|
||||
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
|
||||
## -
|
||||
## - !! Note !!
|
||||
## - To use this option in chroot mode, this directory (or a copy) must be inside
|
||||
## - the chroot jail.
|
||||
## - To use this option in chroot mode, this directory (or a copy) must be inside
|
||||
## - the chroot jail.
|
||||
## -
|
||||
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
|
||||
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
|
||||
## - queue directory (/var/spool/postfix)
|
||||
## -
|
||||
#smtpd_tls_CApath = /etc/postfix/certs
|
||||
@ -1070,8 +1070,8 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
|
||||
|
||||
# smtpd_relay_restrictions
|
||||
#
|
||||
# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions
|
||||
# parameter must specify at least one of the following restrictions. Otherwise Postfix
|
||||
# IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions
|
||||
# parameter must specify at least one of the following restrictions. Otherwise Postfix
|
||||
# will refuse to receive mail:
|
||||
#
|
||||
# reject, reject_unauth_destination
|
||||
@ -1081,20 +1081,20 @@ smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
|
||||
#
|
||||
# The upstream default is:
|
||||
#
|
||||
# smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} :
|
||||
# smtpd_relay_restrictions = \${{\$compatibility_level} < {1} ? {} :
|
||||
# {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
|
||||
#
|
||||
# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is
|
||||
# AGAIN, that means: if parameter compatibility_level is not set or compatibility_level is
|
||||
# set to '0', you MUST specify this value. Otherwise Postfix will refuse to receive mail
|
||||
# and you get the following error message:
|
||||
#
|
||||
# fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify
|
||||
# at least one working instance of: reject_unauth_destination, defer_unauth_destination,
|
||||
# fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify
|
||||
# at least one working instance of: reject_unauth_destination, defer_unauth_destination,
|
||||
# reject, defer, defer_if_permit or check_relay_domains
|
||||
#
|
||||
#smtpd_relay_restrictions =
|
||||
# permit_mynetworks,
|
||||
# permit_sasl_authenticated,
|
||||
#smtpd_relay_restrictions =
|
||||
# permit_mynetworks,
|
||||
# permit_sasl_authenticated,
|
||||
# defer_unauth_destination
|
||||
|
||||
EOF
|
||||
@ -1182,7 +1182,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
## - create directory for certificates and copy certificates
|
||||
## - create directory for certificates and copy certificates
|
||||
## - and coresponding keys to /etc/postfix/ssl/
|
||||
## -
|
||||
echononl " Create directory for certificates \"/etc/postfix/ssl\""
|
||||
@ -1198,7 +1198,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
## - generate DH parameters that the Postfix SMTP server should use
|
||||
## - generate DH parameters that the Postfix SMTP server should use
|
||||
## - with EDH ciphers (length 512 and 1024
|
||||
## -
|
||||
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
|
||||
@ -1457,7 +1457,7 @@ fi
|
||||
if [[ ${RELAY_PORT} -ne 25 ]] ; then
|
||||
|
||||
echo ""
|
||||
warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing here
|
||||
warn "Please do not forget to allow port \033[1m${RELAY_PORT}\033[m on both sides, outgoing
|
||||
on this host here and incoming on the relay host '${RELAY_HOST}'."
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user