From f6482795c43121792a7a7a8d473a9dc93a9017e6 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 28 Sep 2024 22:53:45 +0200 Subject: [PATCH] install_postfix_advanced.sh: get rid of trailling blanks. --- install_postfix_advanced.sh | 410 +++++++++++++++++------------------- 1 file changed, 195 insertions(+), 215 deletions(-) diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 0dd06ed..c8320e2 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -161,7 +161,7 @@ else _IS_SYMPA_LIST_SERVER="$_SYMPA_LIST_SERVER" fi -if [[ -z "$_RELAY_HOST" ]]; then +if [[ -z "$_RELAY_HOST" ]]; then _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST else _IS_RELAY_HOST="$_RELAY_HOST" @@ -272,7 +272,7 @@ else fi done fi -if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then +if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then IPV6=disabled fi @@ -285,18 +285,18 @@ echo "How will this Mailserver be used?" echo "" if [[ -n "$_IS_RELAY_HOST" ]]; then if $_IS_RELAY_HOST ; then - echo "[1] Complete Mailserver (with mailboxes)" + echo "[1] Complete Mailserver (with mailboxes)" echo -e "\033[37m\033[1m[2] Mailrelay Host\033[m" else - echo -e "\033[37m\033[1m[1] complete Mailserver (with mailboxes)\033[m" + echo -e "\033[37m\033[1m[1] complete Mailserver (with mailboxes)\033[m" echo "[2] Mailrelay Host" fi - echo "" + echo "" echononl "Choose a number or press for highlighted value: " else echo "[1] Complete Mailserver (with mailboxes)" echo "[2] Mailrelay Host" - echo "" + echo "" echononl "Choose a Number: " fi while [[ "$IS_RELAY_HOST" != "true" && "$IS_RELAY_HOST" != "false" ]];do @@ -316,13 +316,13 @@ while [[ "$IS_RELAY_HOST" != "true" && "$IS_RELAY_HOST" != "false" ]];do fi ;; *) IS_RELAY_HOST= - echo "" + echo "" if [[ -n "$_IS_RELAY_HOST" ]]; then echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host] or type " else - echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host]" + echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host]" fi - echo "" + echo "" echononl "Reentry: " ;; esac @@ -409,7 +409,7 @@ echo "Insert e-mail address where messages to local root should be forwarded" echo "" echo "" if [[ -n "$_ADMIN_EMAIL" ]]; then - echononl "Admin e-mail address [$_ADMIN_EMAIL]: " + echononl "Admin e-mail address [$_ADMIN_EMAIL]: " read ADMIN_EMAIL if [[ "X${ADMIN_EMAIL}" = "X" ]]; then ADMIN_EMAIL=$_ADMIN_EMAIL @@ -491,7 +491,7 @@ else echo_ok fi -[[ "$IPV6" = "disabled" ]] && IPV6="" +[[ "$IPV6" = "disabled" ]] && IPV6="" # - Synchronise package index files with the repository @@ -580,7 +580,7 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then # #perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ # /etc/default/postgrey > $log_file 2>&1 - + # postgrey as unix socket # perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--unix=/var/spool/postfix/postgrey/postgrey.sock --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \ @@ -709,8 +709,8 @@ else if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then cat <> $postfix_master_cf 2> $log_file -# This is tumgreyspf, an external policy checker for the postfix mail server. -# It can optionally greylist and/or use spfquery to check SPF records to +# This is tumgreyspf, an external policy checker for the postfix mail server. +# It can optionally greylist and/or use spfquery to check SPF records to # determine if email should be accepted by your server. # tumgreyspf unix - n n - - spawn @@ -728,10 +728,10 @@ EOF echononl " Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf" if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then cat < "/etc/tumgreyspf/disable.conf" 2> $log_file -SPFSEEDONLY=0 -GREYLISTTIME=300 -CHECKERS= -OTHERCONFIGS= +SPFSEEDONLY=0 +GREYLISTTIME=300 +CHECKERS= +OTHERCONFIGS= EOF if [[ $? -eq 0 ]] ; then echo_ok @@ -1449,10 +1449,10 @@ cat < /etc/postfix/main.cf compatibility_level = 2 # With "smtputf8_enable = yes", Postfix requires that non-ASCII address information -# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not -# practical for Postfix to support multiple encodings at the same time. There is no -# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use -# only characters from the ASCII characterset. +# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not +# practical for Postfix to support multiple encodings at the same time. There is no +# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use +# only characters from the ASCII characterset. #smtputf8_enable = no EOF if $IS_SYMPA_LIST_SERVER ; then @@ -1482,7 +1482,7 @@ append_dot_mydomain = no readme_directory = /usr/share/doc/postfix html_directory = /usr/share/doc/postfix/html -## - The Internet protocols Postfix will attempt to use when making +## - The Internet protocols Postfix will attempt to use when making ## - or accepting connections. ## - DEFAULT: ipv4 EOF @@ -1499,19 +1499,19 @@ inet_interfaces = all myhostname = $HOSTNAME -mydestination = +mydestination = $HOSTNAME localhost -## - The list of "trusted" SMTP clients that have more +## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - -mynetworks = +mynetworks = # +++++++++++++++++++++++++++++++++++++ # replace 127.0.0.1/8 with 127.0.0.1/32 # +++++++++++++++++++++++++++++++++++++ # So we can use i.e 127.0.0.25 (or any other 127.x.x.x address) - # to bind to hidden tor service on port 25 without having an + # to bind to hidden tor service on port 25 without having an # open relay # # see also: https://github.com/ehloonion/onionmx/blob/master/open-relay.md @@ -1556,19 +1556,19 @@ inet_interfaces = myhostname = $HOSTNAME -mydestination = +mydestination = $HOSTNAME localhost -## - The list of "trusted" SMTP clients that have more +## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - -mynetworks = +mynetworks = # +++++++++++++++++++++++++++++++++++++ # replace 127.0.0.1/8 with 127.0.0.1/32 # +++++++++++++++++++++++++++++++++++++ # So we can use i.e 127.0.0.25 (or any other 127.x.x.x address) - # to bind to hidden tor service on port 25 without having an + # to bind to hidden tor service on port 25 without having an # open relay # # see also: https://github.com/ehloonion/onionmx/blob/master/open-relay.md @@ -1596,18 +1596,18 @@ cat <> /etc/postfix/main.cf ## - The method to generate the default value for the mynetworks parameter. ## - ## - mynetworks_style = host" when Postfix should "trust" only the local machine -## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP +## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP ## - clients in the same IP subnetworks as the local machine. -## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same +## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same ## - IP class A/B/C networks as the local machine. ## - #mynetworks_style = host -## - The maximal size of any local(8) individual mailbox or maildir file, -## - or zero (no limit). In fact, this limits the size of any file that is -## - written to upon local delivery, including files written by external -## - commands that are executed by the local(8) delivery agent. +## - The maximal size of any local(8) individual mailbox or maildir file, +## - or zero (no limit). In fact, this limits the size of any file that is +## - written to upon local delivery, including files written by external +## - commands that are executed by the local(8) delivery agent. ## - mailbox_size_limit = 0 @@ -1631,17 +1631,17 @@ recipient_delimiter = + alias_maps = hash:/etc/aliases -## - The alias databases for local(8) delivery that are updated -## - with "newaliases" or with "sendmail -bi". +## - The alias databases for local(8) delivery that are updated +## - with "newaliases" or with "sendmail -bi". ## - alias_database = hash:/etc/aliases -## - Optional address mapping lookup tables for envelope and header sender +## - Optional address mapping lookup tables for envelope and header sender ## - addresses. The table format and lookups are documented in canonical(5). ## - -## - Example: you want to rewrite the SENDER address "user@ugly.domain" -## - to "user@pretty.domain", while still being able to send mail to the +## - Example: you want to rewrite the SENDER address "user@ugly.domain" +## - to "user@pretty.domain", while still being able to send mail to the ## - RECIPIENT address "user@ugly.domain". ## - ## - Note: \$sender_canonical_maps is processed before \$canonical_maps. @@ -1660,10 +1660,10 @@ smtp_generic_maps = btree:/etc/postfix/generic -## - Optional lookup tables with mappings from recipient address -## - to (message delivery transport, next-hop destination). -## - See transport(5) for details. -## - +## - Optional lookup tables with mappings from recipient address +## - to (message delivery transport, next-hop destination). +## - See transport(5) for details. +## - transport_maps = btree:/etc/postfix/transport btree:/etc/postfix/relay_domains @@ -1677,21 +1677,21 @@ fi cat <> /etc/postfix/main.cf -## - The maximal time a message is queued before it is sent back as +## - The maximal time a message is queued before it is sent back as ## - undeliverable. Defaults to 5d (5 days) ## - Specify 0 when mail delivery should be tried only once. -## - +## - maximal_queue_lifetime = 12h bounce_queue_lifetime = \$maximal_queue_lifetime ## - delay_warning_time (default: 0h) ## - -## - The time after which the sender receives a copy of the message -## - headers of mail that is still queued. To enable this feature, -## - specify a non-zero time value (an integral value plus an optional -## - one-letter suffix that specifies the time unit). -## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). -## - The default time unit is h (hours). +## - The time after which the sender receives a copy of the message +## - headers of mail that is still queued. To enable this feature, +## - specify a non-zero time value (an integral value plus an optional +## - one-letter suffix that specifies the time unit). +## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +## - The default time unit is h (hours). delay_warning_time = 4h @@ -1709,9 +1709,9 @@ prepend_delivered_header = ## - proxy_read_maps ## - ## - The lookup tables that the proxymap(8) server is allowed to access for the read-only service. -## - -## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table -## - references that don't begin with proxy: are ignored. +## - +## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table +## - references that don't begin with proxy: are ignored. ## - #proxy_read_maps = \$local_recipient_maps \$mydestination \$virtual_alias_maps \$virtual_alias_domains \$virtual_mailbox_maps \$virtual_mailbox_domains \$relay_recipient_maps \$relay_domains \$canonical_maps \$sender_canonical_maps \$recipient_canonical_maps \$relocated_maps \$transport_maps \$mynetworks \$sender_bcc_maps \$recipient_bcc_maps \$smtp_generic_maps \$lmtp_generic_maps \$smtpd_sender_login_maps @@ -1811,23 +1811,10 @@ smtp_host_lookup = dns # smtp_dns_support_level = dnssec + ## - Aktiviert TLS für den Mailempfang ## - -# By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix -# is visible. Explicitly switch it on using "smtpd_use_tls = yes". -# -# Example: -# -# /etc/postfix/main.cf: -# smtpd_use_tls = yes -# -# With this, Postfix SMTP server announces STARTTLS support to SMTP clients, but does -# not require that clients use TLS encryption. -# -smtpd_use_tls=yes - - # The SMTP TLS security level for the Postfix SMTP server; when a non-empty value is # specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. # This parameter is ignored with "smtpd_tls_wrappermode = yes". @@ -1850,23 +1837,16 @@ smtpd_use_tls=yes # smtpd_tls_security_level=may + ## - Aktiviert TLS für den Mailversand ## - -# Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, -# otherwise send the mail in the clear. Beware: some SMTP servers offer STARTTLS even if / -# it is not configured. +# The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value +# is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, +# and smtp_tls_enforce_peername; when no value is specified for smtp_tls_enforce_peername +# or the obsolete parameters, the default SMTP TLS security level is none. # -# default: no -# -smtp_use_tls=yes - -# The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value -# is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, -# and smtp_tls_enforce_peername; when no value is specified for smtp_tls_enforce_peername -# or the obsolete parameters, the default SMTP TLS security level is none. -# -# Specify one of the following security levels: +# Specify one of the following security levels: # # none # No TLS. TLS will not be used unless enabled for specific destinations @@ -1919,11 +1899,11 @@ smtp_use_tls=yes smtp_tls_security_level=dane -## - 0 Disable logging of TLS activity. -## - 1 Log TLS handshake and certificate information. -## - 2 Log levels during TLS negotiation. -## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. -## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. +## - 0 Disable logging of TLS activity. +## - 1 Log TLS handshake and certificate information. +## - 2 Log levels during TLS negotiation. +## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. +## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. ## - smtpd_tls_loglevel = 1 smtp_tls_loglevel = 1 @@ -1932,7 +1912,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE smtpd_tls_key_file = $_TLS_KEY_FILE ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. -## - +## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - @@ -1941,38 +1921,38 @@ smtpd_tls_key_file = $_TLS_KEY_FILE ## - smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem -## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. -## - +## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. +## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem -## - File containing CA certificates of root CAs trusted to sign either remote SMTP -## - server certificates or intermediate CA certificates. These are loaded into +## - File containing CA certificates of root CAs trusted to sign either remote SMTP +## - server certificates or intermediate CA certificates. These are loaded into ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail. -## - +## - smtp_tls_CAfile = $_TLS_CA_FILE -## - Directory with PEM format certificate authority certificates that the Postfix SMTP -## - client uses to verify a remote SMTP server certificate. Don't forget to create the +## - Directory with PEM format certificate authority certificates that the Postfix SMTP +## - client uses to verify a remote SMTP server certificate. Don't forget to create the ## - necessary "hash" links with, for example, " -## - /usr/bin/c_rehash /etc/postfix/certs". +## - /usr/bin/c_rehash /etc/postfix/certs". ## - ## - !! Note !! -## - To use this option in chroot mode, this directory (or a copy) must be inside -## - the chroot jail. +## - To use this option in chroot mode, this directory (or a copy) must be inside +## - the chroot jail. ## - -## - Note that a chrooted daemon resolves all filenames relative to the Postfix +## - Note that a chrooted daemon resolves all filenames relative to the Postfix ## - queue directory (/var/spool/postfix) ## - #smtpd_tls_CApath = /etc/postfix/certs -# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption. -# If the list is empty, the server supports all available TLS protocol versions. -# +# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption. +# If the list is empty, the server supports all available TLS protocol versions. +# # default: see 'postconf -d' output # smtpd_tls_protocols = >=TLSv1.1 @@ -1988,45 +1968,45 @@ smtpd_tls_mandatory_protocols = >=TLSv1.1 # smtp_tls_protocols = >=TLSv1.2 -# TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. -# +# TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. +# # default: see 'postconf -d' output # smtp_tls_mandatory_protocols = >=TLSv1.2 -# The Postfix SMTP server security grade for ephemeral elliptic-curve -# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this -# parameter is always ignored, and Postfix behaves as though the auto value -# (described below) was chosen. +# The Postfix SMTP server security grade for ephemeral elliptic-curve +# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this +# parameter is always ignored, and Postfix behaves as though the auto value +# (described below) was chosen. # # auto -# Use the most preferred curve that is supported by both the client and the server. -# This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This -# is the default setting under the above conditions (and the only setting used with +# Use the most preferred curve that is supported by both the client and the server. +# This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This +# is the default setting under the above conditions (and the only setting used with # Postfix ≥ 3.6). # # none -# Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the +# Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the # default in Postfix versions 2.6 and 2.7. # # strong -# Use EECDH with approximately 128 bits of security at a reasonable computational cost. +# Use EECDH with approximately 128 bits of security at a reasonable computational cost. # This is the default in Postfix versions 2.8-3.5. # # ultra -# Use EECDH with approximately 192 bits of security at computational cost that is +# Use EECDH with approximately 192 bits of security at computational cost that is # approximately twice as high as 128 bit strength ECC. # smtpd_tls_eecdh_grade = auto -# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead -# of the remote client's cipher preference order. +# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead +# of the remote client's cipher preference order. # -# By default, the OpenSSL server selects the client's most preferred cipher that the -# server supports. With SSLv3 and later, the server may choose its own most preferred -# cipher that is supported (offered) by the client. +# By default, the OpenSSL server selects the client's most preferred cipher that the +# server supports. With SSLv3 and later, the server may choose its own most preferred +# cipher that is supported (offered) by the client. # # Setting "tls_preempt_cipherlist = yes" enables server cipher preferences. # @@ -2035,23 +2015,23 @@ smtpd_tls_eecdh_grade = auto tls_preempt_cipherlist = yes -# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory -# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit -# from globally restricting TLS sessions to a more stringent grade is likely negligible, -# especially given the fact that many implementations still do not offer any stronger -# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers. -# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export" -# or "low" ciphers is typically not a good idea, as systems limited to just these are -# limited to obsolete browsers. No known SMTP clients fail to support at least one -# "medium" or "high" grade cipher. +# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory +# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit +# from globally restricting TLS sessions to a more stringent grade is likely negligible, +# especially given the fact that many implementations still do not offer any stronger +# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers. +# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export" +# or "low" ciphers is typically not a good idea, as systems limited to just these are +# limited to obsolete browsers. No known SMTP clients fail to support at least one +# "medium" or "high" grade cipher. # # default: medium # #smtpd_tls_mandatory_ciphers = medium -# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic -# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the -# base definition of the selected cipher grade. +# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic +# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the +# base definition of the selected cipher grade. # # default: medium # @@ -2104,16 +2084,16 @@ smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options # Report the SASL authenticated user name in the smtpd(8) Received message header. smtpd_sasl_authenticated_header = yes -# Enable interoperability with remote SMTP clients that implement an obsolete version -# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook +# Enable interoperability with remote SMTP clients that implement an obsolete version +# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook # Express version 4 and MicroSoft Exchange version 5.0. # -# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support +# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support # in a non-standard way. # broken_sasl_auth_clients = yes -## - Optional lookup table with the SASL login names that own +## - Optional lookup table with the SASL login names that own ## - sender (MAIL FROM) addresses. smtpd_sender_login_maps = @@ -2133,7 +2113,7 @@ else #======= SASL Authentification ============ -## - Enable SASL authentication in the Postfix SMTP server. By default, +## - Enable SASL authentication in the Postfix SMTP server. By default, ## - the Postfix SMTP server does not use authentication. ## - smtpd_sasl_auth_enable = no @@ -2142,16 +2122,16 @@ smtpd_sasl_auth_enable = no ## - smtpd_tls_auth_only = yes -## - The SASL plug-in type that the Postfix SMTP server should use for authentication. -## - The available types are listed with the "postconf -a" command. +## - The SASL plug-in type that the Postfix SMTP server should use for authentication. +## - The available types are listed with the "postconf -a" command. ## - ## - Available values are at least: cyrus, dovecot -## - +## - smtpd_sasl_type = dovecot ## - Implementation-specific information that the Postfix SMTP server passes -## - through to the SASL plug-in implementation that is selected with smtpd_sasl_type. +## - through to the SASL plug-in implementation that is selected with smtpd_sasl_type. ## - Typically this specifies the name of a configuration file or rendezvous point. ## - smtpd_sasl_path = private/dovecot-auth @@ -2163,17 +2143,17 @@ smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options # Report the SASL authenticated user name in the smtpd(8) Received message header. smtpd_sasl_authenticated_header = no -# Enable interoperability with remote SMTP clients that implement an obsolete version -# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook +# Enable interoperability with remote SMTP clients that implement an obsolete version +# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook # Express version 4 and MicroSoft Exchange version 5.0. # -# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support +# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support # in a non-standard way. # broken_sasl_auth_clients = yes -## - Optional lookup table with the SASL login names that own +## - Optional lookup table with the SASL login names that own ## - sender (MAIL FROM) addresses. smtpd_sender_login_maps = @@ -2210,10 +2190,10 @@ virtual_mailbox_maps = virtual_mailbox_domains = -## - Optional lookup tables that alias specific mail addresses or domains -## - to other local or remote address. The table format and lookups are -## - documented in virtual(5). For an overview of Postfix address -## - manipulations see the ADDRESS_REWRITING_README document. +## - Optional lookup tables that alias specific mail addresses or domains +## - to other local or remote address. The table format and lookups are +## - documented in virtual(5). For an overview of Postfix address +## - manipulations see the ADDRESS_REWRITING_README document. ## - virtual_alias_maps = btree:/etc/postfix/virtual_alias_maps @@ -2229,11 +2209,11 @@ cat <> /etc/postfix/main.cf ## - mailman #hash:/var/lib/mailman/data/virtual-mailman -## - Postfix is final destination for the specified list of virtual alias -## - domains, that is, domains for which all addresses are aliased to addresses -## - in other local or remote domains. The SMTP server validates recipient -## - addresses with \$virtual_alias_maps and rejects non-existent recipients. -## - See also the virtual alias domain class in the ADDRESS_CLASS_README file +## - Postfix is final destination for the specified list of virtual alias +## - domains, that is, domains for which all addresses are aliased to addresses +## - in other local or remote domains. The SMTP server validates recipient +## - addresses with \$virtual_alias_maps and rejects non-existent recipients. +## - See also the virtual alias domain class in the ADDRESS_CLASS_README file ## - virtual_alias_domains = btree:/etc/postfix/virtual_alias_domains @@ -2420,7 +2400,7 @@ virtual_alias_domains = # - smtpd_end_of_data_restrictions # - # - Note: -# - all smtpd restrictions are evaluated until one of them +# - all smtpd restrictions are evaluated until one of them # - results in 'REJECT' ## --- @@ -2441,13 +2421,13 @@ fi cat <> /etc/postfix/main.cf # The time limit for delivery to 'postfwd' -# +# # Note -# This Parameter is used only if you've defined a 127.0.0.1:10040 spawn service -# in master.cf to have postfix control starting/stopping of the service. +# This Parameter is used only if you've defined a 127.0.0.1:10040 spawn service +# in master.cf to have postfix control starting/stopping of the service. # # If the service is started externally, such as by an init script, I -# don't believe it's used or needed. +# don't believe it's used or needed. # # The time limit for all external commands is controlled by command_time_limit # @@ -2468,16 +2448,16 @@ cat <> /etc/postfix/main.cf # smtpd_delay_reject (default: yes) -# -# Wait until the RCPT TO command before evaluating \$smtpd_client_restrictions, -# \$smtpd_helo_restrictions and \$smtpd_sender_restrictions, or wait until the +# +# Wait until the RCPT TO command before evaluating \$smtpd_client_restrictions, +# \$smtpd_helo_restrictions and \$smtpd_sender_restrictions, or wait until the # ETRN command before evaluating \$smtpd_client_restrictions and \$smtpd_helo_restrictions. # -# This feature is turned on by default because some clients apparently mis-behave +# This feature is turned on by default because some clients apparently mis-behave # when the Postfix SMTP server rejects commands before RCPT TO. # -# The default setting has one major benefit: it allows Postfix to log recipient address -# information when rejecting a client name/address or sender address, so that it is +# The default setting has one major benefit: it allows Postfix to log recipient address +# information when rejecting a client name/address or sender address, so that it is # possible to find out whose mail is being rejected. smtpd_delay_reject = yes @@ -2502,18 +2482,18 @@ smtpd_client_restrictions = # permit_dnswl_client dnswl.oopen.de, # Blacklists - # + # # - rhs stands for right hand side, i.e, the domain name. # # - reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted. # - # - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is - # blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is + # - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is + # blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is # blacklisted, reject the email. # # - reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted. # - # - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted, + # - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted, # reject the email. # reject_rhsbl_helo dbl.spamhaus.org, @@ -2523,7 +2503,7 @@ smtpd_client_restrictions = reject_rbl_client ix.dnsbl.manitu.net, # Greylisting check # - # check_policy_service inet:127.0.0.1:10023, + # check_policy_service inet:127.0.0.1:10023, # # # Using defined restriction class (see smtpd_restriction_classes): @@ -2537,14 +2517,14 @@ smtpd_client_restrictions = #warn_if_reject, check_client_access pcre:/etc/postfix/greylist_client_access_pcre, #reject_rbl_client bl.spamcop.net, - # Reject the request when + # Reject the request when # 1) the client IP address->name mapping fails # 2) the name->address mapping fails - # 3) the name->address mapping does not match the client IP address. + # 3) the name->address mapping does not match the client IP address. # # Note: - # This is a stronger restriction than the reject_unknown_reverse_client_hostname - # feature, which triggers only under condition 1) above. + # This is a stronger restriction than the reject_unknown_reverse_client_hostname + # feature, which triggers only under condition 1) above. # #reject_unknown_client @@ -2560,16 +2540,16 @@ smtpd_helo_restrictions = # Whitelist clients # check_client_access btree:/etc/postfix/client_whitelist - # Reject the request when the HELO or EHLO hostname is malformed. + # Reject the request when the HELO or EHLO hostname is malformed. # # Note # specify "smtpd_helo_required = yes" to fully enforce this restriction - # (without "smtpd_helo_required = yes", a client can simply skip - # reject_invalid_helo_hostname by not sending HELO or EHLO). + # (without "smtpd_helo_required = yes", a client can simply skip + # reject_invalid_helo_hostname by not sending HELO or EHLO). # reject_invalid_helo_hostname, - # Reject the request when the HELO or EHLO hostname is not in fully-qualified - # domain or address literal form, as required by the RFC. + # Reject the request when the HELO or EHLO hostname is not in fully-qualified + # domain or address literal form, as required by the RFC. # reject_non_fqdn_helo_hostname # Don't talk to mail systems that don't know their own hostname. @@ -2609,26 +2589,26 @@ smtpd_recipient_restrictions = reject_non_fqdn_recipient, # don't accept misconfigured recipients reject_unknown_recipient_domain, -# Reject the request when the RCPT TO address is not listed in the list of valid -# recipients for its domain class. See the smtpd_reject_unlisted_recipient -# parameter description for details. +# Reject the request when the RCPT TO address is not listed in the list of valid +# recipients for its domain class. See the smtpd_reject_unlisted_recipient +# parameter description for details. # # smtpd_reject_unlisted_recipient (default: yes) # -# Request that the Postfix SMTP server rejects mail for unknown recipient addresses, -# even when no explicit reject_unlisted_recipient access restriction is specified. -# This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. +# Request that the Postfix SMTP server rejects mail for unknown recipient addresses, +# even when no explicit reject_unlisted_recipient access restriction is specified. +# This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. # -# An address is always considered "known" when it matches a virtual(5) alias or -# a canonical(5) mapping. -# - The recipient domain matches \$mydestination, \$inet_interfaces or \$proxy_interfaces, -# but the recipient is not listed in \$local_recipient_maps, and \$local_recipient_maps +# An address is always considered "known" when it matches a virtual(5) alias or +# a canonical(5) mapping. +# - The recipient domain matches \$mydestination, \$inet_interfaces or \$proxy_interfaces, +# but the recipient is not listed in \$local_recipient_maps, and \$local_recipient_maps # is not null. -# - The recipient domain matches \$virtual_alias_domains but the recipient is not listed +# - The recipient domain matches \$virtual_alias_domains but the recipient is not listed # in \$virtual_alias_maps. -# - The recipient domain matches \$virtual_mailbox_domains but the recipient is not -# listed in \$virtual_mailbox_maps, and \$virtual_mailbox_maps is not null. -# - The recipient domain matches \$relay_domains but the recipient is not listed in +# - The recipient domain matches \$virtual_mailbox_domains but the recipient is not +# listed in \$virtual_mailbox_maps, and \$virtual_mailbox_maps is not null. +# - The recipient domain matches \$relay_domains but the recipient is not listed in # \$relay_recipient_maps, and \$relay_recipient_maps is not null. # reject_unlisted_recipient, @@ -2636,12 +2616,12 @@ smtpd_recipient_restrictions = # # Reject the request unless one of the following is true: # -# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains +# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains # or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain), # # -# - Postfix is the final destination: the resolved RCPT TO domain matches -# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, +# - Postfix is the final destination: the resolved RCPT TO domain matches +# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, # or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain). # # Note: @@ -2649,8 +2629,8 @@ smtpd_recipient_restrictions = # relay policy is specified under smtpd_relay_restrictions # (available with Postfix 2.10 and later). #reject_unauth_destination, -# Reject the request when mail to the RCPT TO address is known to bounce, or when the -# recipient address destination is not reachable. Address verification information is +# Reject the request when mail to the RCPT TO address is known to bounce, or when the +# recipient address destination is not reachable. Address verification information is # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html # for more details reject_unverified_recipient, @@ -2666,8 +2646,8 @@ smtpd_recipient_restrictions = ## - smtpd Relay Restrictions (since version 2.11) ## --- -# Access restrictions for mail relay control applied in the context of -# the RCPT TO command, before smtpd_recipient_restrictions. +# Access restrictions for mail relay control applied in the context of +# the RCPT TO command, before smtpd_recipient_restrictions. # smtpd_relay_restrictions = # only special accounts (postmaster, abuse and other rolr accounts) @@ -2686,15 +2666,15 @@ smtpd_relay_restrictions = reject_unknown_recipient_domain, # Reject the request unless one of the following is true: # -# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains +# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains # or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain), # -# - Postfix is the final destination: the resolved RCPT TO domain matches -# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, +# - Postfix is the final destination: the resolved RCPT TO domain matches +# \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, # or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain). reject_unauth_destination, -# Reject the request when mail to the RCPT TO address is known to bounce, or when the -# recipient address destination is not reachable. Address verification information is +# Reject the request when mail to the RCPT TO address is known to bounce, or when the +# recipient address destination is not reachable. Address verification information is # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html # for more details reject_unverified_recipient, @@ -2740,7 +2720,7 @@ milter_protocol = 6 # If you want sign mails before sending through AmaVIS, set # 'smtpd_milters = local:/opendkim/opendkim.sock' here and add to # localhost:10025 section in master.cf: 'smtpd_milters=' -# +# #smtpd_milters = local:/opendkim/opendkim.sock smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map smtpd_milters = @@ -2805,7 +2785,7 @@ else fi -## - create directory for certificates and copy certificates +## - create directory for certificates and copy certificates ## - and coresponding keys to /etc/postfix/ssl/ ## - echononl " Create directory for certificates \"/etc/postfix/ssl\"" @@ -2821,7 +2801,7 @@ else fi -## - generate DH parameters that the Postfix SMTP server should use +## - generate DH parameters that the Postfix SMTP server should use ## - with EDH ciphers (length 512 and 1024 ## - echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" @@ -2978,8 +2958,8 @@ if [[ ! -f /etc/postfix/access_sender ]]; then # # Restricts sender addresses this system accepts in MAIL FROM commands. # -# Define the whitelist or blacklist with and OK or REJECT, -# followed by an optional answer text. +# Define the whitelist or blacklist with and OK or REJECT, +# followed by an optional answer text. # # # Note: @@ -3187,8 +3167,8 @@ if [[ ! -f /etc/postfix/greylist_client_access_pcre ]]; then # # - Note: # - -# - Action 'check_greylist' must be defined by 'smtpd_restriction_classes' -# - and also set with an action (check_policy_service inet:127.0.0.1:10023) +# - Action 'check_greylist' must be defined by 'smtpd_restriction_classes' +# - and also set with an action (check_policy_service inet:127.0.0.1:10023) # - in file /etc/postfix/ main.cf. # - # - Your main.cf may looks like: @@ -3450,7 +3430,7 @@ if ! $IS_RELAY_HOST ; then else echo_failed fi - + ## - Change permissions for dir '/var/vmail' ## - @@ -3597,7 +3577,7 @@ EOF fi # - [[:blank:]] means space and tab. This makes it similar to: [ \t] - # - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed, + # - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed, # - and vertical tab. This makes it similar to: [ \t\n\r\f\v] # - #if [[ $_line =~ ^[[:space:]]+[^[:space:]]+ ]] && $_smtp_found ; then