220 lines
6.0 KiB
Plaintext
220 lines
6.0 KiB
Plaintext
# ============ Basic settings ============
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
myorigin = /etc/mailname
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = /usr/share/doc/postfix
|
|
html_directory = /usr/share/doc/postfix/html
|
|
|
|
## - The Internet protocols Postfix will attempt to use when making
|
|
## - or accepting connections.
|
|
## - DEFAULT: ipv4
|
|
inet_protocols = ipv4
|
|
|
|
#inet_interfaces = all
|
|
inet_interfaces =
|
|
127.0.0.1
|
|
#192.168.62.254
|
|
|
|
myhostname = gw-opp.opp.netz
|
|
|
|
mydestination =
|
|
gw-opp.opp.netz
|
|
localhost
|
|
|
|
## - The list of "trusted" SMTP clients that have more
|
|
## - privileges than "strangers"
|
|
## -
|
|
mynetworks =
|
|
127.0.0.0/8
|
|
#192.168.62.254/32
|
|
|
|
#smtp_bind_address = 192.168.62.254
|
|
#smtp_bind_address6 =
|
|
|
|
|
|
## - The maximal size of any local(8) individual mailbox or maildir file,
|
|
## - or zero (no limit). In fact, this limits the size of any file that is
|
|
## - written to upon local delivery, including files written by external
|
|
## - commands that are executed by the local(8) delivery agent.
|
|
## -
|
|
mailbox_size_limit = 0
|
|
|
|
## - The maximal size in bytes of a message, including envelope information.
|
|
## -
|
|
## - we user 50MB
|
|
## -
|
|
message_size_limit = 52480000
|
|
|
|
## - The system-wide recipient address extension delimiter
|
|
## -
|
|
recipient_delimiter = +
|
|
|
|
## - The alias databases that are used for local(8) delivery.
|
|
## -
|
|
alias_maps =
|
|
hash:/etc/aliases
|
|
|
|
## - The alias databases for local(8) delivery that are updated
|
|
## - with "newaliases" or with "sendmail -bi".
|
|
## -
|
|
alias_database =
|
|
hash:/etc/aliases
|
|
|
|
|
|
# ============ Relay parameters ============
|
|
|
|
#relayhost =
|
|
|
|
|
|
# ============ SASL authentication ============
|
|
|
|
# Enable SASL authentication
|
|
smtp_sasl_auth_enable = yes
|
|
|
|
# Forwarding to the ip-adress of host b.mx.oopen.de
|
|
relayhost = [b.mx.oopen.de]
|
|
|
|
# File including login data
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
|
|
|
# Disallow methods that allow anonymous authentication.
|
|
smtp_sasl_security_options = noanonymous
|
|
|
|
|
|
|
|
# ============ TLS parameters ============
|
|
|
|
## - Aktiviert TLS für den Mailempfang
|
|
## -
|
|
## - may:
|
|
## - Opportunistic TLS. Use TLS if this is supported by the remote
|
|
## - SMTP server, otherwise use plaintext
|
|
## -
|
|
## - This overrides the obsolete parameters smtpd_use_tls and
|
|
## - smtpd_enforce_tls. This parameter is ignored with
|
|
## - "smtpd_tls_wrappermode = yes".
|
|
#smtpd_use_tls=yes
|
|
smtp_tls_security_level = encrypt
|
|
|
|
## - Aktiviert TLS für den Mailversand
|
|
## -
|
|
## - may:
|
|
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
|
|
## - but do not require that clients use TLS encryption.
|
|
# smtp_use_tls=yes
|
|
smtpd_tls_security_level=may
|
|
|
|
## - 0 Disable logging of TLS activity.
|
|
## - 1 Log TLS handshake and certificate information.
|
|
## - 2 Log levels during TLS negotiation.
|
|
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
|
|
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
|
|
## -
|
|
smtpd_tls_loglevel = 1
|
|
smtp_tls_loglevel = 1
|
|
|
|
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
|
|
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
|
|
|
|
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
|
## -
|
|
## - Dont't forget to create it, e.g with openssl:
|
|
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
|
|
## -
|
|
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
|
|
## - also possible to use 2048 key with that parameter
|
|
## -
|
|
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
|
|
|
|
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
|
|
## -
|
|
## - Dont't forget to create it, e.g with openssl:
|
|
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
|
|
## -
|
|
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
|
|
|
|
|
|
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
|
|
## - server certificates or intermediate CA certificates. These are loaded into
|
|
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
|
|
## -
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
|
|
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
|
|
## - necessary "hash" links with, for example, "
|
|
## - /bin/c_rehash /etc/postfix/certs".
|
|
## -
|
|
## - !! Note !!
|
|
## - To use this option in chroot mode, this directory (or a copy) must be inside
|
|
## - the chroot jail.
|
|
## -
|
|
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
|
|
## - queue directory (/var/spool/postfix)
|
|
## -
|
|
#smtpd_tls_CApath = /etc/postfix/certs
|
|
|
|
|
|
# Disable SSLv2 SSLv3 - Postfix SMTP server
|
|
#
|
|
# List of TLS protocols that the Postfix SMTP server will exclude or
|
|
# include with opportunistic TLS encryption.
|
|
smtpd_tls_protocols = !SSLv2, !SSLv3
|
|
#
|
|
# The SSL/TLS protocols accepted by the Postfix SMTP server
|
|
# with mandatory TLS encryption.
|
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
|
|
# Disable SSLv2 SSLv3 - Postfix SMTP client
|
|
#
|
|
# List of TLS protocols that the Postfix SMTP client will exclude or
|
|
# include with opportunistic TLS encryption.
|
|
smtp_tls_protocols = !SSLv2, !SSLv3
|
|
#
|
|
# List of SSL/TLS protocols that the Postfix SMTP client will use
|
|
# with mandatory TLS encryption
|
|
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
|
|
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
|
|
## - openssl > 1.0
|
|
## -
|
|
smtpd_tls_eecdh_grade = strong
|
|
|
|
# standard list cryptographic algorithm
|
|
tls_preempt_cipherlist = yes
|
|
|
|
# Disable ciphers which are less than 256-bit:
|
|
#
|
|
#smtpd_tls_mandatory_ciphers = high
|
|
#
|
|
# opportunistic
|
|
smtpd_tls_ciphers = high
|
|
|
|
|
|
# Exclude ciphers
|
|
smtpd_tls_exclude_ciphers =
|
|
RC4
|
|
aNULL
|
|
SEED-SHA
|
|
EXP
|
|
MD5
|
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|