aboutsummaryrefslogtreecommitdiff
path: root/consul/configuration/email/postfix
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2020-09-12 10:03:48 +0200
committerQuentin <quentin@deuxfleurs.fr>2020-09-12 10:03:48 +0200
commitc4a6cf1534b864d3941c839d4a4dca7e505bd828 (patch)
tree3e866768cf39ae947def5b205f74fddfb435725d /consul/configuration/email/postfix
parent0550647b9348d1e36431400e0832b4340564c658 (diff)
downloadinfrastructure-c4a6cf1534b864d3941c839d4a4dca7e505bd828.tar.gz
infrastructure-c4a6cf1534b864d3941c839d4a4dca7e505bd828.zip
Rebase first step
Diffstat (limited to 'consul/configuration/email/postfix')
-rwxr-xr-xconsul/configuration/email/postfix/certs.gen13
-rw-r--r--consul/configuration/email/postfix/dynamicmaps.cf9
-rw-r--r--consul/configuration/email/postfix/header_checks3
-rw-r--r--consul/configuration/email/postfix/ldap-account.cf.tpl12
-rw-r--r--consul/configuration/email/postfix/ldap-alias.cf.tpl9
-rw-r--r--consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl12
-rw-r--r--consul/configuration/email/postfix/main.cf104
-rw-r--r--consul/configuration/email/postfix/master.cf114
-rw-r--r--consul/configuration/email/postfix/transport5
-rw-r--r--consul/configuration/email/postfix/transport.dbbin12288 -> 0 bytes
10 files changed, 0 insertions, 281 deletions
diff --git a/consul/configuration/email/postfix/certs.gen b/consul/configuration/email/postfix/certs.gen
deleted file mode 100755
index f25439b..0000000
--- a/consul/configuration/email/postfix/certs.gen
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
-openssl req \
- -new \
- -newkey rsa:4096 \
- -days 3650 \
- -nodes \
- -x509 \
- -subj ${TLSINFO} \
- -keyout postfix.key \
- -out postfix.crt
-
diff --git a/consul/configuration/email/postfix/dynamicmaps.cf b/consul/configuration/email/postfix/dynamicmaps.cf
deleted file mode 100644
index 32d8f62..0000000
--- a/consul/configuration/email/postfix/dynamicmaps.cf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Postfix dynamic maps configuration file.
-#
-# The first match found is the one that is used. Wildcards are not supported
-# as of postfix 2.0.2
-#
-#type location of .so file open function (mkmap func)
-#==== ================================ ============= ============
-ldap postfix-ldap.so dict_ldap_open
-sqlite postfix-sqlite.so dict_sqlite_open
diff --git a/consul/configuration/email/postfix/header_checks b/consul/configuration/email/postfix/header_checks
deleted file mode 100644
index cad52ec..0000000
--- a/consul/configuration/email/postfix/header_checks
+++ /dev/null
@@ -1,3 +0,0 @@
-/^Received:/ IGNORE
-/^X-Originating-IP:/ IGNORE
-/^X-Mailer:/ IGNORE
diff --git a/consul/configuration/email/postfix/ldap-account.cf.tpl b/consul/configuration/email/postfix/ldap-account.cf.tpl
deleted file mode 100644
index 2575f10..0000000
--- a/consul/configuration/email/postfix/ldap-account.cf.tpl
+++ /dev/null
@@ -1,12 +0,0 @@
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
-timeout = 20
-start_tls = no
-tls_require_cert = no
-server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr
-scope = sub
-search_base = ou=users,dc=deuxfleurs,dc=fr
-query_filter = mail=%s
-result_attribute = mail
diff --git a/consul/configuration/email/postfix/ldap-alias.cf.tpl b/consul/configuration/email/postfix/ldap-alias.cf.tpl
deleted file mode 100644
index 775c0ad..0000000
--- a/consul/configuration/email/postfix/ldap-alias.cf.tpl
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host = bottin2.service.2.cluster.deuxfleurs.fr
-server_port = 389
-search_base = dc=deuxfleurs,dc=fr
-query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr))
-result_attribute = mail
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
diff --git a/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl b/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl
deleted file mode 100644
index e013953..0000000
--- a/consul/configuration/email/postfix/ldap-virtual-domains.cf.tpl
+++ /dev/null
@@ -1,12 +0,0 @@
-bind = yes
-bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
-bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
-version = 3
-timeout = 20
-start_tls = no
-tls_require_cert = no
-server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr
-scope = sub
-search_base = ou=domains,ou=groups,dc=deuxfleurs,dc=fr
-query_filter = (&(objectclass=dNSDomain)(domain=%s))
-result_attribute = domain
diff --git a/consul/configuration/email/postfix/main.cf b/consul/configuration/email/postfix/main.cf
deleted file mode 100644
index 4204cb4..0000000
--- a/consul/configuration/email/postfix/main.cf
+++ /dev/null
@@ -1,104 +0,0 @@
-#===
-# Base configuration
-#===
-myhostname = smtp.deuxfleurs.fr
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = smtp.deuxfleurs.fr
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_protocols = all
-inet_interfaces = all
-message_size_limit = 204800000
-smtpd_banner = $myhostname
-biff = no
-append_dot_mydomain = no
-readme_directory = no
-compatibility_level = 2
-
-#===
-# TLS parameters
-#===
-smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt
-smtpd_tls_key_file=/etc/ssl/private/postfix.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
-smtp_tls_security_level = may
-
-#===
-# Remove privacy related content from emails
-#===
-mime_header_checks = regexp:/etc/postfix/header_checks
-header_checks = regexp:/etc/postfix/header_checks
-
-#===
-# Handle user authentication (handled by dovecot)
-#===
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_path = inet:dovecot-auth.service.2.cluster.deuxfleurs.fr:1337
-smtpd_sasl_type = dovecot
-
-#===
-# Restrictions / Checks
-#===
-# -- Inspired by: http://www.postfix.org/SMTPD_ACCESS_README.html#lists
-
-# Require a valid HELO
-smtpd_helo_required = yes
-# As we use the same postfix to send and receive,
-# we can't enforce a valid HELO hostname...
-#smtpd_helo_restrictions =
-# reject_unknown_helo_hostname
-
-# Require that sender email has a valid domain
-smtpd_sender_restrictions =
- reject_unknown_sender_domain
-
-# Delivering email policy
-# MyNetwork is required by sogo
-smtpd_recipient_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- reject_unauth_destination
- reject_rbl_client zen.spamhaus.org
- reject_rhsbl_reverse_client dbl.spamhaus.org
- reject_rhsbl_helo dbl.spamhaus.org
- reject_rhsbl_sender dbl.spamhaus.org
-
-# Sending email policy
-# MyNetwork is required by sogo
-smtpd_relay_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- reject_unauth_destination
-
-smtpd_data_restrictions = reject_unauth_pipelining
-
-smtpd_client_connection_rate_limit = 2
-
-#===
-# Rate limiting
-#===
-slow_destination_recipient_limit = 20
-slow_destination_concurrency_limit = 2
-
-#====
-# Transport configuration
-#====
-transport_maps = hash:/etc/postfix/transport
-virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf
-virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
-virtual_alias_maps = ldap:/etc/postfix/ldap-alias.cf
-virtual_transport = lmtp:dovecot-lmtp.service.2.cluster.deuxfleurs.fr:24
-
-#===
-# Mail filters
-#===
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999
-non_smtpd_milters = inet:opendkim.service.2.cluster.deuxfleurs.fr:8999
diff --git a/consul/configuration/email/postfix/master.cf b/consul/configuration/email/postfix/master.cf
deleted file mode 100644
index 53bc601..0000000
--- a/consul/configuration/email/postfix/master.cf
+++ /dev/null
@@ -1,114 +0,0 @@
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master").
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - n - - smtpd
-submission inet n - n - - smtpd
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
-smtps inet n - n - - smtpd
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
-slow unix - - n - 5 smtp
- -o syslog_name=postfix-slow
- -o smtp_destination_concurrency_limit=3
- -o slow_destination_rate_delay=1
-
-
-#628 inet n - - - - qmqpd
-pickup fifo n - n 60 1 pickup
-cleanup unix n - n - 0 cleanup
-qmgr fifo n - n 300 1 qmgr
-#qmgr fifo n - - 300 1 oqmgr
-tlsmgr unix - - n 1000? 1 tlsmgr
-rewrite unix - - n - - trivial-rewrite
-bounce unix - - n - 0 bounce
-defer unix - - n - 0 bounce
-trace unix - - n - 0 bounce
-verify unix - - n - 1 verify
-flush unix n - n 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-smtp unix - - n - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-relay unix - - n - - smtp
- -o smtp_fallback_relay=
-showq unix n - n - - showq
-error unix - - n - - error
-retry unix - - n - - error
-discard unix - - n - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - n - - lmtp
-anvil unix - - n - 1 anvil
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-scache unix - - n - 1 scache
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
diff --git a/consul/configuration/email/postfix/transport b/consul/configuration/email/postfix/transport
deleted file mode 100644
index 68f62c5..0000000
--- a/consul/configuration/email/postfix/transport
+++ /dev/null
@@ -1,5 +0,0 @@
-#wanadoo.com slow:
-#wanadoo.fr slow:
-#orange.com slow:
-#orange.fr slow:
-#smtp.orange.fr slow:
diff --git a/consul/configuration/email/postfix/transport.db b/consul/configuration/email/postfix/transport.db
deleted file mode 100644
index 487f394..0000000
--- a/consul/configuration/email/postfix/transport.db
+++ /dev/null
Binary files differ