66 lines
3.8 KiB
CFEngine3
66 lines
3.8 KiB
CFEngine3
# ======================================================================================
|
|
# service type private unpriv chroot wakeup maxproc command + args
|
|
# ======================================================================================
|
|
|
|
# Inputs
|
|
10025 inet n - n - 1 postscreen
|
|
10465 inet n - n - 1 smtpd
|
|
-o smtpd_tls_wrappermode=yes
|
|
-o smtpd_sasl_auth_enable=yes
|
|
-o smtpd_sasl_authenticated_header=yes
|
|
-o smtpd_sasl_local_domain=$mydomain
|
|
-o smtpd_sasl_type=dovecot
|
|
-o smtpd_sasl_path=unix:/socket/sasl
|
|
-o smtpd_sasl_security_options=noanonymous,noplaintext
|
|
-o smtpd_sasl_tls_security_options=noanonymous
|
|
-o smtpd_sender_login_maps=ldap:/config/ldap_senders.cf
|
|
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
-o smtpd_helo_restrictions=
|
|
-o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_authenticated_sender_login_mismatch,reject_unauthenticated_sender_login_mismatch
|
|
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
|
|
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient
|
|
-o smtpd_data_restrictions=
|
|
-o smtpd_tls_auth_only=yes
|
|
-o cleanup_service_name=scleanup
|
|
smtpd pass - - n - - smtpd
|
|
|
|
# Processing
|
|
qmgr unix n - n 300 1 qmgr
|
|
bounce unix - - n - 0 bounce
|
|
defer unix - - n - 0 bounce
|
|
verify unix - - n - 1 verify
|
|
pickup unix n - n 60 1 pickup
|
|
-o receive_override_options=no_header_body_checks
|
|
# Inbound SPF checks
|
|
spf unix - n n - 0 spawn
|
|
user=policyd-spf argv=/usr/bin/policyd-spf
|
|
|
|
# Outputs
|
|
error unix - - n - - error
|
|
retry unix - - n - - error
|
|
discard unix - - n - - discard
|
|
relay unix - - n - - smtp
|
|
rewrite unix - - n - - trivial-rewrite
|
|
local unix - n n - - local
|
|
lmtp unix - - n - - lmtp
|
|
smtp unix - - n - - smtp
|
|
scache unix - - n - 1 scache
|
|
|
|
# Logging
|
|
postlog unix-dgram n - n - 1 postlogd
|
|
anvil unix - - n - 1 anvil
|
|
|
|
# Helpers
|
|
dnsblog unix - - n - 0 dnsblog
|
|
tlsproxy unix - - n - 0 tlsproxy
|
|
trace unix - - n - 0 bounce
|
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
|
showq unix n - n - - showq
|
|
cleanup unix n - n - 0 cleanup
|
|
scleanup unix n - - - 0 cleanup
|
|
-o header_checks=pcre:/config/sender_header_checks.pcre
|
|
|
|
# Other
|
|
flush unix n - n 1000? 0 flush
|
|
proxymap unix - - n - - proxymap
|
|
proxywrite unix - - n - 1 proxymap |