etc: all the interesting config files for the server HEADmain

2 files changed, 174 insertions, 0 deletions

diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf
new file mode 100644
index 0000000..9348678
--- /dev/null
+++ b/etc/postfix/main.cf
@@ -0,0 +1,125 @@
+# Global Postfix configuration file.
+
+compatibility_level = 3.6
+queue_directory = /var/spool/postfix
+command_directory = /usr/local/sbin
+daemon_directory = /usr/local/libexec/postfix
+data_directory = /var/postfix
+
+mail_owner = _postfix
+inet_protocols = all
+
+unknown_local_recipient_reject_code = 450
+
+mynetworks = 127.0.0.0/8, 104.225.1.6/32, rockgeeks.net
+
+debug_peer_level = 2
+debug_peer_list = 127.0.0.1
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+sendmail_path = /usr/local/sbin/sendmail
+newaliases_path = /usr/local/sbin/newaliases
+mailq_path = /usr/local/sbin/mailq
+
+setgid_group = _postdrop
+
+html_directory = /usr/local/share/doc/postfix/html
+manpage_directory = /usr/local/man
+sample_directory = /etc/postfix
+readme_directory = /usr/local/share/doc/postfix/readme
+meta_directory = /etc/postfix
+shlib_directory = no
+
+smtpd_use_tls = yes
+smtpd_tls_auth_only = yes
+smtp_tls_cert_file = /etc/ssl/rockgeeks.net.fullchain.pem
+smtp_tls_key_file = /etc/ssl/private/rockgeeks.net.key
+smtpd_tls_cert_file = /etc/ssl/rockgeeks.net.fullchain.pem
+smtpd_tls_key_file = /etc/ssl/private/rockgeeks.net.key
+
+smtp_tls_security_level = may
+smtpd_tls_security_level = may
+smtpd_tls_received_header = yes
+
+smtp_tls_session_cache_database = btree:/var/postfix/smtpd_tls_session_cache
+tls_random_source = dev:/dev/urandom
+
+virtual_alias_domains =
+virtual_alias_maps = 
+        proxy:mysql:/etc/postfix/sql/forwardings.cf
+        proxy:mysql:/etc/postfix/sql/email2email.cf
+
+virtual_mailbox_domains =   proxy:mysql:/etc/postfix/sql/domains.cf
+virtual_mailbox_maps =      proxy:mysql:/etc/postfix/sql/mailboxes.cf
+virtual_uid_maps =          proxy:mysql:/etc/postfix/sql/user.cf
+virtual_gid_maps =          proxy:mysql:/etc/postfix/sql/group.cf
+virtual_minimum_uid = 1000
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+
+dovecot_destination_recipient_limit = 1
+spamassassin_destination_recipient_limit = 1
+transport_maps = proxy:mysql:/etc/postfix/sql/routing.cf
+relay_domains = proxy:mysql:/etc/postfix/sql/routing.cf
+recipient_delimiter = +
+
+proxy_read_maps =
+    proxy:mysql:/etc/postfix/sql/routing.cf
+    proxy:mysql:/etc/postfix/sql/domains.cf
+    proxy:mysql:/etc/postfix/sql/mailboxes.cf
+    proxy:mysql:/etc/postfix/sql/user.cf
+    proxy:mysql:/etc/postfix/sql/group.cf
+    proxy:mysql:/etc/postfix/sql/forwardings.cf
+    proxy:mysql:/etc/postfix/sql/email2email.cf
+    proxy:unix:passwd.byname
+    unix:passwd.byname
+
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain =
+
+smtpd_delay_reject = yes
+smtpd_helo_required = yes
+smtpd_recipient_restrictions =
+  permit_mynetworks
+  permit_sasl_authenticated
+  permit_auth_destination
+  reject_unauth_destination
+  reject_unknown_recipient_domain
+  reject_non_fqdn_recipient
+
+smtpd_relay_restrictions =
+  permit_mynetworks
+  permit_sasl_authenticated
+  permit_auth_destination
+  reject_unauth_destination
+  reject_non_fqdn_recipient
+  reject_unknown_recipient_domain
+
+smtpd_client_restrictions =
+  permit_mynetworks
+  permit_sasl_authenticated
+  reject_unauth_destination
+  check_policy_service inet:127.0.0.1:2501
+  reject_rbl_client zen.spamhaus.org
+  reject_rbl_client bl.spamcop.net
+  reject_unknown_client_hostname
+
+smtpd_sender_restrictions =
+  reject_unknown_sender_domain
+  reject_non_fqdn_sender
+
+smtpd_data_restrictions = reject_unauth_pipelining
+
+message_size_limit = 27962027
+milter_default_action = tempfail
+milter_connect_macros = j {daemon_name} v _
+milter_header_checks = pcre:/etc/postfix/milter_header_checks
+header_checks = pcre:/etc/postfix/header_checks.pcre
+
+# Disabled -- clamd takes too much memory.  XXX 2021-03-14: revisit?
+#smtpd_milters =
+#  unix:/tmp/clamav-milter.sock
diff --git a/etc/postfix/master.cf b/etc/postfix/master.cf
new file mode 100644
index 0000000..652c8d8
--- /dev/null
+++ b/etc/postfix/master.cf
@@ -0,0 +1,49 @@
+# Postfix master process configuration file.
+
+#smtp      inet  n       -       y       -       -       smtpd -o content_filter=spamassassin
+smtp      inet  n       -       y       -       -       smtpd
+smtps     inet  n       -       y       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
+submission inet n       -       y       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
+
+#smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_milters=unix:/tmp/clamav-milter.sock
+#submission inet n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_milters=unix:/tmp/clamav-milter.sock
+
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       y       300     1       qmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       y       -       -       smtp
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+# Dovecot2 LDA
+dovecot   unix  -       n       n       -       -       pipe
+  flags=DRhu user=_dovecot:_dovecot argv=/usr/local/libexec/dovecot/dovecot-lda  -f ${sender} -d ${user}@${nexthop} -m ${extension}
+
+spamassassin
+          unix    -       n       n       -       -       pipe
+ flags=Rqhu user=_dovecot:_dovecot argv=/usr/local/bin/spamc -x -u ${user} -e /usr/local/libexec/dovecot/deliver -a ${recipient} -d ${user}@${domain} -f ${sender}
+