diff --git a/conf/main.cf b/conf/main.cf index 7af8bde..495e346 100644 --- a/conf/main.cf +++ b/conf/main.cf @@ -132,6 +132,10 @@ mail_owner = postfix #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost +inet_interfaces = localhost + +# Enable IPv4, and IPv6 if supported +inet_protocols = all # The proxy_interfaces parameter specifies the network interface # addresses that this mail system receives mail on by way of a @@ -176,7 +180,7 @@ mail_owner = postfix # # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". # -#mydestination = $myhostname, localhost.$mydomain, localhost +mydestination = $myhostname, localhost.$mydomain, localhost #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain @@ -398,7 +402,7 @@ unknown_local_recipient_reject_code = 550 # "postfix reload" to eliminate the delay. # #alias_maps = dbm:/etc/aliases -#alias_maps = hash:/etc/aliases +alias_maps = hash:/etc/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases @@ -409,7 +413,7 @@ unknown_local_recipient_reject_code = 550 # #alias_database = dbm:/etc/aliases #alias_database = dbm:/etc/mail/aliases -#alias_database = hash:/etc/aliases +alias_database = hash:/etc/aliases #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases # ADDRESS EXTENSIONS (e.g., user+foo) @@ -479,7 +483,27 @@ unknown_local_recipient_reject_code = 550 # # Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp + +# If using the cyrus-imapd IMAP server deliver local mail to the IMAP +# server using LMTP (Local Mail Transport Protocol), this is prefered +# over the older cyrus deliver program by setting the +# mailbox_transport as below: +# +# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp +# +# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via +# these settings. +# +# local_destination_recipient_limit = 300 +# local_destination_concurrency_limit = 5 +# +# Of course you should adjust these settings as appropriate for the +# capacity of the hardware you are using. The recipient limit setting +# can be used to take advantage of the single instance message store +# capability of Cyrus. The concurrency limit can be used to control +# how many simultaneous LMTP sessions will be permitted to the Cyrus +# message store. # # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and # subsequent line in master.cf. @@ -499,8 +523,7 @@ unknown_local_recipient_reject_code = 550 # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#fallback_transport = lmtp:unix:/file/name -#fallback_transport = cyrus +#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp #fallback_transport = # The luser_relay parameter specifies an optional destination address @@ -673,4 +696,41 @@ sample_directory = # readme_directory: The location of the Postfix README files. # readme_directory = -inet_protocols = ipv4 + +# TLS CONFIGURATION +# +# Basic Postfix TLS configuration by default with self-signed certificate +# for inbound SMTP and also opportunistic TLS for outbound SMTP. + +# The full pathname of a file with the Postfix SMTP server RSA certificate +# in PEM format. Intermediate certificates should be included in general, +# the server certificate first, then the issuing CA(s) (bottom-up order). +# +smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem + +# The full pathname of a file with the Postfix SMTP server RSA private key +# in PEM format. The private key must be accessible without a pass-phrase, +# i.e. it must not be encrypted. +# +smtpd_tls_key_file = /etc/pki/tls/private/postfix.key + +# Announce STARTTLS support to remote SMTP clients, but do not require that +# clients use TLS encryption (opportunistic TLS inbound). +# +smtpd_tls_security_level = may + +# Directory with PEM format Certification Authority certificates that the +# Postfix SMTP client uses to verify a remote SMTP server certificate. +# +smtp_tls_CApath = /etc/pki/tls/certs + +# The full pathname of a file containing CA certificates of root CAs +# trusted to sign either remote SMTP server certificates or intermediate CA +# certificates. +# +smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + +# Use TLS if this is supported by the remote SMTP server, otherwise use +# plaintext (opportunistic TLS outbound). +# +smtp_tls_security_level = may diff --git a/conf/master.cf b/conf/master.cf index c0f2508..05c5d07 100644 --- a/conf/master.cf +++ b/conf/master.cf @@ -98,14 +98,14 @@ postlog unix-dgram n - n - 1 postlogd # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe -# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== #