aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md27
-rw-r--r--dovecot/dovecot.conf40
-rw-r--r--gnu-mailutils/.mailrc2
-rw-r--r--gnu-mailutils/mailutils.conf4
-rw-r--r--postfix/aliases12
-rw-r--r--postfix/main.cf48
-rw-r--r--postfix/master.cf114
7 files changed, 247 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1a59c8d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,27 @@
+# mail-conf
+ARFNET mail server configuration
+
+Postfix SMTP MTA and smtpd.
+With smtpd at ports 25, SMTPS submission at 465 and STARTTLS submission at 587.
+Accepts all connections, relays mail from authenticated users, rejects unauthenticated relaying.
+
+Dovecot IMAP daemon
+IMAP at 145 and IMAPS at 993
+
+Domain: `arf20.com` (MX mail.arf20.com) (PTR, TLSA, SPF, DKIM and DMARC configured)
+FQDN: `mail.arf20.com`
+hostname: `mail`
+mailname: `arf20.com`
+
+```
+postfix
+|- master.cf daemon instance specific, { smtpd, submission, submissions }
+|- main.cf program specific, { smtp, smtpd }
+|- aliases address aliases
+dovecot
+|- dovecot.conf dovecot config
+gnu-mailutils
+|- mailutils.conf GNU mailutils config
+|- .mailrc user specific mail options
+```
+
diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
new file mode 100644
index 0000000..1266741
--- /dev/null
+++ b/dovecot/dovecot.conf
@@ -0,0 +1,40 @@
+disable_plaintext_auth = no
+mail_privileged_group = mail
+mail_location = mbox:~/mail:INBOX=/var/mail/%n
+userdb {
+ driver = passwd
+}
+passdb {
+ args = dovecot
+ driver = pam
+ #driver = passwd-file
+ #args = scheme=plain username_format=%n /etc/dovecot/passwd
+}
+protocols = " imap"
+
+namespace inbox {
+ inbox = yes
+
+ mailbox Trash {
+ auto = subscribe # autocreate and autosubscribe the Trash mailbox
+ special_use = \Trash
+ }
+ mailbox Sent {
+ auto = subscribe # autocreate and autosubscribe the Sent mailbox
+ special_use = \Sent
+ }
+}
+
+
+service auth {
+ unix_listener /var/spool/postfix/private/auth {
+ group = postfix
+ mode = 0660
+ user = postfix
+ }
+}
+
+ssl=required
+ssl_cert = </etc/letsencrypt/live/mail.arf20.com/fullchain.pem
+ssl_key = </etc/letsencrypt/live/mail.arf20.com/privkey.pem
+
diff --git a/gnu-mailutils/.mailrc b/gnu-mailutils/.mailrc
new file mode 100644
index 0000000..1643b1f
--- /dev/null
+++ b/gnu-mailutils/.mailrc
@@ -0,0 +1,2 @@
+set hold = true
+set address = "Angel <arf20@arf20.com>"
diff --git a/gnu-mailutils/mailutils.conf b/gnu-mailutils/mailutils.conf
new file mode 100644
index 0000000..6d838cf
--- /dev/null
+++ b/gnu-mailutils/mailutils.conf
@@ -0,0 +1,4 @@
+address {
+ email-domain arf20.com;
+};
+
diff --git a/postfix/aliases b/postfix/aliases
new file mode 100644
index 0000000..cfde663
--- /dev/null
+++ b/postfix/aliases
@@ -0,0 +1,12 @@
+# See man 5 aliases for format
+mailer-daemon: postmaster
+nobody: postmaster
+hostmaster: postmaster
+usenet: postmaster
+news: postmaster
+webmaster: postmaster
+www: postmaster
+ftp: postmaster
+abuse: postmaster
+
+postmaster: arf20
diff --git a/postfix/main.cf b/postfix/main.cf
new file mode 100644
index 0000000..3bb538f
--- /dev/null
+++ b/postfix/main.cf
@@ -0,0 +1,48 @@
+maillog_file = /var/log/mail.log
+
+# core options
+myhostname = mail.arf20.com
+myorigin = /etc/mailname
+mydestination = mail.arf20.com, arf20.com, localhost, localhost.localdomain
+#relayhost = # do relay (auth)
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+# common smtpd (incoming) options
+# tls options
+smtpd_tls_cert_file=/etc/letsencrypt/live/mail.arf20.com/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mail.arf20.com/privkey.pem
+smtpd_use_tls=yes
+smtpd_tls_security_level=may
+smtpd_tls_protocols = !SSLv2, !SSLv3
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtpd_relay_before_recipient_restrictions=no
+# restriction options
+# no client restrictions, allow all hosts to connect (for incoming mail)
+# allow incoming messages from unauthenticated servers
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+# allow relaying mail only from ARFNET users
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+# only allow messages to be sent from arf20.com domain
+smtpd_sender_restrictions = reject_unknown_sender_domain
+# auth options
+smtpd_sasl_auth_enable=yes
+smtpd_sasl_type=dovecot
+smtpd_sasl_path=private/auth
+
+# common smtp (outgoing) options
+# tls options
+smtp_tls_cert_file=/etc/letsencrypt/live/mail.arf20.com/fullchain.pem
+smtp_tls_key_file=/etc/letsencrypt/live/mail.arf20.com/privkey.pem
+smtp_use_tls = yes
+smtp_tls_security_level=may
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+
diff --git a/postfix/master.cf b/postfix/master.cf
new file mode 100644
index 0000000..fbf19c7
--- /dev/null
+++ b/postfix/master.cf
@@ -0,0 +1,114 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (no) (never) (100)
+# ==========================================================================
+smtp inet n - y - - smtpd
+#smtp inet n - y - 1 postscreen
+#smtpd pass - - y - - smtpd
+#dnsblog unix - - y - 0 dnsblog
+#tlsproxy unix - - y - 0 tlsproxy
+# Choose one: enable submission for loopback clients only, or for any client.
+#127.0.0.1:submission inet n - y - - smtpd
+# == removed a bunch of stuff
+submission inet n - y - - smtpd
+ -o syslog_name=postfix/submission
+ -o smtpd_tls_wrappermode=no
+# Choose one: enable submissions for loopback clients only, or for any client.
+#127.0.0.1:submissions inet n - y - - smtpd
+submissions inet n - y - - smtpd
+ -o syslog_name=postfix/submissions
+ -o smtpd_tls_wrappermode=yes
+#628 inet n - y - - qmqpd
+pickup unix n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - y 1000? 1 tlsmgr
+rewrite unix - - y - - trivial-rewrite
+bounce unix - - y - 0 bounce
+defer unix - - y - 0 bounce
+trace unix - - y - 0 bounce
+verify unix - - y - 1 verify
+flush unix n - y 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - y - - smtp
+relay unix - - y - - smtp
+ -o syslog_name=postfix/$service_name
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - y - - showq
+error unix - - y - - error
+retry unix - - y - - error
+discard unix - - y - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - y - - lmtp
+anvil unix - - y - 1 anvil
+scache unix - - y - 1 scache
+postlog unix-dgram n - n - 1 postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+# mailbox_transport = lmtp:inet:localhost
+# virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus unix - n n - - pipe
+# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix - n n - - pipe
+# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
+