diff options
-rw-r--r-- | README.md | 27 | ||||
-rw-r--r-- | dovecot/dovecot.conf | 40 | ||||
-rw-r--r-- | gnu-mailutils/.mailrc | 2 | ||||
-rw-r--r-- | gnu-mailutils/mailutils.conf | 4 | ||||
-rw-r--r-- | postfix/aliases | 12 | ||||
-rw-r--r-- | postfix/main.cf | 48 | ||||
-rw-r--r-- | postfix/master.cf | 114 |
7 files changed, 247 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..1a59c8d --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# mail-conf +ARFNET mail server configuration + +Postfix SMTP MTA and smtpd. +With smtpd at ports 25, SMTPS submission at 465 and STARTTLS submission at 587. +Accepts all connections, relays mail from authenticated users, rejects unauthenticated relaying. + +Dovecot IMAP daemon +IMAP at 145 and IMAPS at 993 + +Domain: `arf20.com` (MX mail.arf20.com) (PTR, TLSA, SPF, DKIM and DMARC configured) +FQDN: `mail.arf20.com` +hostname: `mail` +mailname: `arf20.com` + +``` +postfix +|- master.cf daemon instance specific, { smtpd, submission, submissions } +|- main.cf program specific, { smtp, smtpd } +|- aliases address aliases +dovecot +|- dovecot.conf dovecot config +gnu-mailutils +|- mailutils.conf GNU mailutils config +|- .mailrc user specific mail options +``` + diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf new file mode 100644 index 0000000..1266741 --- /dev/null +++ b/dovecot/dovecot.conf @@ -0,0 +1,40 @@ +disable_plaintext_auth = no +mail_privileged_group = mail +mail_location = mbox:~/mail:INBOX=/var/mail/%n +userdb { + driver = passwd +} +passdb { + args = dovecot + driver = pam + #driver = passwd-file + #args = scheme=plain username_format=%n /etc/dovecot/passwd +} +protocols = " imap" + +namespace inbox { + inbox = yes + + mailbox Trash { + auto = subscribe # autocreate and autosubscribe the Trash mailbox + special_use = \Trash + } + mailbox Sent { + auto = subscribe # autocreate and autosubscribe the Sent mailbox + special_use = \Sent + } +} + + +service auth { + unix_listener /var/spool/postfix/private/auth { + group = postfix + mode = 0660 + user = postfix + } +} + +ssl=required +ssl_cert = </etc/letsencrypt/live/mail.arf20.com/fullchain.pem +ssl_key = </etc/letsencrypt/live/mail.arf20.com/privkey.pem + diff --git a/gnu-mailutils/.mailrc b/gnu-mailutils/.mailrc new file mode 100644 index 0000000..1643b1f --- /dev/null +++ b/gnu-mailutils/.mailrc @@ -0,0 +1,2 @@ +set hold = true +set address = "Angel <arf20@arf20.com>" diff --git a/gnu-mailutils/mailutils.conf b/gnu-mailutils/mailutils.conf new file mode 100644 index 0000000..6d838cf --- /dev/null +++ b/gnu-mailutils/mailutils.conf @@ -0,0 +1,4 @@ +address { + email-domain arf20.com; +}; + diff --git a/postfix/aliases b/postfix/aliases new file mode 100644 index 0000000..cfde663 --- /dev/null +++ b/postfix/aliases @@ -0,0 +1,12 @@ +# See man 5 aliases for format +mailer-daemon: postmaster +nobody: postmaster +hostmaster: postmaster +usenet: postmaster +news: postmaster +webmaster: postmaster +www: postmaster +ftp: postmaster +abuse: postmaster + +postmaster: arf20 diff --git a/postfix/main.cf b/postfix/main.cf new file mode 100644 index 0000000..3bb538f --- /dev/null +++ b/postfix/main.cf @@ -0,0 +1,48 @@ +maillog_file = /var/log/mail.log + +# core options +myhostname = mail.arf20.com +myorigin = /etc/mailname +mydestination = mail.arf20.com, arf20.com, localhost, localhost.localdomain +#relayhost = # do relay (auth) +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all + +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases + +# common smtpd (incoming) options +# tls options +smtpd_tls_cert_file=/etc/letsencrypt/live/mail.arf20.com/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/mail.arf20.com/privkey.pem +smtpd_use_tls=yes +smtpd_tls_security_level=may +smtpd_tls_protocols = !SSLv2, !SSLv3 +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtpd_relay_before_recipient_restrictions=no +# restriction options +# no client restrictions, allow all hosts to connect (for incoming mail) +# allow incoming messages from unauthenticated servers +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +# allow relaying mail only from ARFNET users +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +# only allow messages to be sent from arf20.com domain +smtpd_sender_restrictions = reject_unknown_sender_domain +# auth options +smtpd_sasl_auth_enable=yes +smtpd_sasl_type=dovecot +smtpd_sasl_path=private/auth + +# common smtp (outgoing) options +# tls options +smtp_tls_cert_file=/etc/letsencrypt/live/mail.arf20.com/fullchain.pem +smtp_tls_key_file=/etc/letsencrypt/live/mail.arf20.com/privkey.pem +smtp_use_tls = yes +smtp_tls_security_level=may +smtp_tls_protocols = !SSLv2, !SSLv3 +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +local_recipient_maps = proxy:unix:passwd.byname $alias_maps + diff --git a/postfix/master.cf b/postfix/master.cf new file mode 100644 index 0000000..fbf19c7 --- /dev/null +++ b/postfix/master.cf @@ -0,0 +1,114 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +# Choose one: enable submission for loopback clients only, or for any client. +#127.0.0.1:submission inet n - y - - smtpd +# == removed a bunch of stuff +submission inet n - y - - smtpd + -o syslog_name=postfix/submission + -o smtpd_tls_wrappermode=no +# Choose one: enable submissions for loopback clients only, or for any client. +#127.0.0.1:submissions inet n - y - - smtpd +submissions inet n - y - - smtpd + -o syslog_name=postfix/submissions + -o smtpd_tls_wrappermode=yes +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} + |