1 {% set is_mx = not not pillar['postfix']['ipaddr'].get('mx4') %}
2 {% set has_imap = not not pillar['postfix'].get('has_imap') %}
3 {% set has_mailman = not not pillar['postfix'].get('has_mailman') %}
4 {% set has_smtps = not not pillar['postfix'].get('has_smtps') %}
6 # ==========================================================================
7 # service type private unpriv chroot wakeup maxproc command + args
8 # (yes) (yes) (yes) (never) (100)
9 # ==========================================================================
13 {% for addr in (pillar['postfix']['ipaddr'].get('mx4'), pillar['postfix']['ipaddr'].get('mx6')) %}
16 {{ addr }}:2525 inet n - n - - smtpd
17 -o myhostname=ssl.polytechnique.org
18 -o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_sasl
19 -o smtpd_recipient_limit=1000
20 -o smtpd_sasl_auth_enable=yes
21 -o broken_sasl_auth_clients=yes
22 -o smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key
23 -o smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.crt
24 # -o smtpd_tls_CAfile=/etc/postfix/ssl/ca.crt
25 -o smtpd_tls_security_level=encrypt
26 -o smtpd_tls_loglevel=1
27 -o smtpd_tls_received_header=yes
28 -o smtpd_tls_ask_ccert=no
29 -o content_filter=localsmtp:[127.0.0.1]:10024
30 -o cleanup_service_name=cleanup-in
32 # smtps (TCP port 465) is the same config, with enforce_tls and tls_wrappermode
33 {{ addr }}::smtps inet n - n - - smtpd
34 -o myhostname=ssl.polytechnique.org
35 -o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_sasl
36 -o smtpd_recipient_limit=1000
37 -o smtpd_sasl_auth_enable=yes
38 -o broken_sasl_auth_clients=yes
39 -o smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key
40 -o smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.crt
41 # -o smtpd_tls_CAfile=/etc/postfix/ssl/ca.crt
42 -o smtpd_tls_security_level=encrypt
43 -o smtpd_tls_loglevel=1
44 -o smtpd_tls_received_header=yes
45 -o smtpd_tls_ask_ccert=no
46 -o smtpd_tls_wrappermode=yes
47 -o content_filter=localsmtp:[127.0.0.1]:10024
48 -o cleanup_service_name=cleanup-in
50 # submission (TCP port 587) is the same config, with only enforce_tls
51 {{ addr }}:587 inet n - n - - smtpd
52 -o myhostname=ssl.polytechnique.org
53 -o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_sasl
54 -o smtpd_recipient_limit=1000
55 -o smtpd_sasl_auth_enable=yes
56 -o broken_sasl_auth_clients=yes
57 -o smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key
58 -o smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.crt
59 # -o smtpd_tls_CAfile=/etc/postfix/ssl/ca.crt
60 -o smtpd_tls_security_level=encrypt
61 -o smtpd_tls_loglevel=1
62 -o smtpd_tls_received_header=yes
63 -o smtpd_tls_ask_ccert=no
64 -o content_filter=localsmtp:[127.0.0.1]:10024
65 -o cleanup_service_name=cleanup-in
72 {% for addr in (pillar['postfix']['ipaddr'].get('mx4'), pillar['postfix']['ipaddr'].get('mx6')) %}
74 {{ addr }}:smtp inet n - n - 200 smtpd
75 -o myhostname={{ pillar['postfix']['mx_name'] }}
76 -o content_filter=localsmtp:[127.0.0.1]:10024
77 -o smtpd_client_recipient_rate_limit=300
78 -o smtpd_client_message_rate_limit=120
79 -o cleanup_service_name=cleanup-in
84 # local smtpd (bounces)
85 # 10027: decode the bounces directly produced by the system
86 127.0.0.1:10027 inet n - n - 200 smtpd
87 -o myhostname=bounces.m4x.org
88 -o content_filter=localsmtp:[127.0.0.1]:10024
89 -o smtpd_client_connection_count_limit=4
90 -o smtpd_client_connection_rate_limit=30
91 -o smtpd_client_recipient_rate_limit=120
92 -o smtpd_client_message_rate_limit=60
93 -o cleanup_service_name=cleanup-bounce
95 # 10025: receive mails given by clamsmtp
96 127.0.0.1:10025 inet n - n - - smtpd.local
97 -o content_filter=bogofilter:$myhostname
98 -o local_recipient_maps=
99 -o relay_recipient_maps=
100 -o smtpd_restriction_classes=
101 -o smtpd_recipient_limit=1000
102 -o smtpd_client_restrictions=
103 -o smtpd_helo_restrictions=
104 -o smtpd_sender_restrictions=
105 -o smtpd_recipient_restrictions=permit_mynetworks,reject
106 -o smtpd_data_restrictions=
107 -o receive_override_options=no_unknown_recipient_checks
108 -o strict_rfc821_envelopes=yes
109 -o smtpd_error_sleep_time=0
110 -o smtpd_soft_error_limit=1001
111 -o smtpd_hard_error_limit=1000
112 -o smtpd_tls_security_level=none
113 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
114 -o cleanup_service_name=cleanup-mid
116 # 10026: receive mails from other hosts WITHOUT filtering
117 127.0.0.1:10026 inet n - n - - smtpd.local
119 -o local_recipient_maps=
120 -o relay_recipient_maps=
121 -o smtpd_restriction_classes=
122 -o smtpd_recipient_limit=1000
123 -o smtpd_client_restrictions=
124 -o smtpd_helo_restrictions=
125 -o smtpd_sender_restrictions=
126 -o smtpd_recipient_restrictions=permit_mynetworks,reject
127 -o smtpd_data_restrictions=
128 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
129 -o strict_rfc821_envelopes=yes
130 -o smtpd_error_sleep_time=0
131 -o smtpd_soft_error_limit=1001
132 -o smtpd_hard_error_limit=1000
133 -o smtpd_tls_security_level=none
134 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
135 -o cleanup_service_name=cleanup-out
137 # 20000: receive mails to @g.polytechnique.org and SRS-decode
138 127.0.0.1:20000 inet n - n - - smtpd
139 -o syslog_name=postfix-nosrs
140 -o queue_directory=/var/spool/postfix-nosrs
142 -o local_recipient_maps=
143 -o relay_recipient_maps=
144 -o virtual_alias_maps=
145 -o smtpd_restriction_classes=
146 -o smtpd_recipient_limit=1000
147 -o mynetworks=127.0.0.1/32
148 -o smtpd_client_restrictions=permit_mynetworks,reject
149 -o smtpd_helo_restrictions=
150 -o smtpd_sender_restrictions=
151 -o mydestination=g.polytechnique.org
152 -o virtual_alias_domains=
153 -o smtpd_recipient_restrictions=permit_mynetworks,reject
154 -o smtpd_data_restrictions=
155 -o receive_override_options=no_unknown_recipient_checks
156 -o strict_rfc821_envelopes=yes
157 -o smtpd_error_sleep_time=0
158 -o smtpd_soft_error_limit=1001
159 -o smtpd_hard_error_limit=1000
160 -o smtpd_tls_security_level=none
161 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
162 -o cleanup_service_name=cleanup-nosrs
165 bogofilter unix - n n - 10 pipe
166 flags=R user=filter argv=/etc/postfix/bin/filter-postfix-bogo.sh -f ${sender} -- ${recipient}
171 # This transport is usued for local submission
172 # The timeout on end_of_data is increased because ClamAV takes a little bit too much times, occasionally
173 localsmtp unix - - n - 20 smtp
174 -o smtp_bind_address=127.0.0.1
175 -o myhostname=local.polytechnique.org
176 -o smtp_data_done_timeout=1200
177 -o smtp_send_xforward_command=yes
178 -o smtp_tls_security_level=none
181 pipemm unix - n n - - pipe
182 flags=R user=list argv=/var/lib/mailman/mail/mailman ${extension} ${user}
186 deliver_imap unix - n n - 10 pipe
187 user=vmail argv=/etc/postfix/bin/deliver_imap.sh ${user}
192 smtp inet n - - - - smtpd
193 pickup fifo n - n 60 1 pickup
194 bounce unix - - n - 0 bounce
195 cleanup unix n - n - 0 cleanup
196 -o queue_service_name=qmgr
200 qmgr fifo n - n 300 1 qmgr
201 #qmgr fifo n - - 300 1 nqmgr
202 tlsmgr unix - - n 300 1 tlsmgr
203 rewrite unix - - n - - trivial-rewrite
204 defer unix - - n - 0 bounce
205 smtp unix - - n - 150 smtp
206 -o myhostname={{ pillar['postfix']['mx_name'] }}
207 smtp-low unix - - n - 3 smtp
208 -o myhostname={{ pillar['postfix']['mx_name'] }}
209 showq unix n - n - - showq
210 error unix - - n - - error
211 local unix - n n - - local
212 #virtual unix - n n - - virtual
213 #lmtp unix - - n - - lmtp
214 flush unix n - - 1000? 0 flush
215 relay unix - - - - - smtp
216 proxymap unix - - n - - proxymap
217 trace unix - - - - 0 bounce
218 verify unix - - - - 1 verify
219 anvil unix - - - - 1 anvil
220 scache unix - - - - 1 scache
221 discard unix - - - - - discard
222 deferred unix - - n - - smtp
223 retry unix - - - - - error
224 relay unix - - n - - smtp -o smtp_fallback_relay=
225 # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
230 pickup fifo n - n 60 1 pickup
231 -o cleanup_service_name=cleanup-out
232 bounce unix - - n - 0 bounce
233 -o cleanup_service_name=cleanup-bounce
235 cleanup unix n - n - 0 cleanup
236 -o sender_canonical_maps=
237 -o queue_service_name=qmgr
239 cleanup-bounce unix n - n - 0 cleanup
240 -o syslog_name=postfix-bounce
241 -o sender_canonical_maps=
242 -o recipient_canonical_maps=tcp:127.0.0.1:10002
243 -o recipient_canonical_classes=header_recipient,envelope_recipient
244 -o queue_service_name=qmgr
246 cleanup-nosrs unix n - n - 0 cleanup
247 -o syslog_name=postfix-nosrs
248 -o queue_directory=/var/spool/postfix-nosrs
249 -o virtual_alias_maps=
250 -o sender_canonical_maps=tcp:127.0.0.1:10002
251 -o sender_canonical_classes=envelope_sender
252 -o recipient_canonical_maps=
253 -o queue_service_name=qmgr-nosrs
254 qmgr-nosrs fifo n - n 300 1 qmgr
255 -o syslog_name=postfix-nosrs
256 -o queue_directory=/var/spool/postfix-nosrs
257 -o rewrite_service_name=rewrite-nosrs
258 rewrite-nosrs unix - - n - - trivial-rewrite
259 -o syslog_name=postfix-nosrs
260 -o queue_directory=/var/spool/postfix-nosrs
262 -o default_transport=smtp-nosrs
263 smtp-nosrs unix - - n - 20 smtp
264 -o syslog_name=postfix-nosrs
265 -o queue_directory=/var/spool/postfix-nosrs
266 -o myhostname={{ pillar['postfix']['mx_name'] }}
268 cleanup-out unix n - n - 0 cleanup
269 -o syslog_name=postfix-out
270 -o sender_canonical_maps=
271 -o recipient_canonical_maps=regexp:/etc/postfix/conversion_underscore.regex
272 -o recipient_canonical_classes=envelope_recipient
273 -o queue_service_name=qmgr
275 cleanup-mid unix n - n - 0 cleanup
276 -o syslog_name=postfix-mid
277 -o virtual_alias_maps=
278 -o sender_canonical_maps=tcp:127.0.0.1:10001
279 -o sender_canonical_classes=envelope_sender
280 -o recipient_canonical_maps=
282 -o header_checks=regexp:/etc/postfix/header_checks/bouncediscard
283 -o queue_service_name=qmgr
285 cleanup-in unix n - n - 0 cleanup
286 -o syslog_name=postfix-in
287 -o virtual_alias_maps=
288 -o sender_canonical_maps=proxy:mysql:/etc/postfix/mysql-canonical-rewrite.cf
289 -o sender_canonical_classes=envelope_sender,header_sender
290 -o recipient_canonical_maps=tcp:127.0.0.1:10002
291 -o recipient_canonical_classes=header_recipient,envelope_recipient
293 -o queue_service_name=qmgr
296 # vim:set noet sw=8 sts=8 ts=8 syntax=pfmain: