summaryrefslogtreecommitdiff
path: root/conf/templates/main.cf.template
blob: 349662d4fc8ad0065fdef022faba2cdd915a498e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# (c) 2004 Steffen Hansen <steffen@klaralvdalens-datakonsult.se> (Klaralvdalens Datakonsult AB)
# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.


# this file is automatically written by the Kolab config backend
# manual additions are lost unless made to the template in the Kolab config directory


# postfix default is 10 240 000 Byte = 10.24 Megabyte, 
# we use 20 Mebibyte = 20*2^20 Byte 
message_size_limit = 20971520

#   paths
command_directory = @l_prefix@/sbin
daemon_directory = @l_prefix@/libexec/postfix
queue_directory = @l_prefix@/var/postfix

#   users
mail_owner= @l_musr@
setgid_group= @l_rgrp@
default_privs= @l_nusr@

#   local host
myhostname = @@@fqdnhostname@@@
mydomain = @@@postfix-mydomain@@@
myorigin = $mydomain
relayhost = @@@postfix-relayhost@@@

# 
masquerade_domains = $mydomain
masquerade_exceptions = root

#   smtp daemon
#smtpd_banner = $myhostname ESMTP $mail_name
#inet_interfaces = 127.0.0.1

#   relaying
mynetworks = @@@postfix-mynetworks|join @@@
mydestination = @@@postfix-mydestination|join @@@
relay_domains = 
#smtpd_recipient_restrictions = permit_mynetworks, 
#                               check_client_access hash:/kolab/etc/postfix/access,
#                               check_relay_domains

#   maps
canonical_maps = hash:@l_prefix@/etc/postfix/canonical
virtual_maps =  hash:@l_prefix@/etc/postfix/virtual, ldap:ldapdistlist, ldap:ldapvirtual
relocated_maps = hash:@l_prefix@/etc/postfix/relocated
transport_maps = hash:@l_prefix@/etc/postfix/transport, ldap:ldaptransport
alias_maps = hash:@l_prefix@/etc/postfix/aliases
alias_database = hash:@l_prefix@/etc/postfix/aliases
#virtual_mailbox_maps = $virtual_maps
local_recipient_maps = $virtual_maps

#   local delivery
recipient_delimiter = +
#mailbox_transport = lmtp:unix:@l_prefix@/var/kolab/lmtp
mailbox_transport = kolabmailboxfilter

#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
#smtpd_tls_CAfile = @l_prefix@/etc/kolab/server.pem
#smtpd_tls_CApath =
#smtpd_tls_ask_ccert = no
#smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = @l_prefix@/etc/kolab/cert.pem
#smtpd_tls_cipherlist =
#smtpd_tls_dcert_file =
#smtpd_tls_dh1024_param_file =
#smtpd_tls_dh512_param_file =
#smtpd_tls_dkey_file = $smtpd_tls_dcert_file
#smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_key_file = @l_prefix@/etc/kolab/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
#smtpd_tls_req_ccert = no
#smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
#smtpd_tls_wrappermode = no

#tls_random_bytes = 32
tls_random_source = dev:/dev/urandom
#tls_daemon_random_bytes = 32
#tls_daemon_random_source =
#tls_random_exchange_name = ${config_directory}/prng_exch
#tls_random_prng_update_period = 60s
#tls_random_reseed_period = 3600s

#smtp_starttls_timeout = 300s
#smtp_tls_CAfile =
#smtp_tls_CApath =
#smtp_tls_cert_file =
#smtp_tls_cipherlist =
#smtp_tls_dcert_file =
#smtp_tls_dkey_file = $smtp_tls_dcert_file
#smtp_tls_enforce_peername = yes
#smtp_tls_key_file = $smtp_tls_cert_file
#smtp_tls_loglevel = 0
#smtp_tls_note_starttls_offer = no
#smtp_tls_per_site =
#smtp_tls_scert_verifydepth = 5
#smtp_tls_session_cache_database =
#smtp_tls_session_cache_timeout = 3600s

#   authentication via sasl

## Kolab Policy Server
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,
	reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:private/kolabpolicy
smtpd_sender_restrictions = permit_mynetworks, check_policy_service unix:private/kolabpolicy
kolabpolicy_time_limit = 3600
kolabpolicy_max_idle = 20

#smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes

# We want to allow for uids without any realm
#smtpd_sasl_local_domain = $myhostname
smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes

#
# LDAP Alias support
#

ldapvirtual_server_host = @@@ldap_uri@@@
ldapvirtual_search_base = @@@user_dn_list@@@
ldapvirtual_query_filter = (&(!(kolabDeleteFlag=*))(|(alias=%s)(mail=%s)))
ldapvirtual_result_attribute = mail
ldapvirtual_result_filter = %s
ldapvirtual_search_timeout = 15
ldapvirtual_scope = sub
ldapvirtual_bind = yes
ldapvirtual_bind_dn = @@@php_dn@@@
ldapvirtual_bind_pw = @@@php_pw@@@
ldapvirtual_version = 3

#
# LDAP Recipient map
#


#
# LDAP Distributionlist support
#

ldapdistlist_server_host = @@@ldap_uri@@@
ldapdistlist_search_base = @@@user_dn_list@@@
ldapdistlist_domain = $mydestination
ldapdistlist_query_filter = (&(objectClass=kolabGroupOfNames)(!(kolabDeleteFlag=*))(mail=%s))
ldapdistlist_special_result_attribute = member
ldapdistlist_exclude_internal = yes
ldapdistlist_result_attribute = mail
ldapdistlist_result_filter = %s
ldapdistlist_search_timeout = 15
ldapdistlist_scope = sub
ldapdistlist_bind = yes
ldapdistlist_bind_dn = @@@php_dn@@@
ldapdistlist_bind_pw = @@@php_pw@@@
ldapdistlist_version = 3

#
# LDAP Transport for multilocation support
#

ldaptransport_server_host = @@@ldap_uri@@@
ldaptransport_search_base = @@@user_dn_list@@@
ldaptransport_query_filter = (&(mail=%s)(objectClass=kolabInetOrgPerson)(!(kolabHomeServer=$myhostname)))
ldaptransport_result_attribute = kolabHomeServer
ldaptransport_result_filter = smtp:[%s]
ldaptransport_search_timeout = 15
ldaptransport_scope = sub
ldaptransport_bind = yes
ldaptransport_bind_dn = @@@php_dn@@@
ldaptransport_bind_pw = @@@php_pw@@@
ldaptransport_version = 3


@@@if postfix-enable-virus-scan@@@
#
# Amavis virus scan
#

content_filter=smtp-amavis:[127.0.0.1]:10024

@@@else@@@

content_filter=kolabfilter

@@@endif@@@