diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2020-10-09 15:49:38 +0200 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-09 19:13:14 +0200 |
| commit | bde7745d2fc44dbbc290344c0beada0a2372148e (patch) | |
| tree | e250b81b2e203141d960624d2adaf0ed8f123841 /postfix | |
| parent | 5e7f8e71833c7f72a8e626813d4a3b862e27ce77 (diff) | |
handle submission separate from amavis or dkimproxy
Diffstat (limited to 'postfix')
| -rwxr-xr-x | postfix/postfix.sh | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 1b280a3..22ee0ce 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -64,6 +64,8 @@ if [ -f /etc/ssl/certs/postfix.pem ] && [ -f /etc/ssl/private/postfix.pem ]; the else warn "No TLS encryption - requires SSL certificate at /etc/ssl/certs/postfix.pem and private key at /etc/ssl/private/postfix.pem." fi +# TODO: enable only on systems with user accounts +submission=1 sasl= if [ -n "$tls_cert" ] && [ -n "$dovecot" ]; then sasl=1 @@ -313,6 +315,19 @@ _postconf -X smtp_tls_session_cache_database _postconf -X tls_random_exchange_name _postconf -X tls_random_source +# submission +# <http://www.postfix.org/SASL_README.html> +if [ -n "$submission" ]; then + _postconf -Me submission/inet=' +submission inet n - n - - smtpd + -o syslog_name=postfix/$service_name + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes +' +else + _postconf -MX submission/inet +fi + if [ -n "$amavis" ]; then _postconf -e 'max_use = 10' # Avoid too much reuse amavis_maxproc=$(getperlvarfromfile max_servers "$default_amavis_maxproc" amavisd.conf.addon amavis) @@ -348,14 +363,10 @@ amavisfeed unix - - n - $amavis_maxproc lmtp _postconf -e receive_override_options=no_address_mappings if [ -n "$dkimproxy" ]; then _postconf -e 'content_filter = amavisfeed:[127.0.0.1]:10028' - _postconf -Me submission/inet=' -submission inet n - n - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o content_filter=dkimsign:[127.0.0.1]:10028 -' _postconf -Pe pickup/fifo/content_filter=dkimsign:127.0.0.1:10028 + if [ -n "$submission" ]; then + _postconf -Pe submission/inet/content_filter='dkimsign:[127.0.0.1]:10028' + fi _postconf -Me dkimsign/unix=" dkimsign unix - - n - $dkimproxy_maxproc_out smtp -o smtp_send_xforward_command=yes @@ -374,14 +385,10 @@ dkimsign unix - - n - $dkimproxy_maxproc_out smtp ' else _postconf -e 'content_filter = amavisfeed:[127.0.0.1]:10024' - _postconf -Me submission/inet=' -submission inet n - n - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes -' _postconf -PX pickup/fifo/content_filter -' + if [ -n "$submission" ]; then + _postconf -PX submission/inet/content_filter + fi fi else _postconf -X content_filter @@ -439,7 +446,6 @@ fi # RBLs replaced with those recommended by http://www.antispews.org/ # spam filter based on these: http://www.postfix.org/FILTER_README.html # https://www.ijs.si/software/amavisd/amavisd-new-docs.html -# AUTH-SMTP based on this: http://www.postfix.org/SASL_README.html # TLS based on this: http://www.postfix.org/TLS_README.html # Here's a convenient overview of different blackholes: |