Changes between Version 4 and Version 5 of configure_new_server


Ignore:
Timestamp:
Aug 25, 2007, 3:37:53 AM (18 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • configure_new_server

    v4 v5  
    298298}}}
    299299
    300  * Add the following to the bottom of the /etc/postfix/main.cf file:
     300 * Add the following to the bottom of the /etc/postfix/main.cf file (change SERVER to the server name)
    301301
    302302{{{
    303303# May First custom config
    304304# file based virtual hosting configuration
    305 
    306305# List of virtual domain names
    307306virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
     
    318317
    319318# Added by jamie 6/10/04 to try to stem the tide of spam
    320 smtpd_sender_restrictions ==
    321 hash:/etc/postfix/access,
    322 reject_non_fqdn_sender,
    323 reject_unknown_sender_domain,
    324 permit
     319smtpd_sender_restrictions =
     320  hash:/etc/postfix/access,
     321  reject_non_fqdn_sender,
     322  reject_unknown_sender_domain,
     323  permit
    325324
    326325# Added for amavisd-new
    327 content_filter = smtp-amavis:[127.0.0.1]:10024
    328 }}}
    329 
    330  * Copy the /etc/postfix/master.cf file from chavez to get the amavis settings.
     326content_filter=smtp-amavis:[127.0.0.1]:10024
     327
     328# to enable authentication for sending email
     329# and postgrey (policy port 6000 line)
     330smtpd_sasl_auth_enable = yes
     331smtpd_sasl_security_options = noanonymous
     332smtpd_sasl_local_domain = $myhostname
     333broken_sasl_auth_clients = yes
     334smtpd_recipient_restrictions =
     335  permit_sasl_authenticated,
     336  permit_mynetworks,
     337  reject_unauth_pipelining,
     338  reject_non_fqdn_recipient,
     339  reject_invalid_hostname,
     340  reject_unknown_recipient_domain,
     341  reject_unauth_destination,
     342  check_policy_service inet:127.0.0.1:60000
     343
     344# TLS Stuff here:
     345tls_random_source = dev:/dev/urandom
     346tls_daemon_random_source = dev:/dev/urandom
     347
     348# sever side tls - offer tls encryption when an smtp client
     349# (either user email program or sending smtp server) can use it
     350smtpd_tls_security_level = may
     351smtpd_tls_CApath = /etc/ssl/certs
     352smtpd_tls_loglevel = 1
     353smtpd_tls_session_cache_database = sdbm:/var/lib/postfix/smtpd_scache
     354# force people who want to authenticate to use tls - you can't authenticate
     355# otherwise. This is important because passwords are sent in the clear
     356smtpd_tls_auth_only = yes
     357smtpd_tls_key_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
     358smtpd_tls_cert_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
     359smtpd_tls_received_header = yes
     360smtpd_tls_session_cache_timeout = 3600s
     361
     362# client side - when we send to a server that offers tls, we should
     363# accept
     364smtp_tls_security_level = may
     365smtp_tls_CApath = /etc/ssl/certs
     366smtp_tls_session_cache_database = sdbm:/var/lib/postfix/smtp_scache
     367smtp_tls_loglevel = 1
     368# http://www.postfix.org/TLS_README.html recommends leaving these
     369# lines commented out so we don't present a client certificate.
     370# It is rare to be required to have a client certificate and presenting
     371# one sometimes causes problems
     372#smtp_tls_key_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
     373#smtp_tls_cert_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
     374
     375}}}
     376
     377 * Copy the /etc/postfix/master.cf file from chavez to get the amavis settings (and for chroot to be turned off)
    331378
    332379 * Postfix as secure mail relay setup