diff --git a/pizza1/configs/postfix/body_checks.pcre b/pizza1/configs/postfix/body_checks.pcre new file mode 100644 index 0000000..58b20b9 --- /dev/null +++ b/pizza1/configs/postfix/body_checks.pcre @@ -0,0 +1 @@ +/^X-SimpleLogin-Client-IP:/ IGNORE diff --git a/pizza1/configs/postfix/client_headers.pcre b/pizza1/configs/postfix/client_headers.pcre new file mode 100644 index 0000000..9cf3ec1 --- /dev/null +++ b/pizza1/configs/postfix/client_headers.pcre @@ -0,0 +1 @@ +/^([0-9a-f:.]+)$/ prepend X-SimpleLogin-Client-IP: $1 diff --git a/pizza1/configs/postfix/main.cf b/pizza1/configs/postfix/main.cf new file mode 100644 index 0000000..eeadb99 --- /dev/null +++ b/pizza1/configs/postfix/main.cf @@ -0,0 +1,63 @@ +# POSTFIX config file, adapted for SimpleLogin +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no +inet_protocols = ipv4 +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtp_tls_security_level = may +smtpd_tls_security_level = may + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +alias_maps = hash:/etc/aliases +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24 + +# Set your domain here +mydestination = +myhostname = sl.projectsegfau.lt +mydomain = sl.projectsegfau.lt +myorigin = sl.projectsegfau.lt + +relay_domains = pgsql:/etc/postfix/pgsql-relay-domains.cf +transport_maps = pgsql:/etc/postfix/pgsql-transport-maps.cf + +# HELO restrictions +smtpd_delay_reject = yes +smtpd_helo_required = yes +smtpd_helo_restrictions = + permit_mynetworks, + reject_non_fqdn_helo_hostname, + reject_invalid_helo_hostname, + permit + +# Sender restrictions: +smtpd_sender_restrictions = + permit_mynetworks, + reject_non_fqdn_sender, + reject_unknown_sender_domain, + permit + +# Recipient restrictions: +smtpd_recipient_restrictions = + reject_unauth_pipelining, + reject_non_fqdn_recipient, + reject_unknown_recipient_domain, + permit_mynetworks, + reject_unauth_destination, + permit diff --git a/pizza1/configs/postfix/pgsql-relay-domains.cf b/pizza1/configs/postfix/pgsql-relay-domains.cf new file mode 100644 index 0000000..84f6ff4 --- /dev/null +++ b/pizza1/configs/postfix/pgsql-relay-domains.cf @@ -0,0 +1,9 @@ +# postgres config +hosts = localhost +user = myuser +password = mypassword +dbname = simplelogin + +query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true + UNION SELECT domain FROM public_domain WHERE domain='%s' + UNION SELECT '%s' WHERE '%s' IN ('sl.projectsegfau.lt', 'sl.psf.lt') LIMIT 1; diff --git a/pizza1/configs/postfix/pgsql-transport-maps.cf b/pizza1/configs/postfix/pgsql-transport-maps.cf new file mode 100644 index 0000000..5f4b285 --- /dev/null +++ b/pizza1/configs/postfix/pgsql-transport-maps.cf @@ -0,0 +1,10 @@ +# postgres config +hosts = localhost +user = myuser +password = mypassword +dbname = simplelogin + +# forward to smtp:127.0.0.1:20381 for custom domain AND email domain +query = SELECT 'smtp:127.0.0.1:20381' FROM custom_domain WHERE domain = '%s' AND verified=true + UNION SELECT 'smtp:127.0.0.1:20381' FROM public_domain WHERE domain = '%s' + UNION SELECT 'smtp:127.0.0.1:20381' WHERE '%s' IN ('sl.projectsegfau.lt', 'sl.psf.lt') LIMIT 1;