diff options
| author | Ladar Levison <ladar@lavabit.com> | 2017-03-28 22:24:49 +0300 |
|---|---|---|
| committer | Ladar Levison <ladar@lavabit.com> | 2017-03-28 22:24:49 +0300 |
| commit | 8a9ccaf0cf0b2d3cad53e4240ef7fa25394a9550 (patch) | |
| tree | 12760c313f7ed747fa0f37d553fc34d242dd872d | |
| parent | 2d57cfede9c1d04599c86194f21efb2a0562adaa (diff) | |
Updated postfix config parameters used by the install script.
| -rw-r--r-- | dev/install/magmad.install.sh | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/dev/install/magmad.install.sh b/dev/install/magmad.install.sh index 98aa6619..68421b87 100644 --- a/dev/install/magmad.install.sh +++ b/dev/install/magmad.install.sh @@ -304,12 +304,44 @@ printf "/var/log/maillog {\n\tdaily\n\trotate 7\n\tmissingok\n}\n" > /etc/logrot # Fix the SELinux context for the postfix logrotate config. chcon system_u:object_r:etc_t:s0 /etc/logrotate.d/postfix -# Configure postfix to listen for relays on port 2525 so it doesn't conflict with magma. +# Configure the maps. +printf "\n\nsmtp_header_checks = pcre:/etc/postfix/header_checks\n" >> /etc/postfix/main.cf +printf "tansport_maps = hash:/etc/postfix/transport\n\n" >> /etc/postfix/main.cf + +# The postfix hostname, and relay networks. +printf "myhostname = relay.$DOMAIN\n" >> /etc/postfix/main.cf +printf "mynetwork = 127.0.0.0/8\n" >> /etc/postfix/main.cf +printf "myorigin = $DOMAIN\n\n" >> /etc/postfix/main.cf + +# Postfix opportunistic TLS relay. +printf "smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt\n" >> /etc/postfix/main.cf +printf "smtp_tls_ciphers = high\n" >> /etc/postfix/main.cf +printf "smtp_tls_loglevel = 2\n" >> /etc/postfix/main.cf +printf "smtp_tls_mandatory_ciphers = medium\n" >> /etc/postfix/main.cf +printf "smtp_tls_mandatory_protocols = SSLv3 TLSv1\n" >> /etc/postfix/main.cf +printf "smtp_tls_protocols = !SSLv2 !SSLv3\n" >> /etc/postfix/main.cf +printf "smtp_tls_security_level = may\n" >> /etc/postfix/main.cf +printf "tls_daemon_random_bytes = 128\n" >> /etc/postfix/main.cf +printf "tls_random_bytes = 255\n" >> /etc/postfix/main.cf +printf "tls_random_reseed_period = 1800s\n\n" >> /etc/postfix/main.cf + +# Postfix size limits. +printf "body_checks_size_limit = 134217728\n" +printf "mailbox_size_limit = 0\n" +printf "message_size_limit = 134217728\n" +printf "virtual_mailbox_limit = 0\n\n" + +# Configure postfix to listen for relays on port 2525, instead of port 25, so postfix won't conflict with a magma installation. sed -i -e "s/^smtp\([ ]*inet\)/127.0.0.1:2525\1/" /etc/postfix/master.cf -# Configure the postfix hostname and origin parameters. -printf "\nmyhostname = relay.$DOMAIN\nmyorigin = $DOMAIN\ntansport_maps = hash:/etc/postfix/transport\n" >> /etc/postfix/main.cf -printf "$DOMAIN smtp:[127.0.0.1]:2525\n" >> /etc/postfix/transport +# Route messages bound for the current domain back to magma over the loopback interface regardless of the DNS/router configuration. +printf "\n\n$DOMAIN smtp:[127.0.0.1]:2525\n\n" >> /etc/postfix/transport + +# Remove the extra received line added by postfix during relay operations. +printf "\n\n/^Received: from .*localhost.*\(Postfix\) with ESMTP.*$/ IGNORE\n\n" >> /etc/postfix/header_checks + +# Load the postfix mapping table. +postmap /etc/postfix/header_checks postmap /etc/postfix/transport ############################################################################# |