Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed

Postfix snippets - not finished

Published: 09-07-2012 | Author: Remy van Elst | Text only version of this article


❗ This post is over eleven years old. It may no longer be up to date. Opinions may have changed.


Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

/etc/postfix/master.cf
smtp inet n - - - - smtpd 
  -o smtpd_tls_security_level=encrypt 
  -o smtpd_sasl_auth_enable=yes 
  -o smtpd_sasl_type=dovecot 
  -o smtpd_sasl_path=private/auth 
  -o smtpd_sasl_security_options=noanonymous 
  -o smtpd_sasl_local_domain=$myhostname 
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination 
#  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination

  submission inet n - - - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
#  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination
/etc/postfix/main.cf
smtpd_banner = SMTP
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_cert_file=/etc/ssl/certs/postfix-public.pem
smtpd_tls_key_file=/etc/ssl/private/postfix-private.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
myhostname = vps7.sparklingclouds.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = sparklingclouds.nl, vps7.sparklingclouds.nl, localhost.sparklingclouds.nl, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

Dovecot

/etc/dovecot/dovecot.conf
protocols = imaps
disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl = required
login_greeting = MAPI.
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mmap_disable = yes
protocol imap {
}
protocol managesieve {
}
auth default {
  mechanisms = plain
  passdb pam {
  }
  userdb passwd {
  }
  user = root
socket listen {
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
        }
}
}
dict {
}
plugin {
}
Tags: dovecot , imap , imaps , mail , postfix , sasl , smtp , smtps , snippets