diff options
Diffstat (limited to 'server/setup/05-service-settings/etc/mail')
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/access | 145 | ||||
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/local-host-names | 10 | ||||
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/mail.diff | 213 | ||||
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/sendmail.mc | 228 | ||||
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/submit.mc | 58 | ||||
| -rw-r--r-- | server/setup/05-service-settings/etc/mail/virtusertable | 33 |
6 files changed, 687 insertions, 0 deletions
diff --git a/server/setup/05-service-settings/etc/mail/access b/server/setup/05-service-settings/etc/mail/access new file mode 100644 index 0000000..b5f0643 --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/access @@ -0,0 +1,145 @@ +# /etc/mail/access +# Copyright (c) 1998,2004 Richard Nelson <[email protected]>. +# Time-stamp: <1998/10/27 10:00:00 cowboy> +# GPL'd config file, please feed any gripes, suggestions, etc. to me +# +# Function: +# Access Control for this smtp server - determines: +# * Who we accept mail from +# * Who we accept relaying from +# * Who we will not send to +# +# Usage: +# FEATURE(access_db[, type [-o] /etc/mail/access])dnl +# makemap hash access < access +# +# Format: +# lhs: +# email addr <user@[host.domain]> +# domain name unless FEATURE(relay_hosts_only) is used, +# then this is a fqdn - and relay-domains ($=R) +# must also be fqdns. +# network number must end on an octet boundary, or +# you're stuck going the longwinded way ;-{ +# rhs: +# OK accept mail even if other rules in the +# running ruleset would reject it. +# RELAY Allow domain to relay through your SMTP +# server. RELAY also serves an implicit +# OK for the other checks. +# REJECT reject the sender/recipient with a general +# purpose message that can be customized. +# confREJECT_MSG [550 Access denied] will be issued +# DISCARD discard the message completely using +# the $#discard mailer. +# ### any text where ### is an RFC 821 compliant error code +# and "any text" is a message to return for +# the command +# Examples: +# [email protected] REJECT +# FREE.STEALTH.MAILER@ 550 Spam not accepted +# +# Notes: +# With FEATURE(blacklist_recipients) this is also possible: +# badlocaluser 550 Mailbox disabled for this username +# host.mydomain.com 550 That host does not accept mail +# [email protected] 550 Mailbox disabled for this recipient +# +# Related: +# define(`confREJECT_MSG', `550 Access denied')dnl +# define(`confCR_FILE', `-o /etc/mail/relay-domains')dnl <<- $=R +# FEATURE(relay_hosts_only)dnl +# FEATURE(relay_entire_domain)dnl <<- relays any host in the $=m class +# FEATURE(relay_based_on_MX)dnl <<- relaying for boxes MX'd to you +# FEATURE(blacklist_recipients)dnl +# FEATURE(rbl[,alternate server])dnl +# FEATURE(orbs[,alternate server])dnl <<- Debian addition +# FEATURE(orca[,alternate server])dnl <<- Debian addition +# FEATURE(accept_unqualified_senders)dnl +# FEATURE(accept_unresolvable_domains)dnl +# +# Local addresses 10.x.x.x, 127.x.x.x, 172.16-31.x.x 192.168.x.x can relay +# Note Well! You *must* make sure these address can't be spoofed externally +# Note, outbound relaying is controlled by connection and/or auth +# If you're not firewalled, and you don't have a lan, comment these out +# If you're not firewalled, and you have a lan, get firewalled *NOW* +# GreetPause - delay to check for spammers +# Client Connection rate (and #) control +Connect:localhost RELAY +GreetPause:localhost 0 +ClientRate:localhost 0 +ClientConn:localhost 0 +#Connect:10 RELAY +#GreetPause:10 0 +#ClientRate:10 0 +#ClientConn:10 0 +Connect:127 RELAY +GreetPause:127 0 +ClientRate:127 0 +ClientConn:127 0 +Connect:IPv6:::1 RELAY +GreetPause:IPv6:::1 0 +ClientRate:IPv6:::1 0 +ClientConn:IPv6:::1 0 +#Connect:172.16 RELAY +#Connect:172.17 RELAY +#Connect:172.18 RELAY +#Connect:172.19 RELAY +#Connect:172.20 RELAY +#Connect:172.21 RELAY +#Connect:172.22 RELAY +#Connect:172.23 RELAY +#Connect:172.24 RELAY +#Connect:172.25 RELAY +#Connect:172.26 RELAY +#Connect:172.27 RELAY +#Connect:172.28 RELAY +#Connect:172.29 RELAY +#Connect:172.30 RELAY +#Connect:172.31 RELAY +#Connect:192.168 RELAY +#GreetPause:192.168 0 +#ClientRate:192.168 0 +#ClientConn:192.168 0 + +Connect:144.76.84.102 RELAY +Connect:2a01:4f8:192:1165::2 RELAY +GreetPause:144.76.84.102 0 +GreetPause:2a01:4f8:192:1165::2 0 + +# Defaults +GreetPause: 5000 +ClientRate: 10 +ClientConn: 10 +# +# Don't offer AUTH on local network +#SRV_Features:192.168.1 A +# +# Hosts with to allow relaying +# +# +# Hosts that validly forward to me +#GreetPause:<ip> 0 +#ClientRate:<ip> 30 +#ClientConn:<ip> 0 +# +# Whitelisted users +# +Spam:postmaster@ FRIEND +Spam:abuse@ FRIEND +Spam:spam@ FRIEND +# +# Blacklisted users +# +#Connect:rampellsoft.com 554 Email directly, not through didtheyreadit.com +reject@ REJECT +#cyberpromo.com REJECT +#From:[email protected] REJECT +# +# Block invalid IPs +# +#Connect:0 REJECT whilst invalid, this also blocks sendmail -bs -Am +Connect:169.254 REJECT +Connect:192.0.2 REJECT +Connect:224 REJECT +Connect:255 REJECT diff --git a/server/setup/05-service-settings/etc/mail/local-host-names b/server/setup/05-service-settings/etc/mail/local-host-names new file mode 100644 index 0000000..5261b0b --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/local-host-names @@ -0,0 +1,10 @@ +localhost +jausoft.com +mail.jausoft.com +mcp.jausoft.com +www.jausoft.com +www.jausoft.org +www.jausoft.net +jausoft.com +jausoft.org +jausoft.net diff --git a/server/setup/05-service-settings/etc/mail/mail.diff b/server/setup/05-service-settings/etc/mail/mail.diff new file mode 100644 index 0000000..f8d0331 --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/mail.diff @@ -0,0 +1,213 @@ +--- mail.orig/access 2013-06-05 13:30:08.812083000 +0200 ++++ mail/access 2013-06-06 01:52:31.460642000 +0200 +@@ -101,6 +101,12 @@ + #GreetPause:192.168 0 + #ClientRate:192.168 0 + #ClientConn:192.168 0 ++ ++Connect:144.76.84.101 RELAY ++Connect:2a01:4f8:192:1164::2 RELAY ++GreetPause:144.76.84.101 0 ++GreetPause:2a01:4f8:192:1164::2 0 ++ + # Defaults + GreetPause: 5000 + ClientRate: 10 +--- mail.orig/local-host-names 2013-06-05 13:30:08.803772000 +0200 ++++ mail/local-host-names 2013-06-06 00:06:50.857480000 +0200 +@@ -1,2 +1,4 @@ + localhost ++mail.jogamp.org ++www.jogamp.org + jogamp.org +--- mail.orig/sendmail.mc 2013-06-05 13:30:07.254441000 +0200 ++++ mail/sendmail.mc 2013-06-06 01:51:45.426125000 +0200 +@@ -40,6 +40,34 @@ + undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= + dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE + dnl # ++ ++dnl # default logging level is 9, you might want to set it higher to ++dnl # debug the configuration ++dnl # ++dnl define(`confLOG_LEVEL', `9')dnl ++dnl define(`confLOG_LEVEL', `22')dnl ++dnl # ++ ++dnl # ++dnl # Uncomment and edit the following line if your outgoing mail needs to ++dnl # be sent out through an external mail server: ++dnl # ++dnl define(`SMART_HOST', `smtp.your.provider')dnl ++dnl define(`SMART_HOST', `smtp:mail.jogamp.org')dnl ++dnl define(`RELAY_MAILER_ARGS', `TCP $h 26')dnl ++dnl # ++define(`confDEF_USER_ID', ``8:12'')dnl ++dnl define(`confAUTO_REBUILD')dnl ++define(`confTO_CONNECT', `1m')dnl ++define(`confTO_COMMAND', `2m')dnl ++define(`confTRY_NULL_MX_LIST', `True')dnl ++define(`confDONT_PROBE_INTERFACES', `True')dnl ++define(`UUCP_MAILER_MAX', `2000000')dnl ++define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl ++dnl # ++define(`ALIAS_FILE', `/etc/aliases')dnl ++define(`STATUS_FILE', `/var/log/mail/statistics')dnl ++ + dnl # General defines + dnl # + dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() +@@ -52,15 +80,72 @@ + dnl # Remove `, Addr=' clauses to receive from any interface + dnl # If you want to support IPv6, switch the commented/uncommentd lines + dnl # ++ + FEATURE(`no_default_msa')dnl +-dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl ++ ++DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl ++DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=2a01:4f8:192:1164::2')dnl + DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl +-dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl ++DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=144.76.84.101')dnl ++ ++DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl + DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl ++ ++DAEMON_OPTIONS(`Family=inet6, Name=TLSMTA-v6, Port=smtps, M=Eas, Addr=::1')dnl ++DAEMON_OPTIONS(`Family=inet6, Name=TLSMTA-v6, Port=smtps, M=Eas, Addr=2a01:4f8:192:1164::2')dnl ++DAEMON_OPTIONS(`Family=inet, Name=TLSMTA-v4, Port=smtps, M=Eas, Addr=127.0.0.1')dnl ++DAEMON_OPTIONS(`Family=inet, Name=TLSMTA-v4, Port=smtps, M=Eas, Addr=144.76.84.101')dnl ++ + dnl # + dnl # Be somewhat anal in what we allow + define(`confPRIVACY_FLAGS',dnl + `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl ++dnl # define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,noetrn,noverb,restrictqrun')dnl ++ ++dnl define(`confAUTH_OPTIONS', `A')dnl ++dnl # ++dnl # The following allows relaying if the user authenticates, and disallows ++dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links ++dnl # ++dnl define(`confAUTH_OPTIONS', `A p')dnl ++define(`confAUTH_OPTIONS', `Apy')dnl ++dnl # ++dnl # PLAIN is the preferred plaintext authentication method and used by ++dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do ++dnl # use LOGIN. Other mechanisms should be used if the connection is not ++dnl # guaranteed secure. ++dnl # Please remember that saslauthd needs to be running for AUTH. ++dnl # ++dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl ++dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl ++TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl ++define(`confAUTH_MECHANISMS', `GSSAPI LOGIN PLAIN')dnl ++ ++dnl # ++dnl # Rudimentary information on creating certificates for sendmail TLS: ++dnl # cd /usr/share/ssl/certs; make sendmail.pem ++dnl # Complete usage: ++dnl # make -C /usr/share/ssl/certs usage ++dnl # ++define(`confCACERT_PATH', `/etc/ssl/local')dnl ++dnl define(`confCACERT', `/etc/ssl/local/ca-my.crt')dnl ++dnl define(`confCRL', `/etc/ssl/local/ca-my.crl')dnl ++dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl ++dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl ++define(`confCACERT', `/etc/ssl/local/thawte-SSL123_CA_Bundle.pem')dnl ++define(`confSERVER_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl ++define(`confSERVER_KEY', `/etc/ssl/local/jogamp2013-hostkey.mail.pem')dnl ++define(`confCLIENT_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl ++define(`confCLIENT_KEY', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl ++dnl # ++dnl define(`confTO_QUEUEWARN', `4h')dnl ++dnl define(`confTO_QUEUERETURN', `5d')dnl ++dnl define(`confQUEUE_LA', `12')dnl ++dnl define(`confREFUSE_LA', `18')dnl ++define(`confQUEUE_LA', `12')dnl ++define(`confREFUSE_LA', `18')dnl ++define(`confTO_IDENT', `0')dnl ++ + dnl # + dnl # Define connection throttling and window length + define(`confCONNECTION_RATE_THROTTLE', `15')dnl +@@ -68,15 +153,43 @@ + dnl # + dnl # Features + dnl # ++ ++dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl ++FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl ++FEATURE(redirect)dnl ++FEATURE(always_add_domain)dnl ++dnl # Masquerading options ++MASQUERADE_AS(`jogamp.org')dnl ++dnl FEATURE(`allmasquerade')dnl ++FEATURE(`masquerade_envelope')dnl ++FEATURE(`masquerade_entire_domain')dnl ++ + dnl # use /etc/mail/local-host-names + FEATURE(`use_cw_file')dnl ++dnl ++dnl # use /etc/mail/trusted-users ++dnl ++FEATURE(use_ct_file)dnl ++dnl # ++ ++# define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl ++# FEATURE(local_procmail, `', `/usr/bin/procmail -t -Y -a $h -d $u')dnl ++dnl # ++dnl # dovecot ++dnl # ++dnl FEATURE(local_procmail, `/usr/lib/dovecot/dovecot-lda', `/usr/lib/dovecot/dovecot-lda -d $u')dnl ++dnl MODIFY_MAILER_FLAGS(`LOCAL', `-f')dnl ++ + dnl # + dnl # The access db is the basis for most of sendmail's checking +-FEATURE(`access_db', , `skip')dnl ++dnl # FEATURE(`access_db', , `skip')dnl ++FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl + dnl # + dnl # The greet_pause feature stops some automail bots - but check the + dnl # provided access db for details on excluding localhosts... +-FEATURE(`greet_pause', `1000')dnl 1 seconds ++dnl # configured in file: access ++dnl FEATURE(`greet_pause', `1000')dnl 1 seconds ++FEATURE(`blacklist_recipients')dnl + dnl # + dnl # Delay_checks allows sender<->recipient checking + FEATURE(`delay_checks', `friend', `n')dnl +@@ -97,8 +210,16 @@ + include(`/etc/mail/m4/dialup.m4')dnl + include(`/etc/mail/m4/provider.m4')dnl + dnl # ++dnl # The following example makes mail from this host and any additional ++dnl # specified domains appear to be sent from mydomain.com ++dnl # + dnl # Default Mailer setup + MAILER_DEFINITIONS + MAILER(`local')dnl + MAILER(`smtp')dnl ++MAILER(`procmail')dnl + ++dnl define(`FAX_MAILER_PATH',`/usr/bin/faxmail')dnl ++dnl define(`FAX_MAILER_ARGS',`faxmail -d -n -t done -R -s a4 -p 12pt $u@$h $f')dnl ++dnl define(`FAX_MAILER_MAX',`100000000')dnl ++dnl MAILER(`fax')dnl +--- mail.orig/submit.mc 2013-06-05 13:30:07.256640000 +0200 ++++ mail/submit.mc 2013-06-06 00:05:36.459064992 +0200 +@@ -44,6 +44,7 @@ + dnl MASQUERADE_AS()dnl + dnl FEATURE(`masquerade_envelope')dnl + dnl # ++FEATURE(`use_ct_file')dnl + dnl #--------------------------------------------------------------------- + dnl # The real reason we're here: the FEATURE(msp) + dnl # NOTE WELL: MSA (587) should have M=Ea, so we need to use stock 25 +--- mail.orig/virtusertable 1970-01-01 01:00:00.000000000 +0100 ++++ mail/virtusertable 2013-06-06 02:02:58.162920000 +0200 +@@ -0,0 +1,3 @@ [email protected] mediastream ++ [email protected] nirvana diff --git a/server/setup/05-service-settings/etc/mail/sendmail.mc b/server/setup/05-service-settings/etc/mail/sendmail.mc new file mode 100644 index 0000000..32ec569 --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/sendmail.mc @@ -0,0 +1,228 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: debproto.mc,v 8.14.4 2013-02-11 11:12:33 cowboy Exp $ +# +# Copyright (c) 1998-2010 Richard Nelson. All Rights Reserved. +# +# cf/debian/sendmail.mc. Generated from sendmail.mc.in by configure. +# +# sendmail.mc prototype config file for building Sendmail 8.14.4 +# +# Note: the .in file supports 8.7.6 - 9.0.0, but the generated +# file is customized to the version noted above. +# +# This file is used to configure Sendmail for use with Debian systems. +# +# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf +# by running this file through the m4 preprocessor via one of the following: +# * make (or make -C /etc/mail) +# * sendmailconfig +# * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf +# The first two options are preferred as they will also update other files +# that depend upon the contents of this file. +# +# The best documentation for this .mc file is: +# /usr/share/doc/sendmail-doc/cf.README.gz +# +#----------------------------------------------------------------------------- +divert(0)dnl +# +# Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved. +# +# This file is used to configure Sendmail for use with Debian systems. +# +define(`_USE_ETC_MAIL_')dnl +include(`/usr/share/sendmail/cf/m4/cf.m4')dnl +VERSIONID(`$Id: sendmail.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $') +OSTYPE(`debian')dnl +DOMAIN(`debian-mta')dnl +dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE +undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= +dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE +dnl # + +dnl # default logging level is 9, you might want to set it higher to +dnl # debug the configuration +dnl # +dnl define(`confLOG_LEVEL', `9')dnl +dnl define(`confLOG_LEVEL', `22')dnl +dnl # + +dnl # +dnl # Uncomment and edit the following line if your outgoing mail needs to +dnl # be sent out through an external mail server: +dnl # +dnl define(`SMART_HOST', `smtp.your.provider')dnl +dnl define(`SMART_HOST', `smtp:mail.jausoft.com')dnl +dnl define(`RELAY_MAILER_ARGS', `TCP $h 26')dnl +dnl # +define(`confDEF_USER_ID', ``8:12'')dnl +dnl define(`confAUTO_REBUILD')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTO_COMMAND', `2m')dnl +define(`confTRY_NULL_MX_LIST', `True')dnl +define(`confDONT_PROBE_INTERFACES', `True')dnl +define(`UUCP_MAILER_MAX', `2000000')dnl +define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl +dnl # +define(`ALIAS_FILE', `/etc/aliases')dnl +define(`STATUS_FILE', `/var/log/mail/statistics')dnl + +dnl # General defines +dnl # +dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() +dnl # into this directory before writing files. +dnl # If *all* your user accounts are under /home then use that +dnl # instead - it will prevent any writes outside of /home ! +dnl # define(`confSAFE_FILE_ENV', `')dnl +dnl # +dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!! +dnl # Remove `, Addr=' clauses to receive from any interface +dnl # If you want to support IPv6, switch the commented/uncommentd lines +dnl # + +FEATURE(`no_default_msa')dnl + +DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl +DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=2a01:4f8:192:1165::2')dnl +DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl +DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=144.76.84.102')dnl + +DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl +DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl + +DAEMON_OPTIONS(`Family=inet6, Name=TLSMTA-v6, Port=smtps, M=Eas, Addr=::1')dnl +DAEMON_OPTIONS(`Family=inet6, Name=TLSMTA-v6, Port=smtps, M=Eas, Addr=2a01:4f8:192:1165::2')dnl +DAEMON_OPTIONS(`Family=inet, Name=TLSMTA-v4, Port=smtps, M=Eas, Addr=127.0.0.1')dnl +DAEMON_OPTIONS(`Family=inet, Name=TLSMTA-v4, Port=smtps, M=Eas, Addr=144.76.84.102')dnl + +dnl # +dnl # Be somewhat anal in what we allow +define(`confPRIVACY_FLAGS',dnl +`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl +dnl # define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,noetrn,noverb,restrictqrun')dnl + +dnl define(`confAUTH_OPTIONS', `A')dnl +dnl # +dnl # The following allows relaying if the user authenticates, and disallows +dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links +dnl # +dnl define(`confAUTH_OPTIONS', `A p')dnl +define(`confAUTH_OPTIONS', `Apy')dnl +dnl # +dnl # PLAIN is the preferred plaintext authentication method and used by +dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do +dnl # use LOGIN. Other mechanisms should be used if the connection is not +dnl # guaranteed secure. +dnl # Please remember that saslauthd needs to be running for AUTH. +dnl # +dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +define(`confAUTH_MECHANISMS', `GSSAPI LOGIN PLAIN')dnl + +dnl # +dnl # Rudimentary information on creating certificates for sendmail TLS: +dnl # cd /usr/share/ssl/certs; make sendmail.pem +dnl # Complete usage: +dnl # make -C /usr/share/ssl/certs usage +dnl # +define(`confCACERT_PATH', `/etc/ssl/local')dnl +dnl define(`confCACERT', `/etc/ssl/local/ca-my.crt')dnl +dnl define(`confCRL', `/etc/ssl/local/ca-my.crl')dnl +dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confCACERT', `/etc/ssl/local/thawte-SSL123_CA_Bundle.pem')dnl +define(`confSERVER_CERT', `/etc/ssl/local/jausoft2013-hostcert.pem')dnl +define(`confSERVER_KEY', `/etc/ssl/local/jausoft2013-hostkey.mail.pem')dnl +define(`confCLIENT_CERT', `/etc/ssl/local/jausoft2013-hostcert.pem')dnl +define(`confCLIENT_KEY', `/etc/ssl/local/jausoft2013-hostcert.pem')dnl +dnl # +dnl define(`confTO_QUEUEWARN', `4h')dnl +dnl define(`confTO_QUEUERETURN', `5d')dnl +dnl define(`confQUEUE_LA', `12')dnl +dnl define(`confREFUSE_LA', `18')dnl +define(`confQUEUE_LA', `12')dnl +define(`confREFUSE_LA', `18')dnl +define(`confTO_IDENT', `0')dnl + +dnl # +dnl # Define connection throttling and window length +define(`confCONNECTION_RATE_THROTTLE', `15')dnl +define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl +dnl # +dnl # Features +dnl # + +dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl +FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl +FEATURE(redirect)dnl +FEATURE(always_add_domain)dnl +dnl # Masquerading options +MASQUERADE_AS(`jausoft.com')dnl +dnl MASQUERADE_AS(`jausoft.net')dnl +dnl MASQUERADE_DOMAIN(`jordan.goethel.localnet')dnl +dnl MASQUERADE_DOMAIN(`goethel.localnet')dnl +dnl FEATURE(`allmasquerade')dnl +FEATURE(`masquerade_envelope')dnl +FEATURE(`masquerade_entire_domain')dnl + +dnl # use /etc/mail/local-host-names +FEATURE(`use_cw_file')dnl +dnl +dnl # use /etc/mail/trusted-users +dnl +FEATURE(use_ct_file)dnl +dnl # + +# define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl +# FEATURE(local_procmail, `', `/usr/bin/procmail -t -Y -a $h -d $u')dnl +dnl # +dnl # dovecot +dnl # +dnl FEATURE(local_procmail, `/usr/lib/dovecot/dovecot-lda', `/usr/lib/dovecot/dovecot-lda -d $u')dnl +dnl MODIFY_MAILER_FLAGS(`LOCAL', `-f')dnl + +dnl # +dnl # The access db is the basis for most of sendmail's checking +dnl # FEATURE(`access_db', , `skip')dnl +FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl +dnl # +dnl # The greet_pause feature stops some automail bots - but check the +dnl # provided access db for details on excluding localhosts... +dnl # configured in file: access +dnl FEATURE(`greet_pause', `1000')dnl 1 seconds +FEATURE(`blacklist_recipients')dnl +dnl # +dnl # Delay_checks allows sender<->recipient checking +FEATURE(`delay_checks', `friend', `n')dnl +dnl # +dnl # If we get too many bad recipients, slow things down... +define(`confBAD_RCPT_THROTTLE',`3')dnl +dnl # +dnl # Stop connections that overflow our concurrent and time connection rates +FEATURE(`conncontrol', `nodelay', `terminate')dnl +FEATURE(`ratecontrol', `nodelay', `terminate')dnl +dnl # +dnl # If you're on a dialup link, you should enable this - so sendmail +dnl # will not bring up the link (it will queue mail for later) +dnl define(`confCON_EXPENSIVE',`True')dnl +dnl # +dnl # Dialup/LAN connection overrides +dnl # +include(`/etc/mail/m4/dialup.m4')dnl +include(`/etc/mail/m4/provider.m4')dnl +dnl # +dnl # The following example makes mail from this host and any additional +dnl # specified domains appear to be sent from mydomain.com +dnl # +dnl # Default Mailer setup +MAILER_DEFINITIONS +MAILER(`local')dnl +MAILER(`smtp')dnl +MAILER(`procmail')dnl + +dnl define(`FAX_MAILER_PATH',`/usr/bin/faxmail')dnl +dnl define(`FAX_MAILER_ARGS',`faxmail -d -n -t done -R -s a4 -p 12pt $u@$h $f')dnl +dnl define(`FAX_MAILER_MAX',`100000000')dnl +dnl MAILER(`fax')dnl diff --git a/server/setup/05-service-settings/etc/mail/submit.mc b/server/setup/05-service-settings/etc/mail/submit.mc new file mode 100644 index 0000000..a304f44 --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/submit.mc @@ -0,0 +1,58 @@ +divert(-1)dnl +#----------------------------------------------------------------------------- +# $Sendmail: submit.mc,v 8.14.4 2013-02-11 11:12:33 cowboy Exp $ +# +# Copyright (c) 2000-2010 Richard Nelson. All Rights Reserved. +# +# cf/debian/submit.mc. Generated from submit.mc.in by configure. +# +# submit.mc prototype config file for building Sendmail 8.14.4 +# +# Note: the .in file supports 8.7.6 - 9.0.0, but the generated +# file is customized to the version noted above. +# +# This file is used to configure Sendmail for use with Debian systems. +# +# If you modify this file, you will have to regenerate /etc/mail/submit.cf +# by running this file through the m4 preprocessor via one of the following: +# * make (or make -C /etc/mail) +# * sendmailconfig +# * m4 /etc/mail/submit.mc > /etc/mail/submit.cf +# The first two options are preferred as they will also update other files +# that depend upon the contents of this file. +# +# The best documentation for this .mc file is: +# /usr/share/doc/sendmail-doc/cf.README.gz +# +#----------------------------------------------------------------------------- +divert(0)dnl +# +# Copyright (c) 2000-2002 Richard Nelson. All Rights Reserved. +# +# This file is used to configure Sendmail for use with Debian systems. +# +define(`_USE_ETC_MAIL_')dnl +include(`/usr/share/sendmail/cf/m4/cf.m4')dnl +VERSIONID(`$Id: submit.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $') +OSTYPE(`debian')dnl +DOMAIN(`debian-msp')dnl +dnl # +dnl #--------------------------------------------------------------------- +dnl # Masquerading information, if needed, should go here +dnl # You likely will not need this, as the MTA will do it +dnl #--------------------------------------------------------------------- +dnl MASQUERADE_AS()dnl +dnl FEATURE(`masquerade_envelope')dnl +dnl # +FEATURE(`use_ct_file')dnl +dnl #--------------------------------------------------------------------- +dnl # The real reason we're here: the FEATURE(msp) +dnl # NOTE WELL: MSA (587) should have M=Ea, so we need to use stock 25 +dnl #--------------------------------------------------------------------- +FEATURE(`msp', `[127.0.0.1]', `25')dnl +dnl # +dnl #--------------------------------------------------------------------- +dnl # Some minor cleanup from FEATURE(msp) +dnl #--------------------------------------------------------------------- +dnl # +dnl #--------------------------------------------------------------------- diff --git a/server/setup/05-service-settings/etc/mail/virtusertable b/server/setup/05-service-settings/etc/mail/virtusertable new file mode 100644 index 0000000..af7dcd0 --- /dev/null +++ b/server/setup/05-service-settings/etc/mail/virtusertable @@ -0,0 +1,33 @@ [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel + [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel [email protected] sgothel + [email protected] qgothel [email protected] qgothel [email protected] qgothel + [email protected] kgothel [email protected] kgothel [email protected] kgothel + [email protected] rsantina [email protected] wbaumann + [email protected] nirvana [email protected] nirvana |