481 lines
18 KiB
CFEngine3
481 lines
18 KiB
CFEngine3
# $NetBSD: sample-misc.cf,v 1.3 2003/03/08 19:43:58 perry Exp $
|
|
#
|
|
# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
|
|
# HERE JUST SERVES AS AN EXAMPLE.
|
|
#
|
|
# This file contains example settings for miscellaneous Postfix
|
|
# configuration parameters.
|
|
|
|
# The always_bcc parameter specifies an optional address that
|
|
# receives a copy of each message that enters the Postfix system,
|
|
# not including bounces that are generated locally.
|
|
#
|
|
always_bcc =
|
|
|
|
# The daemon_timeout parameter specifies how much time a daemon may
|
|
# take to handle a request before it assumes it is wedged and commits
|
|
# suicide.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is s (seconds).
|
|
#
|
|
daemon_timeout = 18000s
|
|
|
|
# The berkeley_db_create_buffer_size parameter specifies the per-table
|
|
# I/O buffer size for programs that create Berkeley DB hash or btree
|
|
# tables. Specify a byte count. The default buffer size is 16 MBytes.
|
|
#
|
|
berkeley_db_create_buffer_size = 16777216
|
|
|
|
# The berkeley_db_read_buffer_size parameter specifies the per-table
|
|
# I/O buffer size for programs that read Berkeley DB hash or btree
|
|
# tables. Specify a byte count. The default buffer size is 128
|
|
# kBytes.
|
|
#
|
|
berkeley_db_read_buffer_size = 131072
|
|
|
|
# The default_database_type parameter specifies the default database
|
|
# type to use in postalias(1) and postmap(1) commands. On many UNIX
|
|
# systems the default type is either `dbm' or `hash'. The default is
|
|
# determined when the Postfix system is built.
|
|
#
|
|
#default_database_type = hash
|
|
#default_database_type = dbm
|
|
|
|
# The default_transport parameter specifies the default message
|
|
# delivery transport for domains that do not match mydestination,
|
|
# inet_interfaces, virtual_alias_domains, virtual_mailbox_domains,
|
|
# relay_domains, and for which no transport is explicitly given in
|
|
# the optional transport(5) table.
|
|
#
|
|
# Specify a string of the form transport:nexthop, where transport is
|
|
# the name of a mail delivery transport defined in master.cf. Either
|
|
# transport or nexthop are optional. For more details see the sample
|
|
# transports file.
|
|
#
|
|
#default_transport = uucp:relayhostname
|
|
default_transport = smtp
|
|
|
|
# The double_bounce_sender parameter specifies the sender address
|
|
# for mail that must be discarded when it cannot be delivered. This
|
|
# must be a unique name. All mail to this name is silently discarded,
|
|
# in order to terminate mail bounce loops.
|
|
#
|
|
double_bounce_sender = double-bounce
|
|
|
|
# The export_environment parameter specifies the names of environment
|
|
# parameters that Postfix will export to non-Postfix processes.
|
|
#
|
|
# - TZ is needed for sane time keeping on most SYSV-ish systems
|
|
#
|
|
# Specify a list of names separated by whitespace or comma.
|
|
#
|
|
export_environment = TZ
|
|
|
|
# The hash_queue_depth parameter specifies the number of subdirectory
|
|
# levels below the queue directories listed in the hash_queue_names
|
|
# parameter.
|
|
#
|
|
# Multiple subdirectory levels can speed up directory access by
|
|
# reducing the number of files per directory.
|
|
#
|
|
# After changing the hash_queue_names or hash_queue_depth parameter,
|
|
# run "postfix reload" and "postfix check".
|
|
#
|
|
hash_queue_depth = 2
|
|
|
|
# The hash_queue_names parameter specifies the names of queue
|
|
# directories that are split across multiple subdirectory levels.
|
|
# Hashing MUST NOT be used with a world-writable maildrop directory.
|
|
# Hashing MUST be used for the defer logfile directory, or mail system
|
|
# performance will suffer.
|
|
#
|
|
# Unfortunately, hashing the incoming or deferred queue can actually
|
|
# slow the mail system down (mailq with an empty queue can take
|
|
# several seconds) so it should be done only in case of emergency.
|
|
#
|
|
# After changing the hash_queue_names or hash_queue_depth parameter,
|
|
# run "postfix reload" and "postfix check".
|
|
#
|
|
hash_queue_names = defer
|
|
|
|
# The hopcount_limit parameter limits the number of Received: message
|
|
# headers. A message that exceeds the limit is bounced.
|
|
#
|
|
hopcount_limit = 50
|
|
|
|
# The import_environment parameter specifies the names of environment
|
|
# parameters that Postfix processes will import from their parent
|
|
# environment.
|
|
#
|
|
# - TZ is needed for sane time keeping on most SYSV-ish systems
|
|
# - DISPLAY and XAUTHORITY are needed for debugging Postfix daemons
|
|
# with an X-windows debugger.
|
|
# - MAIL_CONFIG is needed to make "postfix -c" work.
|
|
#
|
|
# Specify a list of names separated by whitespace or comma.
|
|
#
|
|
#import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY HOME PURIFYOPTIONS
|
|
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
|
|
|
|
# The inet_interfaces parameter specifies the network interface
|
|
# addresses that this mail system receives mail on. By default,
|
|
# the software claims all active interfaces on the machine. The
|
|
# parameter also controls delivery of mail to user@[ip.address].
|
|
#
|
|
# See also the proxy_interfaces parameter, for network addresses that
|
|
# are forwarded to us by way of a proxy or address translator.
|
|
#
|
|
# Note: you need to stop and start Postfix when this parameter changes.
|
|
#
|
|
inet_interfaces = all
|
|
|
|
# The proxy_interfaces parameter specifies the network interface
|
|
# addresses that this mail system receives mail on by way of a
|
|
# proxy or network address translation unit. This setting extends
|
|
# the address list specified with the inet_interfaces parameter.
|
|
#
|
|
# You must specify your proxy/NAT addresses when your system is a
|
|
# backup MX host for other domains, otherwise mail delivery loops
|
|
# will happen when the primary MX host is down.
|
|
#
|
|
#proxy_interfaces =
|
|
#proxy_interfaces = 1.2.3.4
|
|
|
|
# The ipc_idle parameter bounds the idle time for internal communication
|
|
# channels after which a client disconnects voluntarily. The purpose
|
|
# is to allow servers to terminate voluntarily after they become
|
|
# idle. This is used, for example, by the address resolving and
|
|
# rewriting clients.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is s (seconds).
|
|
#
|
|
ipc_idle = 100s
|
|
|
|
# The ipc_timeout parameter specifies a timeout for I/O on internal
|
|
# communication channels. The purpose is to break out of deadlock
|
|
# situations. If the timeout is exceeded the software aborts with a
|
|
# fatal error.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is s (seconds).
|
|
#
|
|
ipc_timeout = 3600s
|
|
|
|
# The mail_name parameter specifies the mail system name that is used
|
|
# in Received: headers, in the SMTP greeting banner, and in bounced
|
|
# mail.
|
|
#
|
|
mail_name = Postfix
|
|
|
|
# The mail_owner parameter specifies the owner of the Postfix queue
|
|
# and of most Postfix daemon processes. Specify the name of a user
|
|
# account THAT DOES NOT SHARE A GROUP WITH OTHER ACCOUNTS AND THAT
|
|
# OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In particular,
|
|
# don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
|
|
#
|
|
mail_owner = postfix
|
|
|
|
# The mail_version parameter specifies the official version of the
|
|
# mail system. The version string can be used in, for example, the
|
|
# SMTP greeting banner.
|
|
#
|
|
mail_version = 19981207
|
|
|
|
# The max_idle parameter limits the time that a Postfix daemon process
|
|
# waits for the next service request before exiting. This parameter
|
|
# is ignored by the Postfix queue manager.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is s (seconds).
|
|
#
|
|
max_idle = 100s
|
|
|
|
# The max_use parameter limits the number of service requests handled
|
|
# by a Postfix daemon process before exiting. This parameter is
|
|
# ignored by the Postfix queue manager.
|
|
#
|
|
max_use = 100
|
|
|
|
# The mydestination parameter specifies the list of domains that this
|
|
# machine considers itself the final destination for.
|
|
#
|
|
# These domains are routed to the delivery agent specified with the
|
|
# local_transport parameter setting. By default, that is the UNIX
|
|
# compatible delivery agent that lookups all recipients in /etc/passwd
|
|
# and /etc/aliases or their equivalent.
|
|
#
|
|
# The default is $myhostname + localhost.$mydomain. On a mail domain
|
|
# gateway, you should also include $mydomain.
|
|
#
|
|
# Do not specify the names of virtual domains - those domains are
|
|
# specified elsewhere (see sample-virtual.cf).
|
|
#
|
|
# Do not specify the names of domains that this machine is backup MX
|
|
# host for. Specify those names via the relay_domains settings for
|
|
# the SMTP server, or use permit_mx_backup if you are lazy (see
|
|
# sample-smtpd.cf).
|
|
#
|
|
# The local machine is always the final destination for mail addressed
|
|
# to user@[the.net.work.address] of an interface that the mail system
|
|
# receives mail on (see the inet_interfaces parameter).
|
|
#
|
|
# Specify a list of host or domain names, /file/name or type:table
|
|
# patterns, separated by commas and/or whitespace. A /file/name
|
|
# pattern is replaced by its contents; a type:table is matched when
|
|
# a name matches a lookup key. Continue long lines by starting the
|
|
# next line with whitespace.
|
|
#
|
|
# See sample-smtpd.cf for a description of the local_recipient_maps
|
|
# and unknown_local_recipient_reject_code parameters. By default,
|
|
# the SMTP server rejects mail for recipients not listed with the
|
|
# local_recipient_maps parameter.
|
|
#
|
|
#mydestination = $myhostname, localhost.$mydomain $mydomain
|
|
#mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain
|
|
mydestination = $myhostname, localhost.$mydomain
|
|
|
|
# The mydomain parameter specifies the local internet domain name.
|
|
# The default is to use $myhostname minus the first component.
|
|
# $mydomain is used as a default value for many other configuration
|
|
# parameters.
|
|
#
|
|
#mydomain = domain.tld
|
|
|
|
# The myhostname parameter specifies the internet hostname of this
|
|
# mail system. The default is to use the fully-qualified domain name
|
|
# from gethostname(). $myhostname is used as a default value for many
|
|
# other configuration parameters.
|
|
#
|
|
#myhostname = host.domain.tld
|
|
|
|
# The myorigin parameter specifies the domain that locally-posted
|
|
# mail appears to come from. The default is to append $myhostname,
|
|
# which is fine for small sites. If you run a domain with multiple
|
|
# machines, you should (1) change this to $mydomain and (2) set up
|
|
# a domain-wide alias database that aliases each user to
|
|
# user@that.users.mailhost.
|
|
#
|
|
#myorigin = $mydomain
|
|
myorigin = $myhostname
|
|
|
|
# The mynetworks parameter specifies the list of "trusted" SMTP
|
|
# clients that have more privileges than "strangers".
|
|
#
|
|
# In particular, "trusted" SMTP clients are allowed to relay mail
|
|
# through Postfix. See the smtpd_recipient_restrictions parameter
|
|
# in file sample-smtpd.cf.
|
|
#
|
|
# You can specify the list of "trusted" network addresses by hand
|
|
# or you can let Postfix do it for you (which is the default).
|
|
#
|
|
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
|
|
# clients in the same IP subnetworks as the local machine.
|
|
#
|
|
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
|
|
# clients in the same IP class A/B/C networks as the local machine.
|
|
# Don't do this with a dialup site - it would cause Postfix to "trust"
|
|
# your entire provider's network. Instead, specify an explicit
|
|
# mynetworks list by hand, as described below.
|
|
#
|
|
# Specify "mynetworks_style = host" when Postfix should "trust"
|
|
# only the local machine.
|
|
#
|
|
#mynetworks_style = class
|
|
#mynetworks_style = subnet
|
|
#mynetworks_style = host
|
|
|
|
# Alternatively, you can specify the mynetworks list by hand, in
|
|
# which case Postfix ignores the mynetworks_style setting.
|
|
#
|
|
# Specify an explicit list of network/netmask patterns, where the
|
|
# mask specifies the number of bits in the network part of a host
|
|
# address.
|
|
#
|
|
# You can also specify the absolute pathname of a pattern file instead
|
|
# of listing the patterns here.
|
|
#
|
|
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
|
|
|
|
# The notify_classes parameter specifies the list of error classes
|
|
# that are reported to the postmaster. The default is to report only
|
|
# the most serious problems. The paranoid may wish to turn on the
|
|
# policy (anti-UCE violations) and protocol error (broken mailers)
|
|
# reports.
|
|
#
|
|
# The error classes are:
|
|
#
|
|
# bounce: Send the postmaster copies of the headers of bounced mail.
|
|
# 2bounce: Send undeliverable bounced mail to the postmaster.
|
|
# delay: Send the postmaster copies of the headers of delayed mail.
|
|
# policy: Send the postmaster a transcript of the entire SMTP session
|
|
# when a client request was rejected because of (UCE) policy.
|
|
# protocol: Send the postmaster a transcript of the entire SMTP
|
|
# session in case of client or server protocol errors.
|
|
# resource: Inform the postmaster of mail not delivered due to
|
|
# resource problems.
|
|
# software: Inform the postmaster of mail not delivered due to
|
|
# software problems.
|
|
#
|
|
#notify_classes = bounce,delay,policy,protocol,resource,software
|
|
#notify_classes = 2bounce,resource,software
|
|
notify_classes = resource,software
|
|
|
|
# The following parameters specify who gets postmaster notices if
|
|
# one of the above error conditions is recognized. All parameters
|
|
# default to "postmaster".
|
|
#
|
|
bounce_notice_recipient = postmaster
|
|
2bounce_notice_recipient = postmaster
|
|
delay_notice_recipient = postmaster
|
|
error_notice_recipient = postmaster
|
|
|
|
# The parent_domain_matches_subdomains parameter specifies what
|
|
# Postfix features use "domain.tld matches sub.domain.tld" style
|
|
# pattern matching instead of requiring ".domain.tld". This is
|
|
# planned backwards compatibility: eventually, all Postfix features
|
|
# are expected to require ".domain.tld" style patterns.
|
|
#
|
|
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,
|
|
mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,
|
|
relay_domains,smtpd_access_maps
|
|
|
|
# The process_id_directory specifies a lock file directory relative
|
|
# to the Postfix queue directory. This facility is used by the master
|
|
# daemon to lock out other master daemon instances.
|
|
#
|
|
# Note: this is a read-only variable.
|
|
#
|
|
process_id_directory = pid
|
|
|
|
# The daemon_directory parameter specifies the location of Postfix
|
|
# support programs and daemons. This directory must be owned by root.
|
|
#
|
|
daemon_directory = /usr/libexec/postfix
|
|
|
|
# The queue_directory specifies the location of the Postfix queue.
|
|
# This is also the root directory of Postfix daemons that run chrooted.
|
|
# The files in the examples/chroot-setup subdirectory describe how
|
|
# to set up Postfix chroot environments on different UNIX systems.
|
|
#
|
|
queue_directory = /var/spool/postfix
|
|
|
|
# The recipient_delimiter parameter specifies the separator between
|
|
# user names and address extensions (user+foo). See canonical(5),
|
|
# local(8), relocated(5) and virtual(5) for the effects this has on
|
|
# aliases, canonical, virtual, relocated and .forward file lookups.
|
|
# Basically, the software tries user+foo and .forward+foo before
|
|
# trying user and .forward.
|
|
#
|
|
#recipient_delimiter = +
|
|
recipient_delimiter =
|
|
|
|
# The propagate_unmatched_extensions parameter specifies what lookup
|
|
# tables should copy the address extension from the lookup key to
|
|
# the lookup result.
|
|
#
|
|
# For example, with a virtual table entry "joe@domain joe.user",
|
|
# the address joe+foo@domain would be rewritten to joe.user+foo.
|
|
# Address extensions can be propagated with canonical, virtual,
|
|
# and alias maps, as well as with .forward and :include: files,
|
|
# including mailing lists!!
|
|
#
|
|
# By default, only canonical and virtual maps propagate address
|
|
# extensions to lookup results. Enabling this feature for other
|
|
# types of lookups usually causes problems when mail is forwarded
|
|
# to other sites, especially with mail that is sent to a mailing
|
|
# list exploder address.
|
|
#
|
|
#propagate_unmatched_extensions = canonical, virtual, alias, forward, include
|
|
#propagate_unmatched_extensions = canonical, virtual
|
|
|
|
# The relayhost parameter specifies the default host to send mail to
|
|
# when no entry is matched in the optional transport(5) table. When
|
|
# no relayhost is given, mail is routed directly to the destination.
|
|
#
|
|
# On an intranet, specify the organizational domain name. If your
|
|
# internal DNS uses no MX records, specify the name of the intranet
|
|
# gateway host instead.
|
|
#
|
|
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
|
|
# [address] or [address]:port; the form [host] turns off MX lookups.
|
|
#
|
|
# If you're connected via UUCP, see also the default_transport parameter.
|
|
#
|
|
#relayhost = $mydomain
|
|
#relayhost = gateway.my.domain
|
|
#relayhost = uucphost
|
|
#relayhost = [an.ip.add.ress]
|
|
relayhost =
|
|
|
|
# The relocated_maps parameter specifies optional tables with contact
|
|
# information for users, hosts or domains that no longer exist. See
|
|
# relocated(5) for details.
|
|
#
|
|
# By default, this feature is disabled.
|
|
#
|
|
# Specify the types and names of databases to use. After change,
|
|
# run "postmap /etc/postfix/relocated", then "postfix reload".
|
|
#
|
|
#relocated_maps = hash:/etc/postfix/relocated
|
|
relocated_maps =
|
|
|
|
# The resolve_dequoted_address parameter controls how Postfix
|
|
# resolves addresses.
|
|
#
|
|
# By default, the Postfix address resolver does not quote the address
|
|
# localpart as per RFC 822, so that additional @ or % or ! operators
|
|
# remain visible. This behavior is safe but it is also technically
|
|
# incorrect.
|
|
#
|
|
# If you specify "resolve_dequoted_address = no", then the Postfix
|
|
# resolver will not know about additional @ etc. operators in the
|
|
# address localpart. This opens opportunities for obscure mail relay
|
|
# attacks with user@domain@domain addresses when Postfix provides
|
|
# backup MX service for Sendmail systems.
|
|
#
|
|
resolve_dequoted_address = no
|
|
|
|
# The syslog_facility parameter controls where Postfix logging is
|
|
# sent by the syslog daemon. Specify a logging facility as defined
|
|
# in syslog.conf(5). The default logging facility is "mail".
|
|
#
|
|
# Beware: a non-default syslog_facility setting takes effect only
|
|
# after process initialization. Some initialization errors will be
|
|
# logged with the default facility, especially errors while parsing
|
|
# the command line and errors while accessing the Postfix main.cf
|
|
# configuration file.
|
|
#
|
|
syslog_facility = mail
|
|
|
|
# The syslog_name parameter specifies the mail system name that is
|
|
# prepended to the process name in syslog records, so that "smtpd"
|
|
# becomes, for example, "postfix/smtpd".
|
|
#
|
|
# Beware: a non-default syslog_name setting takes effect only
|
|
# after process initialization. Some initialization errors will be
|
|
# logged with the default name, especially errors while parsing
|
|
# the command line and errors while accessing the Postfix main.cf
|
|
# configuration file.
|
|
#
|
|
syslog_name = postfix
|
|
|
|
# The trigger_timeout parameter limits the time to send a trigger to
|
|
# a Postfix daemon. This prevents programs from getting stuck when the
|
|
# mail system is under heavy load.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is s (seconds).
|
|
#
|
|
trigger_timeout = 10s
|
|
|
|
# The delay_warning_time specifies after how much time a warning
|
|
# is sent that mail has not yet been delivered. By default, no warning
|
|
# is sent.
|
|
#
|
|
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
# The default time unit is h (hours).
|
|
#
|
|
#delay_warning_time = 0h
|