Postfix conf add certs and other security related modifications
This commit is contained in:
parent
27cfcc1320
commit
2c531d1af2
2 changed files with 36 additions and 0 deletions
|
@ -5,6 +5,11 @@ certbot:
|
|||
- smtp.auro.re
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}"
|
||||
cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem"
|
||||
cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem"
|
||||
cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem"
|
||||
cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem"
|
||||
|
||||
nfs:
|
||||
src: "10.128.0.6:/data_mail" # caradoc
|
||||
|
|
|
@ -33,3 +33,34 @@ relay_domains =
|
|||
|
||||
# Allow plus delimiter
|
||||
recipient_delimiter = +
|
||||
|
||||
# Re2o Generated files
|
||||
alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
|
||||
alias_maps = $alias_database
|
||||
local_recipient_maps = $alias_maps unix:passwd.byname
|
||||
virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
|
||||
relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
|
||||
|
||||
# Tell Postfix to deliver emails to Dovecot through LMTP
|
||||
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||
|
||||
# TLS for reception
|
||||
smtpd_use_tls = yes
|
||||
smtpd_tls_security_level = may
|
||||
smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }}
|
||||
smtpd_tls_key_file = {{ certbot.cert_path_privkey }}
|
||||
smtpd_tls_loglevel = 0
|
||||
smtpd_tls_received_header = yes
|
||||
|
||||
# TLS for sending
|
||||
smtp_use_tls = yes
|
||||
smtp_tls_security_level = may
|
||||
smtp_tls_loglevel = 1
|
||||
smtp_tls_cert_file =
|
||||
smtp_tls_key_file =
|
||||
smtp_tls_CApath = /etc/ssl/certs/
|
||||
|
||||
# Caching TLS sessions
|
||||
smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
|
||||
smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache
|
||||
|
||||
|
|
Loading…
Reference in a new issue