Postfix conf add certs and other security related modifications
This commit is contained in:
parent
59302b7fd8
commit
d0196c8c00
2 changed files with 36 additions and 0 deletions
|
@ -5,6 +5,11 @@ certbot:
|
||||||
- smtp.auro.re
|
- smtp.auro.re
|
||||||
mail: tech.aurore@lists.crans.org
|
mail: tech.aurore@lists.crans.org
|
||||||
certname: auro.re
|
certname: auro.re
|
||||||
|
cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}"
|
||||||
|
cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem"
|
||||||
|
cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem"
|
||||||
|
cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem"
|
||||||
|
cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem"
|
||||||
|
|
||||||
nfs:
|
nfs:
|
||||||
src: "10.128.0.6:/data_mail" # caradoc
|
src: "10.128.0.6:/data_mail" # caradoc
|
||||||
|
|
|
@ -33,3 +33,34 @@ relay_domains =
|
||||||
|
|
||||||
# Allow plus delimiter
|
# Allow plus delimiter
|
||||||
recipient_delimiter = +
|
recipient_delimiter = +
|
||||||
|
|
||||||
|
# Re2o Generated files
|
||||||
|
alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
|
||||||
|
alias_maps = $alias_database
|
||||||
|
local_recipient_maps = $alias_maps unix:passwd.byname
|
||||||
|
virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
|
||||||
|
relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
|
||||||
|
|
||||||
|
# Tell Postfix to deliver emails to Dovecot through LMTP
|
||||||
|
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||||
|
|
||||||
|
# TLS for reception
|
||||||
|
smtpd_use_tls = yes
|
||||||
|
smtpd_tls_security_level = may
|
||||||
|
smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }}
|
||||||
|
smtpd_tls_key_file = {{ certbot.cert_path_privkey }}
|
||||||
|
smtpd_tls_loglevel = 0
|
||||||
|
smtpd_tls_received_header = yes
|
||||||
|
|
||||||
|
# TLS for sending
|
||||||
|
smtp_use_tls = yes
|
||||||
|
smtp_tls_security_level = may
|
||||||
|
smtp_tls_loglevel = 1
|
||||||
|
smtp_tls_cert_file =
|
||||||
|
smtp_tls_key_file =
|
||||||
|
smtp_tls_CApath = /etc/ssl/certs/
|
||||||
|
|
||||||
|
# Caching TLS sessions
|
||||||
|
smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
|
||||||
|
smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue