Postfix conf add certs and other security related modifications

This commit is contained in:
otthorn 2021-02-04 23:18:23 +01:00
parent 59302b7fd8
commit d0196c8c00
2 changed files with 36 additions and 0 deletions

View file

@ -5,6 +5,11 @@ certbot:
- smtp.auro.re - smtp.auro.re
mail: tech.aurore@lists.crans.org mail: tech.aurore@lists.crans.org
certname: auro.re certname: auro.re
cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}"
cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem"
cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem"
cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem"
cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem"
nfs: nfs:
src: "10.128.0.6:/data_mail" # caradoc src: "10.128.0.6:/data_mail" # caradoc

View file

@ -33,3 +33,34 @@ relay_domains =
# Allow plus delimiter # Allow plus delimiter
recipient_delimiter = + recipient_delimiter = +
# Re2o Generated files
alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
alias_maps = $alias_database
local_recipient_maps = $alias_maps unix:passwd.byname
virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
# Tell Postfix to deliver emails to Dovecot through LMTP
virtual_transport = lmtp:unix:private/dovecot-lmtp
# TLS for reception
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }}
smtpd_tls_key_file = {{ certbot.cert_path_privkey }}
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
# TLS for sending
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_CApath = /etc/ssl/certs/
# Caching TLS sessions
smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache