Correction Postfix

This commit is contained in:
Clément ROUSSEAU 2019-12-09 20:03:49 +01:00
parent cbd1d24511
commit 2236646eeb

View File

@ -127,7 +127,7 @@ then
echo "# Configuration de Postfix #"
echo "############################"
echo "" > /etc/postfix/main.cf
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\nrelayhost\t= \n\nalias_maps\t= hash:/etc/aliases\nalias_database\t= hash:/etc/aliases\n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CAfile\t\t\t= /etc/ssl/certs/ca.cert.pem\nsmtp_tls_protocols\t\t= !SSLv3\nsmtp_tls_mandatory_protocols\t= !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !SSLv3\nsmtpd_tls_mandatory_protocols\t= !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_CAfile\t\t= \$smtp_tls_CAfile\nsmtpd_tls_cert_file\t\t= etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\nsmtpd_tls_dh512_param_file\t= \$config_directory/dh512.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= tree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= yes\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-ogin-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\nrelayhost\t= \n\nalias_maps\t= hash:/etc/aliases\nalias_database\t= hash:/etc/aliases\n\n##################\n## MILTERS ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock, unix:/clamav/clamav-milter.ctl\nnon_smtpd_milters = unix:/opendkim/opendkim.sock\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CAfile\t\t\t= /etc/ssl/certs/ca.cert.pem\nsmtp_tls_protocols\t\t= !SSLv3\nsmtp_tls_mandatory_protocols\t= !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !SSLv3\nsmtpd_tls_mandatory_protocols\t= !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_CAfile\t\t= \$smtp_tls_CAfile\nsmtpd_tls_cert_file\t\t= /etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\nsmtpd_tls_dh512_param_file\t= \$config_directory/dh512.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= btree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= yes\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= \$mydomain\nsmtpd_sasl_authenticated_header\t= yes\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-login-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= $POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_unlisted_recipient,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch,\n\treject_rhsbl_sender dbl.spamhaus.org,\n\treject_unlisted_sender\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_helo_required = yes\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_unauth_pipelining\n\nsmtpd_relay_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_unauth_destination" >> /etc/postfix/main.cf
echo "" > /etc/postfix/bounce.cf
echo -e "failure_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message non transmis\nPostmaster-Subject: Postmaster Copy: Message non transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nNous sommes désolés de vous informer que votre message n'a pas pu\netre acheminé à un ou plusieurs destinataires.\nLe détail est expliqué ci dessous.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF\n\ndelay_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message mis en attente.\nPostmaster-Subject: Postmaster Warning: Delayed Mail\n\nCeci est un message automatique du serveur $myhostname.\n\n##############################################################################\n#C'EST UN SIMPLE AVERTISSEMENT, VOUS N'AVEZ PAS BESOIN DE RENVOYER UN MESSAGE#\n##############################################################################\n\nVotre message ne peut pas être délivré avant un délai de $delay_warning_time_hours heures.\n\nDes tentatives de renvoi seront effectuées durant : $maximal_queue_lifetime_days jours.\n\nPour une assistance, envoyez un e-mail à l'administrateur de\nvotre messagerie : postmaster@xarobase.com\n\nSi vous le faites, merci d'inclure ce message d'erreur dans\nvotre courriel.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nsuccess_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Message correctement transmis\n\nCeci est un message automatique du serveur $myhostname.\n\nVotre message a correctement été envoyé aux destinataires listés ci-dessous\nSi le message a bien été délivré dans la boite de réception de votre destinataire,\nvous ne recevrez pas d'autre notification.\n\nSi non, vous pourriez recevoir des notifications provenant du système de messagerie\nde votre destinataire.\n\n Le serveur de messagerie.\n\nMessage :\nEOF\n\nverify_template = <<EOF\nCharset: UTF-8\nFrom: postmaster (Message systeme)\nSubject: Rapport de transmission de message\n\nCeci est un message automatique du serveur $myhostname.\n\nLe rapport de transmission de message que vous avez demandé est en pièce jointe.\n\n Le serveur de messagerie.\n\nMessage d'erreur :\nEOF" >> /etc/postfix/bounce.cf
echo "" > /etc/postfix/master.cf
@ -135,6 +135,7 @@ then
echo "" > /etc/postfix/header_checks
echo -e "/^Received:.*with ESMTPSA/\tIGNORE\n/^X-Originating-IP:/\t\tIGNORE\n/^X-Mailer:/\t\t\tIGNORE\n/^User-Agent:/\t\t\tIGNORE" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
postalias /etc/aliases
echo "-- Fichiers créés !"
cd /etc/ssl/
openssl genrsa -out ca.key.pem 4096
@ -391,6 +392,6 @@ echo "Vous disposé maintenant des services suivant : "
if [ $MAIL == 'O' ];
then
echo "-- Service MAIL"
echo "Vous pouvez vous connecter à l'interface web d'administration PostfixAdmin "
echo "Vous pouvez vous connecter à l'interface web d'administration PostfixAdmin http://$HOSTNAME.$DOMAIN:8083/setup.php"
echo "Un redémarrage est nécessaire !"
fi