+++ /dev/null
-# HEADER_CHECKS(5) HEADER_CHECKS(5)
-#
-# NAME
-# header_checks - Postfix built-in header/body inspection
-#
-# SYNOPSIS
-# header_checks = pcre:/etc/postfix/header_checks
-# mime_header_checks = pcre:/etc/postfix/mime_header_checks
-# nested_header_checks = pcre:/etc/postfix/nested_header_checks
-# body_checks = pcre:/etc/postfix/body_checks
-#
-# postmap -fq "string" pcre:/etc/postfix/filename
-# postmap -fq - pcre:/etc/postfix/filename <inputfile
-#
-# DESCRIPTION
-# Postfix provides a simple built-in content inspection
-# mechanism that examines incoming mail one message header
-# or one message body line at a time. Each input is compared
-# against a list of patterns, and when a match is found the
-# corresponding action is executed. This feature is imple-
-# mented by the Postfix cleanup(8) server.
-#
-# For examples, see the EXAMPLES section at the end of this
-# manual page.
-#
-# Postfix header or body_checks are designed to stop a flood
-# of mail from worms or viruses; they do not decode attach-
-# ments, and they do not unzip archives. See the documents
-# referenced below in the README FILES section if you need
-# more sophisticated content analysis.
-#
-# Postfix supports four built-in content inspection classes:
-#
-# header_checks
-# These are applied to initial message headers
-# (except for the headers that are processed with
-# mime_header_checks).
-#
-# mime_header_checks (default: $header_checks)
-# These are applied to MIME related message headers
-# only.
-#
-# This feature is available in Postfix 2.0 and later.
-#
-# nested_header_checks (default: $header_checks)
-# These are applied to message headers of attached
-# email messages (except for the headers that are
-# processed with mime_header_checks).
-#
-# This feature is available in Postfix 2.0 and later.
-#
-# body_checks
-# These are applied to all other content, including
-# multi-part message boundaries.
-#
-# With Postfix versions before 2.0, all content after
-# the initial message headers is treated as body con-
-# tent.
-#
-# Note: message headers are examined one logical header at a
-# time, even when a message header spans multiple lines.
-# Body lines are always examined one line at a time.
-#
-# TABLE FORMAT
-# This document assumes that header and body_checks rules
-# are specified in the form of Postfix regular expression
-# lookup tables. Usually the best performance is obtained
-# with pcre (Perl Compatible Regular Expression) tables, but
-# the slower regexp (POSIX regular expressions) support is
-# more widely available. Use the command "postconf -m" to
-# find out what lookup table types your Postfix system sup-
-# ports.
-#
-# The general format of Postfix regular expression tables is
-# given below. For a discussion of specific pattern or
-# flags syntax, see pcre_table(5) or regexp_table(5),
-# respectively.
-#
-# /pattern/flags action
-# When pattern matches the input string, execute the
-# corresponding action. See below for a list of pos-
-# sible actions.
-#
-# !/pattern/flags action
-# When pattern does not match the input string, exe-
-# cute the corresponding action.
-#
-# if /pattern/flags
-#
-# endif Match the input string against the patterns between
-# if and endif, if and only if the input string also
-# matches pattern. The if..endif can nest.
-#
-# Note: do not prepend whitespace to patterns inside
-# if..endif.
-#
-# if !/pattern/flags
-#
-# endif Match the input string against the patterns between
-# if and endif, if and only if the input string does
-# not match pattern. The if..endif can nest.
-#
-# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
-# is a `#'.
-#
-# multi-line text
-# A pattern/action line starts with non-whitespace
-# text. A line that starts with whitespace continues
-# a logical line.
-#
-# TABLE SEARCH ORDER
-# For each line of message input, the patterns are applied
-# in the order as specified in the table. When a pattern is
-# found that matches the input line, the corresponding
-# action is executed and then the next input line is
-# inspected.
-#
-# TEXT SUBSTITUTION
-# Substitution of substrings from the matched expression
-# into the action string is possible using the conventional
-# Perl syntax ($1, $2, etc.). The macros in the result
-# string may need to be written as ${n} or $(n) if they
-# aren't followed by whitespace.
-#
-# Note: since negated patterns (those preceded by !) return
-# a result when the expression does not match, substitutions
-# are not available for negated patterns.
-#
-# ACTIONS
-# Action names are case insensitive. They are shown in upper
-# case for consistency with other Postfix documentation.
-#
-# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
-# erwise log a generic message.
-#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
-# affects all recipients.
-#
-# This feature is available in Postfix 2.0 and later.
-#
-# DUNNO Pretend that the input line did not match any pat-
-# tern, and inspect the next input line. This action
-# can be used to shorten the table search.
-#
-# For backwards compatibility reasons, Postfix also
-# accepts OK but it is (and always has been) treated
-# as DUNNO.
-#
-# This feature is available in Postfix 2.1 and later.
-#
-# FILTER transport:destination
-# Write a content filter request to the queue file
-# and inspect the next input line. After the com-
-# plete message is received it will be sent through
-# the specified external content filter. More infor-
-# mation about external content filters is in the
-# Postfix FILTER_README file.
-#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and affects all recipients of
-# the message. In the case that multiple FILTER
-# actions fire, only the last one is executed.
-#
-# This feature is available in Postfix 2.0 and later.
-#
-# HOLD optional text...
-# Arrange for the message to be placed on the hold
-# queue, and inspect the next input line. The mes-
-# sage remains on hold until someone either deletes
-# it or releases it for delivery. Log the optional
-# text if specified, otherwise log a generic message.
-#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
-# released with the postsuper(1) command.
-#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
-# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer.
-#
-# Note: this action affects all recipients of the
-# message.
-#
-# This feature is available in Postfix 2.0 and later.
-#
-# IGNORE Delete the current line from the input and inspect
-# the next input line.
-#
-# PREPEND text...
-# Prepend one line with the specified text and
-# inspect the next input line.
-#
-# Notes:
-#
-# o The prepended text is output on a separate
-# line, immediately before the input that
-# triggered the PREPEND action.
-#
-# o The prepended text is not considered part of
-# the input stream: it is not subject to
-# header/body checks or address rewriting, and
-# it does not affect the way that Postfix adds
-# missing message headers.
-#
-# o When prepending text before a message header
-# line, the prepended text must begin with a
-# valid message header label.
-#
-# o This action cannot be used to prepend multi-
-# line text.
-#
-# This feature is available in Postfix 2.1 and later.
-#
-# REDIRECT user@domain
-# Write a message redirection request to the queue
-# file and inspect the next input line. After the
-# message is queued, it will be sent to the specified
-# address instead of the intended recipient(s).
-#
-# Note: this action overrides the FILTER action, and
-# affects all recipients of the message. If multiple
-# REDIRECT actions fire, only the last one is exe-
-# cuted.
-#
-# This feature is available in Postfix 2.1 and later.
-#
-# REPLACE text...
-# Replace the current line with the specified text
-# and inspect the next input line.
-#
-# This feature is available in Postfix 2.2 and later.
-# The description below applies to Postfix 2.2.2 and
-# later.
-#
-# Notes:
-#
-# o When replacing a message header line, the
-# replacement text must begin with a valid
-# header label.
-#
-# o The replaced text remains part of the input
-# stream. Unlike the result from the PREPEND
-# action, a replaced message header may be
-# subject to address rewriting and may affect
-# the way that Postfix adds missing message
-# headers.
-#
-# REJECT optional text...
-# Reject the entire message. Reply with optional
-# text... when the optional text is specified, other-
-# wise reply with a generic error message.
-#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
-# affects all recipients.
-#
-# WARN optional text...
-# Log a warning with the optional text... (or log a
-# generic message) and inspect the next input line.
-# This action is useful for debugging and for testing
-# a pattern before applying more drastic actions.
-#
-# BUGS
-# Many people overlook the main limitations of header and
-# body_checks rules. These rules operate on one logical
-# message header or one body line at a time, and a decision
-# made for one line is not carried over to the next line.
-# If text in the message body is encoded (RFC 2045) then the
-# rules have to specified for the encoded form. Likewise,
-# when message headers are encoded (RFC 2047) then the rules
-# need to be specified for the encoded form.
-#
-# Message headers added by the cleanup(8) daemon itself are
-# excluded from inspection. Examples of such message headers
-# are From:, To:, Message-ID:, Date:.
-#
-# Message headers deleted by the cleanup(8) daemon will be
-# examined before they are deleted. Examples are: Bcc:, Con-
-# tent-Length:, Return-Path:.
-#
-# CONFIGURATION PARAMETERS
-# body_checks
-# Lookup tables with content filter rules for message
-# body lines. These filters see one physical line at
-# a time, in chunks of at most $line_length_limit
-# bytes.
-#
-# body_checks_size_limit
-# The amount of content per message body segment
-# (attachment) that is subjected to $body_checks fil-
-# tering.
-#
-# header_checks
-#
-# mime_header_checks (default: $header_checks)
-#
-# nested_header_checks (default: $header_checks)
-# Lookup tables with content filter rules for message
-# header lines: respectively, these are applied to
-# the initial message headers (not including MIME
-# headers), to the MIME headers anywhere in the mes-
-# sage, and to the initial headers of attached mes-
-# sages.
-#
-# Note: these filters see one logical message header
-# at a time, even when a message header spans multi-
-# ple lines. Message headers that are longer than
-# $header_size_limit characters are truncated.
-#
-# disable_mime_input_processing
-# While receiving mail, give no special treatment to
-# MIME related message headers; all text after the
-# initial message headers is considered to be part of
-# the message body. This means that header_checks is
-# applied to all the initial message headers, and
-# that body_checks is applied to the remainder of the
-# message.
-#
-# Note: when used in this manner, body_checks will
-# process a multi-line message header one line at a
-# time.
-#
-# EXAMPLES
-# Header pattern to block attachments with bad file name
-# extensions.
-#
-# /etc/postfix/main.cf:
-# header_checks = regexp:/etc/postfix/header_checks
-#
-# /etc/postfix/header_checks:
-# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
-# REJECT Bad attachment file name extension: $2
-#
-# Body pattern to stop a specific HTML browser vulnerability
-# exploit.
-#
-# /etc/postfix/main.cf:
-# body_checks = regexp:/etc/postfix/body_checks
-#
-# /etc/postfix/body_checks:
-# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
-# REJECT IFRAME vulnerability exploit
-#
-# SEE ALSO
-# cleanup(8), canonicalize and enqueue Postfix message
-# pcre_table(5), format of PCRE lookup tables
-# regexp_table(5), format of POSIX regular expression tables
-# postconf(1), Postfix configuration utility
-# postmap(1), Postfix lookup table management
-# postsuper(1), Postfix janitor
-# postcat(1), show Postfix queue file contents
-# RFC 2045, base64 and quoted-printable encoding rules
-# RFC 2047, message header encoding for non-ASCII text
-#
-# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
-# tory" to locate this information.
-# DATABASE_README, Postfix lookup table overview
-# CONTENT_INSPECTION_README, Postfix content inspection overview
-# BUILTIN_FILTER_README, Postfix built-in content inspection
-# BACKSCATTER_README, blocking returned forged mail
-#
-# LICENSE
-# The Secure Mailer license must be distributed with this
-# software.
-#
-# AUTHOR(S)
-# Wietse Venema
-# IBM T.J. Watson Research
-# P.O. Box 704
-# Yorktown Heights, NY 10598, USA
-#
-# HEADER_CHECKS(5)
+++ /dev/null
-###
-### main.cf for IPFire
-###
-queue_directory = /var/spool/postfix
-command_directory = /usr/sbin
-daemon_directory = /usr/lib/postfix
-manpage_directory = /usr/share/man
-sample_directory = /etc/postfix
-html_directory = no
-readme_directory = no
-
-sendmail_path = /usr/sbin/sendmail
-newaliases_path = /usr/bin/newaliases
-mailq_path = /usr/bin/mailq
-
-mail_owner = postfix
-setgid_group = postdrop
-
-myhostname = ipfire.localdomain
-myorigin = $myhostname
-
-inet_interfaces = all
-#proxy_interfaces =
-mydestination = $myhostname, localhost, mysql:/etc/postfix/mysql-mydestination.cf
-unknown_local_recipient_reject_code = 550
-
-mynetworks_style = host
-mynetworks = 127.0.0.0/8
-
-#relay_domains = $mydestination
-#relayhost = $mydomain
-#relayhost = [gateway.my.domain]
-#relayhost = [mailserver.isp.tld]
-#relayhost = uucphost
-#relayhost = [an.ip.add.ress]
-#relay_recipient_maps = hash:/etc/postfix/relay_recipients
-#in_flow_delay = 1s
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-recipient_delimiter = +
-
-mailbox_transport = cyrus
-cyrus_destination_recipient_limit=1
-
-header_checks = regexp:/etc/postfix/header_checks
-#fast_flush_domains = $relay_domains
-
-smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
-#local_destination_concurrency_limit = 2
-#default_destination_concurrency_limit = 20
-
-virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
-sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
-
-smtpd_sasl_type = cyrus
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-smtpd_sasl_local_domain = $myhostname
-broken_sasl_auth_clients = yes
-
-#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-
-#content_filter=amavis:[127.0.0.1]:10024
-
-smtpd_helo_required = yes
-mime_header_checks=pcre:/etc/postfix/body_checks
-smtpd_recipient_restrictions =
- reject_invalid_hostname,
- #reject_non_fqdn_hostname,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unknown_sender_domain,
- reject_unknown_recipient_domain,
- reject_unauth_pipelining,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- reject_rbl_client zombie.dnsbl.sorbs.net,
- reject_rbl_client opm.blitzed.org,
- reject_rbl_client list.dsbl.org,
- reject_rbl_client sbl.spamhaus.org,
- permit
-
+++ /dev/null
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the Postfix master(5) manual page.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - n - - smtpd
-#submission inet n - n - - smtpd
-# -o smtpd_etrn_restrictions=reject
-# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#smtps inet n - n - - smtpd
-# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-#submission inet n - n - - smtpd
-# -o smtpd_etrn_restrictions=reject
-# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
-#628 inet n - n - - qmqpd
-pickup fifo n - n 60 1 pickup
-cleanup unix n - n - 0 cleanup
-qmgr fifo n - n 300 1 qmgr
-#qmgr fifo n - n 300 1 oqmgr
-tlsmgr unix - - n 1000? 1 tlsmgr
-rewrite unix - - n - - trivial-rewrite
-bounce unix - - n - 0 bounce
-defer unix - - n - 0 bounce
-trace unix - - n - 0 bounce
-verify unix - - n - 1 verify
-flush unix n - n 1000? 0 flush
-proxymap unix - - n - - proxymap
-smtp unix - - n - - smtp
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay unix - - n - - smtp
- -o fallback_relay=
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - n - - showq
-error unix - - n - - error
-discard unix - - n - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - n - - lmtp
-anvil unix - - n - 1 anvil
-scache unix - - n - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
-#
-# The Cyrus deliver program has changed incompatibly, multiple times.
-#
-old-cyrus unix - n n - - pipe
- flags= user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-cyrus unix - n n - - pipe
- user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-procmail unix - n n - 20 pipe
- flags=R user=cyrus argv=/usr/bin/procmail -r SENDER=${sender} -t -m USER=${user} EXTENSION=${extension} /etc/procmailrc
-
-amavis unix - - n - 2 lmtp
- -o lmtp_data_done_timeout=1200
- -o lmtp_send_xforward_command=yes
- -o disable_dns_lookups=yes
- -o max_use=20
-
-127.0.0.1:10025 inet n - n - - smtpd
- -o content_filter=
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o smtpd_delay_reject=no
- -o smtpd_restriction_classes=
- -o smtpd_client_restrictions=
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_data_restrictions=reject_unauth_pipelining
- -o smtpd_end_of_data_restrictions=
- -o mynetworks=127.0.0.0/8
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks