From fed59864f03887ed31c586fb149775ca38a7d3ac Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Mar 2017 18:42:00 +0200 Subject: Split local settings --- .gitignore | 2 ++ conf.d/000_local.conf.example | 68 +++++++++++++++++++++++++++++++++++++++++ conf.d/010_main.conf | 71 ++----------------------------------------- conf.d/020_acl.conf | 2 +- conf.d/030_routers.conf | 2 +- conf.d/040_transports.conf | 2 +- exim.conf | 2 ++ 7 files changed, 77 insertions(+), 72 deletions(-) create mode 100644 .gitignore create mode 100644 conf.d/000_local.conf.example diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..269565c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +conf.d/000_local.conf + diff --git a/conf.d/000_local.conf.example b/conf.d/000_local.conf.example new file mode 100644 index 0000000..edb41fa --- /dev/null +++ b/conf.d/000_local.conf.example @@ -0,0 +1,68 @@ +###################################################################### +# LOCAL CONFIGURATION # +# Specifies settings specific for the current host # +###################################################################### + +# Specify your host's canonical name here. This should normally be the fully +# qualified "official" name of your host. If this option is not set, the +# uname() function is called to obtain the name. In many cases this does +# the right thing and you need not set anything explicitly. + +primary_hostname = + +# The next three settings create two lists of domains and one list of hosts. +# These lists are referred to later in this configuration using the syntax +# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They +# are all colon-separated lists: + +domainlist local_domains = @ +domainlist relay_to_domains = +hostlist relay_from_hosts = localhost +hostlist trusted_relay_hosts = +# (We rely upon hostname resolution working for localhost, because the default +# uncommented configuration needs to work in IPv4-only environments.) + +# Most straightforward access control requirements can be obtained by +# appropriate settings of the above options. In more complicated situations, +# you may need to modify the Access Control Lists (ACLs) which appear later in +# this file. + +# The first setting specifies your local domains, for example: +# +# domainlist local_domains = my.first.domain : my.second.domain +# +# You can use "@" to mean "the name of the local host", as in the default +# setting above. This is the name that is specified by primary_hostname, +# as specified above (or defaulted). If you do not want to do any local +# deliveries, remove the "@" from the setting above. If you want to accept mail +# addressed to your host's literal IP address, for example, mail addressed to +# "user@[192.168.23.44]", you can add "@[]" as an item in the local domains +# list. You also need to uncomment "allow_domain_literals" below. This is not +# recommended for today's Internet. + +# The second setting specifies domains for which your host is an incoming relay. +# If you are not doing any relaying, you should leave the list empty. However, +# if your host is an MX backup or gateway of some kind for some domains, you +# must set relay_to_domains to match those domains. For example: +# +# domainlist relay_to_domains = *.myco.com : my.friend.org +# +# This will allow any host to relay through your host to those domains. +# See the section of the manual entitled "Control of relaying" for more +# information. + +# The third setting specifies hosts that can use your host as an outgoing relay +# to any other host on the Internet. Such a setting commonly refers to a +# complete local network as well as the localhost. For example: +# +# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16 +# +# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you +# have to include 127.0.0.1 if you want to allow processes on your host to send +# SMTP mail by using the loopback address. A number of MUAs use this method of +# sending mail. Often, connections are made to "localhost", which might be ::1 +# on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks. + +# All three of these lists may contain many different kinds of item, including +# wildcarded names, regular expressions, and file lookups. See the reference +# manual for details. diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf index 04ddd47..848304f 100644 --- a/conf.d/010_main.conf +++ b/conf.d/010_main.conf @@ -1,72 +1,9 @@ ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### -# - -# Specify your host's canonical name here. This should normally be the fully -# qualified "official" name of your host. If this option is not set, the -# uname() function is called to obtain the name. In many cases this does -# the right thing and you need not set anything explicitly. - -primary_hostname = -SHORT_HOSTNAME = - -# The next three settings create two lists of domains and one list of hosts. -# These lists are referred to later in this configuration using the syntax -# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They -# are all colon-separated lists: - -domainlist local_domains = @ -domainlist relay_to_domains = -hostlist relay_from_hosts = localhost -# (We rely upon hostname resolution working for localhost, because the default -# uncommented configuration needs to work in IPv4-only environments.) - -# Most straightforward access control requirements can be obtained by -# appropriate settings of the above options. In more complicated situations, -# you may need to modify the Access Control Lists (ACLs) which appear later in -# this file. - -# The first setting specifies your local domains, for example: -# -# domainlist local_domains = my.first.domain : my.second.domain -# -# You can use "@" to mean "the name of the local host", as in the default -# setting above. This is the name that is specified by primary_hostname, -# as specified above (or defaulted). If you do not want to do any local -# deliveries, remove the "@" from the setting above. If you want to accept mail -# addressed to your host's literal IP address, for example, mail addressed to -# "user@[192.168.23.44]", you can add "@[]" as an item in the local domains -# list. You also need to uncomment "allow_domain_literals" below. This is not -# recommended for today's Internet. - -# The second setting specifies domains for which your host is an incoming relay. -# If you are not doing any relaying, you should leave the list empty. However, -# if your host is an MX backup or gateway of some kind for some domains, you -# must set relay_to_domains to match those domains. For example: -# -# domainlist relay_to_domains = *.myco.com : my.friend.org -# -# This will allow any host to relay through your host to those domains. -# See the section of the manual entitled "Control of relaying" for more -# information. - -# The third setting specifies hosts that can use your host as an outgoing relay -# to any other host on the Internet. Such a setting commonly refers to a -# complete local network as well as the localhost. For example: -# -# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16 -# -# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you -# have to include 127.0.0.1 if you want to allow processes on your host to send -# SMTP mail by using the loopback address. A number of MUAs use this method of -# sending mail. Often, connections are made to "localhost", which might be ::1 -# on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks. -# All three of these lists may contain many different kinds of item, including -# wildcarded names, regular expressions, and file lookups. See the reference -# manual for details. The lists above are used in the access control lists for -# checking incoming messages. The names of these ACLs are defined here: +# Access control lists for checking incoming messages. +# The names of these ACLs are defined here: acl_smtp_rcpt = ${if ={587}{$interface_port} {acl_mua_rcpt} {acl_mta_rcpt}} acl_smtp_mail = ${if ={587}{$interface_port} {acl_mua_mail} {accept}} @@ -325,7 +262,3 @@ timeout_frozen_after = 7d # keep_environment = ^LDAP # add_environment = PATH=/usr/bin::/bin - - -# LMTP backend -LMTP_BACKENDS = diff --git a/conf.d/020_acl.conf b/conf.d/020_acl.conf index 1701a12..3b1ce2a 100644 --- a/conf.d/020_acl.conf +++ b/conf.d/020_acl.conf @@ -41,7 +41,7 @@ acl_check_alias: acl_check_rcpt_host_policy: # Accept all messages from trusted hosts and relays. - accept hosts = +redirected_from_hosts + accept hosts = +trusted_relay_hosts # Deny messages from hosts known to be bad. deny dnslists = sbl-xbl.spamhaus.org : bl.spamcop.net diff --git a/conf.d/030_routers.conf b/conf.d/030_routers.conf index c88b94c..a74fb44 100644 --- a/conf.d/030_routers.conf +++ b/conf.d/030_routers.conf @@ -164,6 +164,6 @@ local_user: transport = dovecot_lmtp domains = +local_domains driver = manualroute - route_list = "* LMTP_BACKENDS byname" + route_data = ${lookup{$domain}lsearch*{LMTPMAP}} host_find_failed = ignore host_all_ignored = defer diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index af605d5..ec5c0ab 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf @@ -20,7 +20,7 @@ remote_smtp: driver = smtp message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} dkim_domain = $sender_address_domain - dkim_selector = SHORT_HOSTNAME + dkim_selector = $primary_hostname dkim_private_key = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem dkim_canon = relaxed dkim_strict = yes diff --git a/exim.conf b/exim.conf index 00385f8..a45ffdc 100644 --- a/exim.conf +++ b/exim.conf @@ -43,7 +43,9 @@ DKIMDIR = /etc/mail/dkim USERLIST = /etc/mail/list.d/users.list ALIASMAP = /etc/mail/list.d/aliases.map +LMTPMAP = /etc/mail/list.d/lmtp.map +.include CONFDIR/conf.d/000_local.conf .include CONFDIR/conf.d/010_main.conf .include CONFDIR/conf.d/020_acl.conf .include CONFDIR/conf.d/030_routers.conf -- cgit v1.2.3