Config Postfix/Dovecot ?

Discussion dans 'Administration d'un site Web' créé par ortolojf, 23 Avril 2019.

  1. ortolojf
    ortolojf WRInaute accro
    Inscrit:
    14 Août 2002
    Messages:
    3 179
    J'aime reçus:
    19
    Bonjour

    Je met au point péniblement main.cf et master.cf

    Voici ce que j'obtiens pour l'instant :


    Main.cf
    *********

    Code:
    
    
        Attention :
        A compléter :
        XXXXX
    # Global Postfix configuration file. This file lists only a subset
    # of all parameters. For the syntax, and for a complete parameter
    # list, see the postconf(5) manual page (command: "man 5 postconf").
    #
    # For common configuration examples, see BASIC_CONFIGURATION_README
    # and STANDARD_CONFIGURATION_README. To find these documents, use
    # the command "postconf html_directory readme_directory", or go to
    # http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
    #
    # For best results, change no more than 2-3 parameters at a time,
    # and test if Postfix still works after every change.
    # COMPATIBILITY
    #
    # The compatibility_level determines what default settings Postfix
    # will use for main.cf and master.cf settings. These defaults will
    # change over time.
    #
    # To avoid breaking things, Postfix will use backwards-compatible
    # default settings and log where it uses those old backwards-compatible
    # default settings, until the system administrator has determined
    # if any backwards-compatible default settings need to be made
    # permanent in main.cf or master.cf.
    #
    # When this review is complete, update the compatibility_level setting
    # below as recommended in the RELEASE_NOTES file.
    #
    # The level below is what should be used with new (not upgrade) installs.
    #
    compatibility_level = 2
    # SHOW SOFTWARE VERSION OR NOT
    #
    # The smtpd_banner parameter specifies the text that follows the 220
    # code in the SMTP server's greeting banner. Some people like to see
    # the mail version advertised. By default, Postfix shows no version.
    #
    # You MUST specify $myhostname at the start of the text. That is an
    # RFC requirement. Postfix itself does not care.
    #
    #smtpd_banner = $myhostname ESMTP $mail_name
    #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    # Ne pas utiliser le service biff qui sert à la notification
    # des nouveaux mails
    biff = no
     
    # SOFT BOUNCE
    #
    # The soft_bounce parameter provides a limited safety net for
    # testing.  When soft_bounce is enabled, mail will remain queued that
    # would otherwise bounce. This parameter disables locally-generated
    # bounces, and prevents the SMTP server from rejecting mail permanently
    # (by changing 5xx replies into 4xx replies). However, soft_bounce
    # is no cure for address rewriting mistakes or mail routing mistakes.
    #
    #soft_bounce = no
    # LOCAL PATHNAME INFORMATION
    #
    # The queue_directory specifies the location of the Postfix queue.
    # This is also the root directory of Postfix daemons that run chrooted.
    # See the files in examples/chroot-setup for setting up Postfix chroot
    # environments on different UNIX systems.
    #
    #queue_directory = /var/spool/postfix
    queue_directory = /var/spool/postfix
     XXXXX
    # The command_directory parameter specifies the location of all
    # postXXX commands.
    #
    command_directory = /usr/sbin
     XXXXX
    # The daemon_directory parameter specifies the location of all Postfix
    # daemon programs (i.e. programs listed in the master.cf file). This
    # directory must be owned by root.
    #
    daemon_directory = /usr/lib/postfix/sbin
     XXXXX
    # The data_directory parameter specifies the location of Postfix-writable
    # data files (caches, random numbers). This directory must be owned
    # by the mail_owner account (see below).
    #
    data_directory = /var/lib/postfix
     XXXXX
    #
    # program_directory = /usr/local/libexec/postfix
     XXXXX
    #
    # QUEUE AND PROCESS OWNERSHIP
    #
    # The mail_owner parameter specifies the owner of the Postfix queue
    # and of most Postfix daemon processes.  Specify the name of a user
    # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
    # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
    # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
    # USER.
    #
    #mail_owner = postfix
    mail_owner = postfix
    # The default_privs parameter specifies the default rights used by
    # the local delivery agent for delivery to external file or command.
    # These rights are used in the absence of a recipient user context.
    # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
    #
    #default_privs = nobody
     XXXXX
    # INTERNET HOST AND DOMAIN NAMES
    #
    # The myhostname parameter specifies the internet hostname of this
    # mail system. The default is to use the fully-qualified domain name
    # from gethostname(). $myhostname is used as a default value for many
    # other configuration parameters.
    #
    #myhostname = host.domain.tld
    #myhostname = virtual.domain.tld
    myhostname = mail.pronostics-courses.fr
    # The mydomain parameter specifies the local internet domain name.
    # The default is to use $myhostname minus the first component.
    # $mydomain is used as a default value for many other configuration
    # parameters.
    #
    # mydomain = domain.tld
    mydomain = pronostics-courses.fr
    # SENDING MAIL
    #
    # The myorigin parameter specifies the domain that locally-posted
    # mail appears to come from. The default is to append $myhostname,
    # which is fine for small sites.  If you run a domain with multiple
    # machines, you should (1) change this to $mydomain and (2) set up
    # a domain-wide alias database that aliases each user to
    # user@that.users.mailhost.
    #
    # For the sake of consistency between sender and recipient addresses,
    # myorigin also specifies the default domain name that is appended
    # to recipient addresses that have no @domain part.
    #
    # Debian GNU/Linux specific:  Specifying a file name will cause the
    # first line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #
    #myorigin = /etc/mailname
    #myorigin = $myhostname
    #myorigin = $mydomain
    myorigin = $mydomain
    # RECEIVING MAIL
    # The inet_interfaces parameter specifies the network interface
    # addresses that this mail system receives mail on.  By default,
    # the software claims all active interfaces on the machine. The
    # parameter also controls delivery of mail to user@[ip.address].
    #
    # See also the proxy_interfaces parameter, for network addresses that
    # are forwarded to us via a proxy or network address translator.
    #
    # Note: you need to stop/start Postfix when this parameter changes.
    #
    #inet_interfaces = all
    inet_interfaces = all
    #inet_interfaces = $myhostname
    #inet_interfaces = $myhostname, localhost
    inet_protocols = ipv4
     XXXXX
    # The proxy_interfaces parameter specifies the network interface
    # addresses that this mail system receives mail on by way of a
    # proxy or network address translation unit. This setting extends
    # the address list specified with the inet_interfaces parameter.
    #
    # You must specify your proxy/NAT addresses when your system is a
    # backup MX host for other domains, otherwise mail delivery loops
    # will happen when the primary MX host is down.
    #
    #proxy_interfaces =
    #proxy_interfaces = 1.2.3.4
    # The mydestination parameter specifies the list of domains that this
    # machine considers itself the final destination for.
    #
    # These domains are routed to the delivery agent specified with the
    # local_transport parameter setting. By default, that is the UNIX
    # compatible delivery agent that lookups all recipients in /etc/passwd
    # and /etc/aliases or their equivalent.
    #
    # The default is $myhostname + localhost.$mydomain + localhost.  On
    # a mail domain gateway, you should also include $mydomain.
    #
    # Do not specify the names of virtual domains - those domains are
    # specified elsewhere (see VIRTUAL_README).
    #
    # Do not specify the names of domains that this machine is backup MX
    # host for. Specify those names via the relay_domains settings for
    # the SMTP server, or use permit_mx_backup if you are lazy (see
    # STANDARD_CONFIGURATION_README).
    #
    # The local machine is always the final destination for mail addressed
    # to user@[the.net.work.address] of an interface that the mail system
    # receives mail on (see the inet_interfaces parameter).
    #
    # Specify a list of host or domain names, /file/name or type:table
    # patterns, separated by commas and/or whitespace. A /file/name
    # pattern is replaced by its contents; a type:table is matched when
    # a name matches a lookup key (the right-hand side is ignored).
    # Continue long lines by starting the next line with whitespace.
    #
    # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
    #
    #mydestination = $myhostname, localhost.$mydomain, localhost
    #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
    #       mail.$mydomain, www.$mydomain, ftp.$mydomain
    # REJECTING MAIL FOR UNKNOWN LOCAL USERS
    #
    # The local_recipient_maps parameter specifies optional lookup tables
    # with all names or addresses of users that are local with respect
    # to $mydestination, $inet_interfaces or $proxy_interfaces.
    #
    # If this parameter is defined, then the SMTP server will reject
    # mail for unknown local users. This parameter is defined by default.
    #
    # To turn off local recipient checking in the SMTP server, specify
    # local_recipient_maps = (i.e. empty).
    #
    # The default setting assumes that you use the default Postfix local
    # delivery agent for local delivery. You need to update the
    # local_recipient_maps setting if:
    #
    # - You define $mydestination domain recipients in files other than
    #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
    #   For example, you define $mydestination domain recipients in 
    #   the $virtual_mailbox_maps files.
    #
    # - You redefine the local delivery agent in master.cf.
    #
    # - You redefine the "local_transport" setting in main.cf.
    #
    # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
    #   feature of the Postfix local delivery agent (see local(8)).
    #
    # Details are described in the LOCAL_RECIPIENT_README file.
    #
    # Beware: if the Postfix SMTP server runs chrooted, you probably have
    # to access the passwd file via the proxymap service, in order to
    # overcome chroot restrictions. The alternative, having a copy of
    # the system passwd file in the chroot jail is just not practical.
    #
    # The right-hand side of the lookup tables is conveniently ignored.
    # In the left-hand side, specify a bare username, an @domain.tld
    # wild-card, or specify a user@domain.tld address.
    #
    #local_recipient_maps = unix:passwd.byname $alias_maps
    #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
    #local_recipient_maps =
    # The unknown_local_recipient_reject_code specifies the SMTP server
    # response code when a recipient domain matches $mydestination or
    # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
    # and the recipient address or address local-part is not found.
    #
    # The default setting is 550 (reject mail) but it is safer to start
    # with 450 (try again later) until you are certain that your
    # local_recipient_maps settings are OK.
    #
    unknown_local_recipient_reject_code = 550
     XXXXX
    # TRUST AND RELAY CONTROL
    # The mynetworks parameter specifies the list of "trusted" SMTP
    # clients that have more privileges than "strangers".
    #
    # In particular, "trusted" SMTP clients are allowed to relay mail
    # through Postfix.  See the smtpd_recipient_restrictions parameter
    # in postconf(5).
    #
    # You can specify the list of "trusted" network addresses by hand
    # or you can let Postfix do it for you (which is the default).
    #
    # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
    # clients in the same IP subnetworks as the local machine.
    # On Linux, this does works correctly only with interfaces specified
    # with the "ifconfig" command.
    #
    # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
    # clients in the same IP class A/B/C networks as the local machine.
    # Don't do this with a dialup site - it would cause Postfix to "trust"
    # your entire provider's network.  Instead, specify an explicit
    # mynetworks list by hand, as described below.
    #
    # Specify "mynetworks_style = host" when Postfix should "trust"
    # only the local machine.
    #
    #mynetworks_style = class
    #mynetworks_style = subnet
    mynetworks_style = host
    # Alternatively, you can specify the mynetworks list by hand, in
    # which case Postfix ignores the mynetworks_style setting.
    #
    # Specify an explicit list of network/netmask patterns, where the
    # mask specifies the number of bits in the network part of a host
    # address.
    #
    # You can also specify the absolute pathname of a pattern file instead
    # of listing the patterns here. Specify type:table for table-based lookups
    # (the value on the table right-hand side is not used).
    #
    #mynetworks = 168.100.189.0/28, 127.0.0.0/8
    #mynetworks = $config_directory/mynetworks
    #mynetworks = hash:/etc/postfix/network_table
    # mynetworks = 54.37.65.148, 127.0.0.0/8, 2001:41d0:401:3200::2971, ::1
    # The relay_domains parameter restricts what destinations this system will
    # relay mail to.  See the smtpd_recipient_restrictions description in
    # postconf(5) for detailed information.
    #
    # By default, Postfix relays mail
    # - from "trusted" clients (IP address matches $mynetworks) to any destination,
    # - from "untrusted" clients to destinations that match $relay_domains or
    #   subdomains thereof, except addresses with sender-specified routing.
    # The default relay_domains value is $mydestination.
    #
    # In addition to the above, the Postfix SMTP server by default accepts mail
    # that Postfix is final destination for:
    # - destinations that match $inet_interfaces or $proxy_interfaces,
    # - destinations that match $mydestination
    # - destinations that match $virtual_alias_domains,
    # - destinations that match $virtual_mailbox_domains.
    # These destinations do not need to be listed in $relay_domains.
    #
    # Specify a list of hosts or domains, /file/name patterns or type:name
    # lookup tables, separated by commas and/or whitespace.  Continue
    # long lines by starting the next line with whitespace. A file name
    # is replaced by its contents; a type:name table is matched when a
    # (parent) domain appears as lookup key.
    #
    # NOTE: Postfix will not automatically forward mail for domains that
    # list this system as their primary or backup MX host. See the
    # permit_mx_backup restriction description in postconf(5).
    #
    #relay_domains = $mydestination
    relay_domains = $mydestination
    # INTERNET OR INTRANET
    # The relayhost parameter specifies the default host to send mail to
    # when no entry is matched in the optional transport(5) table. When
    # no relayhost is given, mail is routed directly to the destination.
    #
    # On an intranet, specify the organizational domain name. If your
    # internal DNS uses no MX records, specify the name of the intranet
    # gateway host instead.
    #
    # In the case of SMTP, specify a domain, host, host:port, [host]:port,
    # [address] or [address]:port; the form [host] turns off MX lookups.
    #
    # If you're connected via UUCP, see also the default_transport parameter.
    #
    #relayhost = $mydomain
    #relayhost = [gateway.my.domain]
    #relayhost = [mailserver.isp.tld]
    #relayhost = uucphost
    #relayhost = [an.ip.add.ress]
    relayhost =
    # REJECTING UNKNOWN RELAY USERS
    #
    # The relay_recipient_maps parameter specifies optional lookup tables
    # with all addresses in the domains that match $relay_domains.
    #
    # If this parameter is defined, then the SMTP server will reject
    # mail for unknown relay users. This feature is off by default.
    #
    # The right-hand side of the lookup tables is conveniently ignored.
    # In the left-hand side, specify an @domain.tld wild-card, or specify
    # a user@domain.tld address.
    #
    #relay_recipient_maps = hash:/etc/postfix/relay_recipients
    # INPUT RATE CONTROL
    #
    # The in_flow_delay configuration parameter implements mail input
    # flow control. This feature is turned on by default, although it
    # still needs further development (it's disabled on SCO UNIX due
    # to an SCO bug).
    #
    # A Postfix process will pause for $in_flow_delay seconds before
    # accepting a new message, when the message arrival rate exceeds the
    # message delivery rate. With the default 100 SMTP server process
    # limit, this limits the mail inflow to 100 messages a second more
    # than the number of messages delivered per second.
    #
    # Specify 0 to disable the feature. Valid delays are 0..10.
    #
    #in_flow_delay = 1s
    # ADDRESS REWRITING
    #
    # The ADDRESS_REWRITING_README document gives information about
    # address masquerading or other forms of address rewriting including
    # username->Firstname.Lastname mapping.
    # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
    #
    # The VIRTUAL_README document gives information about the many forms
    # of domain hosting that Postfix supports.
    # "USER HAS MOVED" BOUNCE MESSAGES
    #
    # See the discussion in the ADDRESS_REWRITING_README document.
    # TRANSPORT MAP
    #
    # See the discussion in the ADDRESS_REWRITING_README document.
    # ALIAS DATABASE
    #
    # The alias_maps parameter specifies the list of alias databases used
    # by the local delivery agent. The default list is system dependent.
    #
    # On systems with NIS, the default is to search the local alias
    # database, then the NIS alias database. See aliases(5) for syntax
    # details.
    #
    # If you change the alias database, run "postalias /etc/aliases" (or
    # wherever your system stores the mail alias file), or simply run
    # "newaliases" to build the necessary DBM or DB file.
    #
    # It will take a minute or so before changes become visible.  Use
    # "postfix reload" to eliminate the delay.
    #
    #alias_maps = dbm:/etc/aliases
    #alias_maps = hash:/etc/aliases
    #alias_maps = hash:/etc/aliases, nis:mail.aliases
    #alias_maps = netinfo:/aliases
    #
    #  Syntax : root: postmaster@pronostics-courses.fr
    #
    # postalias hash:/etc/postfix/aliases
    # ou :
    # newaliases
    #
    alias_maps = hash:/etc/postfix/aliases
    #
    # Notify level.
    # Levels :
    # bounce, 2bounce, delay, policy, protocol, resource, software
    #
    #   Default :
    notify_classes = resource, software
    # The alias_database parameter specifies the alias database(s) that
    # are built with "newaliases" or "sendmail -bi".  This is a separate
    # configuration parameter, because alias_maps (see above) may specify
    # tables that are not necessarily all under control by Postfix.
    #
    #alias_database = dbm:/etc/aliases
    #alias_database = dbm:/etc/mail/aliases
    #alias_database = hash:/etc/aliases
    #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
    #
    #  Syntax : root: postmaster@pronostics-courses.fr
    #
    # postalias /etc/postfix/aliases
    # ou :
    # newaliases
    #
    # alias_database = hash:/etc/postfix/aliases
    #
    #  Syntax : root: postmaster@pronostics-courses.fr
    #
    # postmap /etc/postfix/canonical
    #
    sender_canonical_maps = hash:/etc/postfix/canonical
    # ADDRESS EXTENSIONS (e.g., user+foo)
    #
    # The recipient_delimiter parameter specifies the separator between
    # user names and address extensions (user+foo). See canonical(5),
    # local(8), relocated(5) and virtual(5) for the effects this has on
    # aliases, canonical, virtual, relocated and .forward file lookups.
    # Basically, the software tries user+foo and .forward+foo before
    # trying user and .forward.
    #
    #recipient_delimiter = +
    recipient_delimiter = +
    # DELIVERY TO MAILBOX
    #
    # The home_mailbox parameter specifies the optional pathname of a
    # mailbox file relative to a user's home directory. The default
    # mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
    # "Maildir/" for qmail-style delivery (the / is required).
    #
    #home_mailbox = Mailbox
    #home_mailbox = Maildir/
    home_mailbox=/var/mail/vmail/
    # The mail_spool_directory parameter specifies the directory where
    # UNIX-style mailboxes are kept. The default setting depends on the
    # system type.
    #
    #mail_spool_directory = /var/mail
    #mail_spool_directory = /var/spool/mail
    mail_spool_directory = /var/mail/vmail/
    # Taille des boites aux lettres. 0 : pas de limite
    mailbox_size_limit = 0
    # message_size_limit = 104850
    # message_size_limit = 52428800
    # The mailbox_command parameter specifies the optional external
    # command to use instead of mailbox delivery. The command is run as
    # the recipient with proper HOME, SHELL and LOGNAME environment settings.
    # Exception:  delivery for root is done as $default_user.
    #
    # Other environment variables of interest: USER (recipient username),
    # EXTENSION (address extension), DOMAIN (domain part of address),
    # and LOCAL (the address localpart).
    #
    # Unlike other Postfix configuration parameters, the mailbox_command
    # parameter is not subjected to $parameter substitutions. This is to
    # make it easier to specify shell syntax (see example below).
    #
    # Avoid shell meta characters because they will force Postfix to run
    # an expensive shell process. Procmail alone is expensive enough.
    #
    # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
    # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
    #
    #mailbox_command = /usr/bin/procmail
    mailbox_command = /usr/bin/procmail
    #mailbox_command = /usr/bin/procmail -a "$EXTENSION"
    # The mailbox_transport specifies the optional transport in master.cf
    # to use after processing aliases and .forward files. This parameter
    # has precedence over the mailbox_command, fallback_transport and
    # luser_relay parameters.
    #
    # Specify a string of the form transport:nexthop, where transport is
    # the name of a mail delivery transport defined in master.cf.  The
    # :nexthop part is optional. For more details see the sample transport
    # configuration file.
    #
    # NOTE: if you use this feature for accounts not in the UNIX password
    # file, then you must update the "local_recipient_maps" setting in
    # the main.cf file, otherwise the SMTP server will reject mail for 
    # non-UNIX accounts with "User unknown in local recipient table".
    #
    # Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
    # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
    #mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
    #
    # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
    # subsequent line in master.cf.
    #mailbox_transport = cyrus
    # The fallback_transport specifies the optional transport in master.cf
    # to use for recipients that are not found in the UNIX passwd database.
    # This parameter has precedence over the luser_relay parameter.
    #
    # Specify a string of the form transport:nexthop, where transport is
    # the name of a mail delivery transport defined in master.cf.  The
    # :nexthop part is optional. For more details see the sample transport
    # configuration file.
    #
    # NOTE: if you use this feature for accounts not in the UNIX password
    # file, then you must update the "local_recipient_maps" setting in
    # the main.cf file, otherwise the SMTP server will reject mail for 
    # non-UNIX accounts with "User unknown in local recipient table".
    #
    #fallback_transport = lmtp:unix:/file/name
    #fallback_transport = cyrus
    #fallback_transport =
    # The luser_relay parameter specifies an optional destination address
    # for unknown recipients.  By default, mail for unknown@$mydestination,
    # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
    # as undeliverable.
    #
    # The following expansions are done on luser_relay: $user (recipient
    # username), $shell (recipient shell), $home (recipient home directory),
    # $recipient (full recipient address), $extension (recipient address
    # extension), $domain (recipient domain), $local (entire recipient
    # localpart), $recipient_delimiter. Specify ${name?value} or
    # ${name:value} to expand value only when $name does (does not) exist.
    #
    # luser_relay works only for the default Postfix local delivery agent.
    #
    # NOTE: if you use this feature for accounts not in the UNIX password
    # file, then you must specify "local_recipient_maps =" (i.e. empty) in
    # the main.cf file, otherwise the SMTP server will reject mail for 
    # non-UNIX accounts with "User unknown in local recipient table".
    #
    #luser_relay = $user@other.host
    #luser_relay = $local@other.host
    #luser_relay = admin+$local
     
    # JUNK MAIL CONTROLS
    #
    # The controls listed here are only a very small subset. The file
    # SMTPD_ACCESS_README provides an overview.
    # The header_checks parameter specifies an optional table with patterns
    # that each logical message header is matched against, including
    # headers that span multiple physical lines.
    #
    # By default, these patterns also apply to MIME headers and to the
    # headers of attached messages. With older Postfix versions, MIME and
    # attached message headers were treated as body text.
    #
    # For details, see "man header_checks".
    #
    # header_checks = regexp:/etc/postfix/header_checks
    # FAST ETRN SERVICE
    #
    # Postfix maintains per-destination logfiles with information about
    # deferred mail, so that mail can be flushed quickly with the SMTP
    # "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
    # See the ETRN_README document for a detailed description.
    #
    # The fast_flush_domains parameter controls what destinations are
    # eligible for this service. By default, they are all domains that
    # this server is willing to relay mail to.
    #
    #fast_flush_domains = $relay_domains
    # PARALLEL DELIVERY TO THE SAME DESTINATION
    #
    # How many parallel deliveries to the same user or domain? With local
    # delivery, it does not make sense to do massively parallel delivery
    # to the same user, because mailbox updates must happen sequentially,
    # and expensive pipelines in .forward files can cause disasters when
    # too many are run at the same time. With SMTP deliveries, 10
    # simultaneous connections to the same domain could be sufficient to
    # raise eyebrows.
    #
    # Each message delivery transport has its XXX_destination_concurrency_limit
    # parameter.  The default is $default_destination_concurrency_limit for
    # most delivery transports. For the local delivery agent the default is 2.
    #local_destination_concurrency_limit = 2
    local_destination_concurrency_limit = 2
    #default_destination_concurrency_limit = 20
    default_destination_concurrency_limit = 10
    #
    #
    default_transport = smtp
    # defer_transport = smtp
     XXXXX
    # DEBUGGING CONTROL
    #
    # The debug_peer_level parameter specifies the increment in verbose
    # logging level when an SMTP client or server host name or address
    # matches a pattern in the debug_peer_list parameter.
    #
    debug_peer_level = 2
    # The debug_peer_list parameter specifies an optional list of domain
    # or network patterns, /file/name patterns or type:name tables. When
    # an SMTP client or server host name or address matches a pattern,
    # increase the verbose logging level by the amount specified in the
    # debug_peer_level parameter.
    #
    #debug_peer_list = 127.0.0.1
    #debug_peer_list = some.domain
    # The debugger_command specifies the external command that is executed
    # when a Postfix daemon program is run with the -D option.
    #
    # Use "command .. & sleep 5" so that the debugger can attach before
    # the process marches on. If you use an X-based debugger, be sure to
    # set up your XAUTHORITY environment variable before starting Postfix.
    #
    # debugger_command =
    #    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    #    ddd $daemon_directory/$process_name $process_id & sleep 5
    # If you can't use X, use this to capture the call stack when a
    # daemon crashes. The result is in a file in the configuration
    # directory, and is named after the process name and the process ID.
    #
     debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 >$config_directory/$process_name.$process_id.log & sleep 5
    #
    # Another possibility is to run gdb under a detached screen session.
    # To attach to the screen sesssion, su root and run "screen -r
    # <id_string>" where <id_string> uniquely matches one of the detached
    # sessions (from "screen -list").
    #
    # debugger_command =
    #    PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
    #    -dmS $process_name gdb $daemon_directory/$process_name
    #    $process_id & sleep 1
    # INSTALL-TIME CONFIGURATION INFORMATION
    #
    # The following parameters are used when installing a new Postfix version.
    #
    # sendmail_path: The full pathname of the Postfix sendmail command.
    # This is the Sendmail-compatible mail posting interface.
    #
    sendmail_path = /usr/sbin/sendmail
     XXXXX
    # newaliases_path: The full pathname of the Postfix newaliases command.
    # This is the Sendmail-compatible command to build alias databases.
    #
    # newaliases_path =
     XXXXX
    # mailq_path: The full pathname of the Postfix mailq command.  This
    # is the Sendmail-compatible mail queue listing command.
    #
    # mailq_path =
     XXXXX
    # setgid_group: The group for mail submission and queue management
    # commands.  This must be a group name with a numerical group ID that
    # is not shared with other accounts, not even with the Postfix account.
    #
    # setgid_group =
     XXXXX
    # html_directory: The location of the Postfix HTML documentation.
    #
    # html_directory =
     XXXXX
    # manpage_directory: The location of the Postfix on-line manual pages.
    #
    # manpage_directory =
     XXXXX
    # sample_directory: The location of the Postfix sample configuration files.
    # This parameter is obsolete as of Postfix 2.1.
    #
    # sample_directory =
    # readme_directory: The location of the Postfix README files.
    #
    # readme_directory =
    # SASL
    # Type de support SASL.
    smtpd_sasl_type = dovecot
    # Emplacement des
    smtpd_sasl_path = private/auth
    # Active le support SASL.
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    # Noms de login SASL
    # => en-têtes de messages
    # "Received:"
    #
    smtpd_sasl_authenticated_header = yes
    #################################################
    #        SSL/TLS certificates        #
    #################################################
    smtpd_tls_cert_file = /etc/letsencrypt/live/www.pronostics-courses.fr/fullchain.pem
    smtpd_tls_key_file = /etc/letsencrypt/live/www.pronostics-courses.fr/privkey.pem
    smtpd_tls_CAfile = /etc/letsencrypt/live/www.pronostics-courses.fr/fullchain.pem
    smtpd_tls_dh1024_param_file = /etc/nginx/ssl/private/dhparam_4096.pem
    smtpd_tls_ciphers = high
    # smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, 3DES, MD5, PSK
    # smtpd_tls_mandatory_ciphers = high
    # tls_high_cipherlist = ECDH+aRSA+AES256:ECDH+aRSA+AES128:AES256-SHA:DES-CBC3-SHA
    # tls_preempt_cipherlist = yes
    smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, 3DES, MD5, PSK
    # ssl_cipher_list = ECDHE-RSA-CHACHA20-POLY1305:EECDH+AES:+AES128:+
    ###########################################################
    # TLS parameters
    # smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt
    smtp_tls_note_starttls_offer = yes
    smtpd_use_tls = yes
    smtpd_tls_auth_only = yes
    smtpd_tls_security_level = encrypt
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    # On ne rajoute pas le domaine car c'est le boulot du client mail
    append_dot_mydomain = no
     
    # Permet d'envoyer un email a l'émetteur si son mail n'est pas
    # parti au bout d'un certain temps
    #delay_warning_time = 4h
    #########################################
    #        Permissions        #
    #########################################
    smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname
    smtpd_data_restrictions = reject_multi_recipient_bounce
    smtpd_helo_required = yes
    # With Postfix version before 2.10, use smtpd_recipient_restrictions
    #
    # smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    # smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    #
    smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_unverified_sender
    # smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    # lmtp_destination_recipient_limit = 1
    # virtual_transport = lmtp:unix:private/dovecot-lmtp
    # smtpd_milters = inet:localhost:11332
    # milter_default_action = accept
    # milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
    # milter_protocol = 6
    # virtual_transport = lmtp:unix:private/dovecot-lmtp
    #########################################################
    #                       SQL Config                      #
    #########################################################
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    # virtualaliasmaps = hash:/etc/postfix/virtual
    virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
    virtual_mailbox_base = /var/mail/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
    virtual_alias_domains =
    local_recipient_maps = $virtual_mailbox_maps
    ##########################################################
    # relay_domains = proxy:mysql:/etc/postfix/sql/mysql_relay_domains_maps.cf
    # Additional for quota support
    # virtual_create_maildirsize = yes
    # virtual_mailbox_extended = yes
    # virtual_mailbox_limit_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
    # virtual_mailbox_limit_override = yes
    # virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
    # virtual_overquota_bounce = yes
    
    

    Et master.cf :
    **************

    Code:
    
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    #submission inet n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/submission
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       y       -       -       smtpd
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    #maildrop  unix  -       n       n       -       -       pipe
    #  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    procmail  unix  -       n       n       -       -       pipe
    #  flags=RO user=vmail argv=/usr/bin/procmail -t -m USER=${user} EXTENSION=${extension} DOMAIN=${domain} /etc/postfix/procmailrc.common
      flags=RO user=vmail argv=/usr/bin/procmail -t USER=${user} EXTENSION=${extension} DOMAIN=${domain}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
     
    Celà vous semble-t-il correct ?

    J'ai tous les fichiers proxy:mysql de mon vps actuel.

    Merci beaucoup pour vos réponses.

    Amicalement.
     
    #1 ortolojf, 23 Avril 2019
    Dernière édition: 23 Avril 2019
  2. KOogar
    KOogar WRInaute accro
    Inscrit:
    16 Novembre 2004
    Messages:
    4 665
    J'aime reçus:
    78
    sans répondre a ta question voila ce que je pense de ton post: les sys admin sont tous a 60 balles de l'heure, postfix/devecot c'est ce qu'i y a de plus dur a paramétrer, c'est extrêmement technique. sur certain forums les sys admin répondent... mais se répondent entre eux en général.
    On peut passer par codeur.com, il y a d'excellents sys admi avec 5 etoiles qui ont des prix au top. Pour 100 balles ils te montent tout le serveur y compris postfix sql avec une admin et en 2 heures!! Par contre ils veulent commencer de 0 car ils ont des systèmes de masque pendant l'installation. Perso quand il s'agit de postfix, j'evite d'y toucher. si c'est mal fait, on peut se faire black-lister son ip en moins de 2 et ca coute cher de perdre un serveur.
    Désoler de pas avoir répondu à ta question, mais si ma réponse peut t'aider, welcome!
     
  3. ortolojf
    ortolojf WRInaute accro
    Inscrit:
    14 Août 2002
    Messages:
    3 179
    J'aime reçus:
    19
    Bonjour KOogar ;)

    Bon, çà ne m'aide pas beaucoup, mais je persiste.

    J'ai déjà postfix / docecot sur mon vps précédent.

    Je cherche surtout à sécuriser au maximum le nouveau vps qui n'est pas encore loué par mes soins.

    Donc, FPS + DKIM + ( pour le reste ), sécurisation ssh + rkhunter + fail2ban + snort ?

    A propos de snort , c'est viable ?

    Merci beaucoup.

    Respectueusement.
     
    #3 ortolojf, 25 Avril 2019
    Dernière édition: 25 Avril 2019
  4. KOogar
    KOogar WRInaute accro
    Inscrit:
    16 Novembre 2004
    Messages:
    4 665
    J'aime reçus:
    78
    snort c'est même fortement recommandé.

    tu es chez OVH je crois ? c'est comment le rapport qualité/prix chez eux, chez Amazon je paye 10$ par mois pour 50GB de disque SSD avec 2 GB de ram et 2TB de transfert. J'hésite a prendre un serveur chez OVH, tu as essayé les serveurs kimsufi?
     
  5. ortolojf
    ortolojf WRInaute accro
    Inscrit:
    14 Août 2002
    Messages:
    3 179
    J'aime reçus:
    19
    Bonjour KOogar

    Merci beaucoup pour snort.

    Voilà la recherche sur Google : "OVH VPS SSD" :

    https://www.ovh.com/fr/vps/vps-ssd....MI0pn6ypHt4QIVU4fVCh1iFg0TEAAYASAAEgLhdPD_BwE

    A 14,39 euros TTC/mois tu as 80 Go SSD, 8 Go RAM, et tous les services VPS d'OVH.

    C'est-à-dire : Protection anti-ddos d'OVH, pas à se préoccuper du hardware, etc...

    Et encore c'est le plus cher des VPS SSD OVH.

    De mon point de vue : Rapport qualité/prix imbattable.

    Mais je n'ai pas essayé le Kimsufi.

    Merci beaucoup de ton aide.

    Amicalement.
     
  6. manoa.ratefiarison
    manoa.ratefiarison WRInaute discret
    Inscrit:
    23 Janvier 2013
    Messages:
    100
    J'aime reçus:
    0
    Bonjour,

    A première vue, le port 587 et le port 465 n'est pas configurée sur votre fichier de configuration postfix. Je pense que c'est parce que vous ne voulez pas utiliser SSL/TLS.
     
Chargement...
Similar Threads - Config Postfix Dovecot Forum Date
Comment configurer postfixadmin avec dovecot sous Debian Jessie ? Administration d'un site Web 13 Juillet 2015
Configuration Postfix Administration d'un site Web 20 Octobre 2013
Quelle config Sirdata pour un cookie perso ? Développement d'un site Web ou d'une appli mobile Hier à 17:13
Config TCF v2.0 pour GTM ? Google Analytics 14 Novembre 2020
Configuration Quantcast Choice avec fichier json. Google Analytics 15 Septembre 2020
Quelle config cache pour mariaDB ? Administration d'un site Web 15 Août 2020
Tarteaucitron : Comment configurer GTM sans cookie ? Google Analytics 14 Juillet 2020
Config letsencrypt pour Nginx et default.conf ? Administration d'un site Web 30 Décembre 2019
Google Ads : Comment passer le guide de configuration ? AdWords 29 Décembre 2019
DNS du WWW et DNS du domaine principal. La bonne configuration Débuter en référencement 19 Décembre 2019