From: mhoellein Date: Fri, 15 Mar 2024 09:08:09 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=1bf6c25016a4bcbd43f248cfe79ae1cf68bca4b3;p=vserver saving uncommitted changes in /etc prior to apt run --- diff --git a/.etckeeper b/.etckeeper index 1fe22f2be..ada384a85 100755 --- a/.etckeeper +++ b/.etckeeper @@ -19197,6 +19197,7 @@ maybe chmod 0644 'postfix/main.cf.save' maybe chmod 0644 'postfix/master.cf' maybe chmod 0644 'postfix/master.cf.proto' maybe chmod 0644 'postfix/master.cf.save' +maybe chmod 0644 'postfix/master.cf_2024-03-15' maybe chmod 0755 'postfix/post-install' maybe chmod 0644 'postfix/postfix-files' maybe chmod 0755 'postfix/postfix-files.d' diff --git a/amavis/conf.d/15-content_filter_mode b/amavis/conf.d/15-content_filter_mode index 1d5ffab2e..7b1a2ac6b 100644 --- a/amavis/conf.d/15-content_filter_mode +++ b/amavis/conf.d/15-content_filter_mode @@ -10,8 +10,8 @@ use strict; # If You wish to enable it, please uncomment the following lines: -#@bypass_virus_checks_maps = ( -# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # diff --git a/amavis/conf.d/21-ubuntu_defaults b/amavis/conf.d/21-ubuntu_defaults index 01feccc42..f2a7e7694 100644 --- a/amavis/conf.d/21-ubuntu_defaults +++ b/amavis/conf.d/21-ubuntu_defaults @@ -7,8 +7,8 @@ use strict; $enable_dkim_verification = 1; # Don't be verbose about sending mail: @whitelist_sender_acl = qw( .$mydomain ); -#$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) -$final_virus_destiny = D_PASS; # (defaults to D_BOUNCE) +$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) +#$final_virus_destiny = D_PASS; # (defaults to D_BOUNCE) $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE) #$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT) $final_spam_destiny = D_PASS; # (defaults to D_REJECT) diff --git a/postfix/master.cf b/postfix/master.cf index 6a863a5bc..735ea7e82 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -23,8 +23,28 @@ smtp inet n - n - - smtpd ### ### SMTP-Daemon hinter Postscreen: Schleift E-Mails zur Filterung durch Amavis ### +# bei smtpd rausgenommen -o smtpd_sasl_auth_enable=no smtpd pass - - n - - smtpd - -o smtpd_sasl_auth_enable=no +localhost:10025 inet n - - - - smtpd + -o content_filter= + -o local_recipient_maps= + -o relay_recipient_maps= + -o smtpd_restriction_classes= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_end_of_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o smtpd_tls_security_level=none ### ### dnsblog führt DNS-Abfragen für Blocklists durch ### @@ -88,23 +108,3 @@ policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf -127.0.0.1:10025 inet n - - - - smtpd - -o content_filter= - -o local_recipient_maps= - -o relay_recipient_maps= - -o smtpd_restriction_classes= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_data_restrictions=reject_unauth_pipelining - -o smtpd_end_of_data_restrictions= - -o mynetworks=127.0.0.0/8 - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks - -o smtpd_tls_security_level=none diff --git a/postfix/master.cf_2024-03-15 b/postfix/master.cf_2024-03-15 new file mode 100644 index 000000000..6a863a5bc --- /dev/null +++ b/postfix/master.cf_2024-03-15 @@ -0,0 +1,110 @@ +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== + +### +### Postscreen-Service: Prüft eingehende SMTP-Verbindungen auf Spam-Server +### +smtp inet n - n - 1 postscreen + -o smtpd_sasl_auth_enable=no + +smtp-amavis unix - - - - 2 smtp + -o smtp_data_done_timeout=1200 + -o smtp_send_xforward_command=yes + -o disable_dns_lookups=yes + -o max_use=20 + -o smtp_tls_security_level=none + +smtp inet n - n - - smtpd + -o content_filter=smtp-amavis:127.0.0.1:10024 +# +#-o smtpd_milters=smtp:[127.0.0.1]:10024 +### +### SMTP-Daemon hinter Postscreen: Schleift E-Mails zur Filterung durch Amavis +### +smtpd pass - - n - - smtpd + -o smtpd_sasl_auth_enable=no +### +### dnsblog führt DNS-Abfragen für Blocklists durch +### +dnsblog unix - - n - 0 dnsblog +### +### tlsproxy gibt Postscreen TLS support +### +tlsproxy unix - - n - 0 tlsproxy +### +### Submission-Zugang für Clients: Für Mailclients gelten andere Regeln, als für andere Mailserver (siehe smtpd_ in main.cf) +### +submission inet n - n - - smtpd + -o syslog_name=postfix/submission + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_type=dovecot + -o smtpd_sasl_path=private/auth + -o smtpd_sasl_security_options=noanonymous + -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject + -o smtpd_sender_login_maps=mysql:/etc/postfix/sql/sender-login-maps.cf + -o smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject + -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject + -o smtpd_helo_required=no + -o smtpd_helo_restrictions= + -o milter_macro_daemon_name=ORIGINATING + -o cleanup_service_name=submission-header-cleanup +### +### Weitere wichtige Dienste für den Serverbetrieb +### +pickup unix n - n 60 1 pickup + -o content_filter= + -o receive_override_options=no_header_body_checks + +# -o content_filter=smtp-amavis:[127.0.0.1]:10024 + +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +submission-header-cleanup unix n - n - 0 cleanup + -o header_checks=regexp:/etc/postfix/submission_header_cleanup +policy-spf unix - n n - - spawn + user=nobody argv=/usr/bin/policyd-spf + + +127.0.0.1:10025 inet n - - - - smtpd + -o content_filter= + -o local_recipient_maps= + -o relay_recipient_maps= + -o smtpd_restriction_classes= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_end_of_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o smtpd_tls_security_level=none