Initial commit
commit
4aa612a2b6
|
@ -0,0 +1,13 @@
|
||||||
|
# Asterisk
|
||||||
|
*PBX - Private Branch Exchange*
|
||||||
|
|
||||||
|
## Accounts
|
||||||
|
- root
|
||||||
|
- asterisk
|
||||||
|
|
||||||
|
## Protocols
|
||||||
|
- PJSIP [5060-UDP]
|
||||||
|
- PJSIP over TLS [5061-UDP]
|
||||||
|
- SIP [5160-UDP]
|
||||||
|
- SIP over TLS [5161-UDP]
|
||||||
|
- IAX2 [4569-UDP]
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Dovecot
|
||||||
|
*MDA - Mail Delivery Agent*
|
||||||
|
|
||||||
|
## Accounts
|
||||||
|
- root
|
||||||
|
- dovecot
|
||||||
|
- dovenull
|
||||||
|
- mail
|
||||||
|
|
||||||
|
## Protocols
|
||||||
|
- IMAP [143-TCP]
|
||||||
|
- IMAPS [993-TCP]
|
||||||
|
|
||||||
|
## Locations
|
||||||
|
- `/etc/dovecot`: Configuration directory
|
|
@ -0,0 +1,102 @@
|
||||||
|
## Dovecot configuration file
|
||||||
|
|
||||||
|
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
|
||||||
|
|
||||||
|
# "doveconf -n" command gives a clean output of the changed settings. Use it
|
||||||
|
# instead of copy&pasting files when posting to the Dovecot mailing list.
|
||||||
|
|
||||||
|
# '#' character and everything after it is treated as comments. Extra spaces
|
||||||
|
# and tabs are ignored. If you want to use either of these explicitly, put the
|
||||||
|
# value inside quotes, eg.: key = "# char and trailing whitespace "
|
||||||
|
|
||||||
|
# Most (but not all) settings can be overridden by different protocols and/or
|
||||||
|
# source/destination IPs by placing the settings inside sections, for example:
|
||||||
|
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
|
||||||
|
|
||||||
|
# Default values are shown for each setting, it's not required to uncomment
|
||||||
|
# those. These are exceptions to this though: No sections (e.g. namespace {})
|
||||||
|
# or plugin settings are added by default, they're listed only as examples.
|
||||||
|
# Paths are also just examples with the real defaults being based on configure
|
||||||
|
# options. The paths listed here are for configure --prefix=/usr
|
||||||
|
# --sysconfdir=/etc --localstatedir=/var
|
||||||
|
|
||||||
|
# Enable installed protocols
|
||||||
|
!include_try /usr/share/dovecot/protocols.d/*.protocol
|
||||||
|
|
||||||
|
# A comma separated list of IPs or hosts where to listen in for connections.
|
||||||
|
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
|
||||||
|
# If you want to specify non-default ports or anything more complex,
|
||||||
|
# edit conf.d/master.conf.
|
||||||
|
#listen = *, ::
|
||||||
|
|
||||||
|
# Base directory where to store runtime data.
|
||||||
|
#base_dir = /var/run/dovecot/
|
||||||
|
|
||||||
|
# Name of this instance. In multi-instance setup doveadm and other commands
|
||||||
|
# can use -i <instance_name> to select which instance is used (an alternative
|
||||||
|
# to -c <config_path>). The instance name is also added to Dovecot processes
|
||||||
|
# in ps output.
|
||||||
|
#instance_name = dovecot
|
||||||
|
|
||||||
|
# Greeting message for clients.
|
||||||
|
#login_greeting = Dovecot ready.
|
||||||
|
|
||||||
|
# Space separated list of trusted network ranges. Connections from these
|
||||||
|
# IPs are allowed to override their IP addresses and ports (for logging and
|
||||||
|
# for authentication checks). disable_plaintext_auth is also ignored for
|
||||||
|
# these networks. Typically you'd specify your IMAP proxy servers here.
|
||||||
|
#login_trusted_networks =
|
||||||
|
|
||||||
|
# Space separated list of login access check sockets (e.g. tcpwrap)
|
||||||
|
#login_access_sockets =
|
||||||
|
|
||||||
|
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
|
||||||
|
# proxying. This isn't necessary normally, but may be useful if the destination
|
||||||
|
# IP is e.g. a load balancer's IP.
|
||||||
|
#auth_proxy_self =
|
||||||
|
|
||||||
|
# Show more verbose process titles (in ps). Currently shows user name and
|
||||||
|
# IP address. Useful for seeing who are actually using the IMAP processes
|
||||||
|
# (eg. shared mailboxes or if same uid is used for multiple accounts).
|
||||||
|
#verbose_proctitle = no
|
||||||
|
|
||||||
|
# Should all processes be killed when Dovecot master process shuts down.
|
||||||
|
# Setting this to "no" means that Dovecot can be upgraded without
|
||||||
|
# forcing existing client connections to close (although that could also be
|
||||||
|
# a problem if the upgrade is e.g. because of a security fix).
|
||||||
|
#shutdown_clients = yes
|
||||||
|
|
||||||
|
# If non-zero, run mail commands via this many connections to doveadm server,
|
||||||
|
# instead of running them directly in the same process.
|
||||||
|
#doveadm_worker_count = 0
|
||||||
|
# UNIX socket or host:port used for connecting to doveadm server
|
||||||
|
#doveadm_socket_path = doveadm-server
|
||||||
|
|
||||||
|
# Space separated list of environment variables that are preserved on Dovecot
|
||||||
|
# startup and passed down to all of its child processes. You can also give
|
||||||
|
# key=value pairs to always set specific settings.
|
||||||
|
#import_environment = TZ
|
||||||
|
|
||||||
|
##
|
||||||
|
## Dictionary server settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Dictionary can be used to store key=value lists. This is used by several
|
||||||
|
# plugins. The dictionary can be accessed either directly or though a
|
||||||
|
# dictionary server. The following dict block maps dictionary names to URIs
|
||||||
|
# when the server is used. These can then be referenced using URIs in format
|
||||||
|
# "proxy::<name>".
|
||||||
|
|
||||||
|
dict {
|
||||||
|
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# Most of the actual configuration gets included below. The filenames are
|
||||||
|
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
||||||
|
# in filenames are intended to make it easier to understand the ordering.
|
||||||
|
!include conf.d/*.conf
|
||||||
|
|
||||||
|
# A config file can also tried to be included without giving an error if
|
||||||
|
# it's not found:
|
||||||
|
!include_try local.conf
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Nginx
|
||||||
|
*HTTP/SMTP/IMAP/POP3 Proxy Server*
|
||||||
|
|
||||||
|
## Accounts
|
||||||
|
- root
|
||||||
|
- www-data
|
||||||
|
|
||||||
|
## Protocols
|
||||||
|
- HTTP [80-TCP]
|
||||||
|
- HTTPS [443-TCP]
|
||||||
|
|
||||||
|
## Locations
|
||||||
|
- `/etc/nginx` - Configuration directory
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name auth.libraryofcode.org;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
||||||
|
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
proxy_pass http://localhost:8200;
|
||||||
|
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://localhost:8200 https://auth.libraryofcode.org;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name bin.libraryofcode.org;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
||||||
|
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
root /var/binary;
|
||||||
|
location / {
|
||||||
|
autoindex on;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,64 @@
|
||||||
|
server {
|
||||||
|
listen 10.8.0.1:443 ssl http2;
|
||||||
|
#listen [::]:443 ssl http2;
|
||||||
|
server_name board.ins;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/board-ins.chain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem;
|
||||||
|
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
#include /etc/nginx/error/502;
|
||||||
|
#include /etc/nginx/error/504;
|
||||||
|
#include /etc/nginx/error/500;
|
||||||
|
#include /etc/nginx/error/404;
|
||||||
|
#include /etc/nginx/error/429;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
#limit_req zone=one burst=15;
|
||||||
|
location / {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
proxy_pass http://localhost:3121;
|
||||||
|
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://localhost:3121 https://board.ins;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
proxy_pass http://localhost:3892;
|
||||||
|
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://localhost:3892 https://board.ins/api;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name certapi.libraryofcode.org;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
||||||
|
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
#include /etc/nginx/error/502;
|
||||||
|
#include /etc/nginx/error/504;
|
||||||
|
#include /etc/nginx/error/500;
|
||||||
|
#include /etc/nginx/error/404;
|
||||||
|
#include /etc/nginx/error/429;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
#limit_req zone=one burst=15;
|
||||||
|
location / {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
proxy_pass http://localhost:3030;
|
||||||
|
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://localhost:3030 https://certapi.libraryofcode.org;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,33 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name cloud.libraryofcode.org;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
||||||
|
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
#include /etc/nginx/error/502;
|
||||||
|
#include /etc/nginx/error/504;
|
||||||
|
#include /etc/nginx/error/500;
|
||||||
|
#include /etc/nginx/error/404;
|
||||||
|
#include /etc/nginx/error/429;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
client_max_body_size 1G;
|
||||||
|
#limit_req zone=one burst=15;
|
||||||
|
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 307 $scheme://www.libraryofcode.org/;
|
||||||
|
}
|
||||||
|
location ~ /(.*)$ {
|
||||||
|
rewrite https://$1.cloud.libraryofcode.org temporary;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,98 @@
|
||||||
|
# Main Nginx Configuration File
|
||||||
|
|
||||||
|
user www-data;
|
||||||
|
worker_processes auto;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 768;
|
||||||
|
# multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
server_tokens off;
|
||||||
|
more_set_headers 'Server: Library of Code Staff Command (https://www.libraryofcode.org)';
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
||||||
|
ssl_dhparam /etc/nginx/dhparam.pem
|
||||||
|
;ssl_ecdh_curve secp384r1;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Logging Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
#access_log /var/log/nginx/access.log;
|
||||||
|
#error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
|
||||||
|
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" ' 'rt=$request_time ' 'ua="$upstream_addr" us="$upstream_status" ' 'ut="$upstream_response_time" ul="$upstream_response_length" ' 'cs=$upstream_cache_status' ;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main_ext;
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
|
||||||
|
# gzip_vary on;
|
||||||
|
# gzip_proxied any;
|
||||||
|
# gzip_comp_level 6;
|
||||||
|
# gzip_buffers 16 8k;
|
||||||
|
# gzip_http_version 1.1;
|
||||||
|
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Virtual Host Configs
|
||||||
|
##
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#mail {
|
||||||
|
# # See sample authentication script at:
|
||||||
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||||
|
#
|
||||||
|
# # auth_http localhost/auth.php;
|
||||||
|
# # pop3_capabilities "TOP" "USER";
|
||||||
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:110;
|
||||||
|
# protocol pop3;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:143;
|
||||||
|
# protocol imap;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#}
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Postfix
|
||||||
|
*MTA - Mail Transfer Agent*
|
||||||
|
|
||||||
|
## Accounts
|
||||||
|
- root
|
||||||
|
- postfix
|
||||||
|
|
||||||
|
## Protocols
|
||||||
|
- SMTP (MTA <-> MTA) [25-TCP]
|
||||||
|
- SMTP (MUA <-> MTA) [587-TCP]
|
||||||
|
- SMTPS (MUA <-> MTA) [467-TCP]
|
||||||
|
|
||||||
|
## Locations
|
||||||
|
- `/etc/postfix` - Configuration directory
|
||||||
|
|
|
@ -0,0 +1,98 @@
|
||||||
|
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
||||||
|
|
||||||
|
|
||||||
|
# Debian specific: Specifying a file name will cause the first
|
||||||
|
# line of that file to be used as the name. The Debian default
|
||||||
|
# is /etc/mailname.
|
||||||
|
#myorigin = /etc/mailname
|
||||||
|
|
||||||
|
smtpd_banner = $myhostname Library of Code sp-us Staff Services | ESMTP (Debian/GNU)
|
||||||
|
biff = no
|
||||||
|
|
||||||
|
# appending .domain is the MUA's job.
|
||||||
|
append_dot_mydomain = no
|
||||||
|
|
||||||
|
# Uncomment the next line to generate "delayed mail" warnings
|
||||||
|
#delay_warning_time = 4h
|
||||||
|
|
||||||
|
readme_directory = no
|
||||||
|
|
||||||
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
||||||
|
# fresh installs.
|
||||||
|
compatibility_level = 2
|
||||||
|
|
||||||
|
# TLS parameters
|
||||||
|
smtpd_tls_cert_file=/etc/postfix/ssl/globalsign.crt
|
||||||
|
smtpd_tls_key_file=/etc/postfix/ssl/globalsign.key.pem
|
||||||
|
smtpd_use_tls=yes
|
||||||
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
|
smtp_tls_security_level = may
|
||||||
|
smtpd_tls_security_level = may
|
||||||
|
smtp_tls_note_starttls_offer = yes
|
||||||
|
smtpd_tls_CAfile = /etc/postfix/ssl/globalsign.ca.crt
|
||||||
|
smtpd_tls_loglevel = 1
|
||||||
|
smtpd_tls_received_header = yes
|
||||||
|
smtpd_tls_session_cache_timeout = 3600s
|
||||||
|
tls_random_source = dev:/dev/urandom
|
||||||
|
|
||||||
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
||||||
|
# information on enabling SSL in the smtp client.
|
||||||
|
|
||||||
|
# RESTRICTIONS
|
||||||
|
smtpd_relay_restrictions =
|
||||||
|
permit_mynetworks,
|
||||||
|
permit_sasl_authenticated,
|
||||||
|
defer_unauth_destination,
|
||||||
|
smtpd_helo_restrictions =
|
||||||
|
permit_mynetworks,
|
||||||
|
reject_non_fqdn_helo_hostname,
|
||||||
|
reject_invalid_helo_hostname,
|
||||||
|
reject_unknown_helo_hostname,
|
||||||
|
permit,
|
||||||
|
smtpd_sender_restrictions =
|
||||||
|
reject_unknown_sender_domain,
|
||||||
|
reject_unknown_reverse_client_hostname,
|
||||||
|
reject_unknown_client_hostname,
|
||||||
|
reject_sender_login_mismatch,
|
||||||
|
permit_mynetworks,
|
||||||
|
permit_sasl_authenticated,
|
||||||
|
permit,
|
||||||
|
smtpd_recipient_restrictions =
|
||||||
|
reject_unauth_pipelining,
|
||||||
|
reject_non_fqdn_recipient,
|
||||||
|
reject_unknown_recipient_domain,
|
||||||
|
permit_mynetworks,
|
||||||
|
check_policy_service inet:127.0.0.1:10023
|
||||||
|
permit,
|
||||||
|
|
||||||
|
myhostname = staff.libraryofcode.org
|
||||||
|
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
|
||||||
|
alias_database = hash:/etc/aliases
|
||||||
|
smtpd_sender_login_maps = hash:/etc/postfix/virtual-mailbox-users
|
||||||
|
|
||||||
|
myorigin = /etc/mailname
|
||||||
|
mydestination = $myhostname, libraryofcode.org, libraryofcode.us staff.libraryofcode.us, staff-libraryofcode.staff.libraryofcode.us, localhost.staff.libraryofcode.us, localhost, libraryofcode.us
|
||||||
|
relayhost =
|
||||||
|
relay_domains = lists.libraryofcode.org
|
||||||
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 63.141.252.130
|
||||||
|
mailbox_size_limit = 0
|
||||||
|
mailbox_command = procmail -a "$EXTENSION" DEFAULT=/var/mail/$USER
|
||||||
|
recipient_delimiter = +
|
||||||
|
inet_interfaces = all
|
||||||
|
inet_protocols = all
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
milter_default_action = accept
|
||||||
|
milter_protocol = 6
|
||||||
|
smtpd_milters = inet:localhost:8891, local:/opendmarc/opendmarc.sock
|
||||||
|
non_smtpd_milters = $smtpd_milters
|
||||||
|
mail_name = Library of Code sp-us | Staff Command
|
||||||
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
||||||
|
|
||||||
|
#authorized_submit_users = !boss, !test, static:all
|
||||||
|
message_size_limit = 1073741824
|
||||||
|
transport_maps = hash:/etc/postfix/transport
|
||||||
|
unknown_local_recipient_reject_code = 550
|
||||||
|
mailman_destination_recipient_limit = 1
|
||||||
|
#local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp
|
Loading…
Reference in New Issue