From aefd2a2e4701df502cecf668a0cacd9a5a7839b8 Mon Sep 17 00:00:00 2001 From: boksbc Date: Thu, 16 Oct 2025 13:47:15 +0200 Subject: [PATCH] Laudende Default seite entfernen --- scripts/40-postfix.sh | 87 +++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/scripts/40-postfix.sh b/scripts/40-postfix.sh index 364284f..cf1b4cf 100644 --- a/scripts/40-postfix.sh +++ b/scripts/40-postfix.sh @@ -8,55 +8,61 @@ MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem" log "Postfix konfigurieren …" -postconf -e "myhostname = ${MAIL_HOSTNAME}" -postconf -e "myorigin = \$myhostname" -postconf -e "mydestination = " -postconf -e "inet_interfaces = all" -postconf -e "inet_protocols = ipv4" -postconf -e "smtpd_banner = \$myhostname ESMTP" +# --- Sicherheit & TLS-Rechte --------------------------------------------------- +if [[ -e "${MAIL_KEY}" ]]; then + chgrp -R postfix /etc/mailwolt/ssl || true + chmod 750 /etc/mailwolt/ssl || true + chmod 640 /etc/mailwolt/ssl/key.pem /etc/mailwolt/ssl/cert.pem || true +fi -postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}" -postconf -e "smtpd_tls_key_file = ${MAIL_KEY}" -postconf -e "smtpd_tls_security_level = may" -postconf -e "smtp_tls_security_level = may" -postconf -e "smtpd_tls_received_header = yes" -postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3" -postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3" -postconf -e "smtpd_tls_loglevel = 1" -postconf -e "smtp_tls_loglevel = 1" +# --- Basiskonfiguration -------------------------------------------------------- +/usr/sbin/postconf -e "myhostname = ${MAIL_HOSTNAME}" +/usr/sbin/postconf -e "myorigin = \$myhostname" +/usr/sbin/postconf -e "mydestination = " +/usr/sbin/postconf -e "inet_interfaces = all" +/usr/sbin/postconf -e "inet_protocols = ipv4" +/usr/sbin/postconf -e "smtpd_banner = \$myhostname ESMTP" -postconf -e "disable_vrfy_command = yes" -postconf -e "smtpd_helo_required = yes" +# --- TLS ---------------------------------------------------------------------- +/usr/sbin/postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}" +/usr/sbin/postconf -e "smtpd_tls_key_file = ${MAIL_KEY}" +/usr/sbin/postconf -e "smtpd_tls_security_level = may" +/usr/sbin/postconf -e "smtp_tls_security_level = may" +/usr/sbin/postconf -e "smtpd_tls_received_header = yes" +/usr/sbin/postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3" +/usr/sbin/postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3" +/usr/sbin/postconf -e "smtpd_tls_loglevel = 1" +/usr/sbin/postconf -e "smtp_tls_loglevel = 1" -postconf -e "milter_default_action = accept" -postconf -e "milter_protocol = 6" -postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" +# --- SMTP Sicherheit ---------------------------------------------------------- +/usr/sbin/postconf -e "disable_vrfy_command = yes" +/usr/sbin/postconf -e "smtpd_helo_required = yes" -postconf -e "smtpd_sasl_type = dovecot" -postconf -e "smtpd_sasl_path = private/auth" -postconf -e "smtpd_sasl_auth_enable = yes" -postconf -e "smtpd_sasl_security_options = noanonymous" +# --- Milter ------------------------------------------------------------------- +/usr/sbin/postconf -e "milter_default_action = accept" +/usr/sbin/postconf -e "milter_protocol = 6" +/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" +/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891" -postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" -postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination" +# --- SASL Auth via Dovecot ---------------------------------------------------- +/usr/sbin/postconf -e "smtpd_sasl_type = dovecot" +/usr/sbin/postconf -e "smtpd_sasl_path = private/auth" +/usr/sbin/postconf -e "smtpd_sasl_auth_enable = yes" +/usr/sbin/postconf -e "smtpd_sasl_security_options = noanonymous" -postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s" +# --- Recipient & Relay Restriction -------------------------------------------- +/usr/sbin/postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" +/usr/sbin/postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination" -postconf -M "submission/inet=submission inet n - n - - smtpd \ - -o syslog_name=postfix/submission \ - -o smtpd_tls_security_level=encrypt \ - -o smtpd_tls_auth_only=yes \ - -o smtpd_sasl_auth_enable=yes \ - -o smtpd_relay_restrictions=permit_sasl_authenticated,reject" +# --- Listener / Master.cf Definition ------------------------------------------ +/usr/sbin/postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s" +/usr/sbin/postconf -M "submission/inet=submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_peername_lookup=no -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject" +/usr/sbin/postconf -M "smtps/inet=smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_peername_lookup=no -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject" -postconf -M "smtps/inet=smtps inet n - n - - smtpd \ - -o syslog_name=postfix/smtps \ - -o smtpd_tls_wrappermode=yes \ - -o smtpd_tls_auth_only=yes \ - -o smtpd_sasl_auth_enable=yes \ - -o smtpd_relay_restrictions=permit_sasl_authenticated,reject" +# postscreen ggf. deaktivieren (verhindert Port-Konflikte) +sed -i 's/^[[:space:]]*smtp[[:space:]]\+inet[[:space:]]\+.*postscreen/# &/' /etc/postfix/master.cf || true +# --- SQL Maps ----------------------------------------------------------------- install -d -o root -g postfix -m 750 /etc/postfix/sql cat > /etc/postfix/sql/mysql-virtual-mailbox-maps.cf </dev/null 2>&1 || true \ No newline at end of file