postfix/README.md

126 lines
2.7 KiB
Markdown
Raw Normal View History

2016-10-28 11:05:33 +00:00
[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap.
2016-10-31 10:14:36 +00:00
# Volumes
2016-10-28 11:05:33 +00:00
- `/etc/ssl/mail:ro`: certificates have to be here.
2016-10-31 10:14:36 +00:00
# Environment Variables
## MYHOSTNAME
2016-10-28 11:05:33 +00:00
Fully qualified hostname.
2016-10-31 10:14:36 +00:00
## MYDOMAIN
2016-10-28 11:05:33 +00:00
The internet domain name of the mail system.
2016-10-31 10:14:36 +00:00
## SMTP_BANNER
2016-10-28 11:05:33 +00:00
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.
2016-10-31 10:14:36 +00:00
## DOVECOT_HOST
2016-10-28 11:05:33 +00:00
Hostname for the dovecot host.
2016-10-31 10:14:36 +00:00
## DOVECOT_AUTH_PORT
2016-10-28 11:05:33 +00:00
Port for the dovecot host.
2016-10-31 10:14:36 +00:00
## DKIM_HOST
2016-10-28 11:05:33 +00:00
Hostname for the OpenDkim host.
2016-10-31 10:14:36 +00:00
## DKIM_PORT
2016-10-28 11:05:33 +00:00
Port for the OpenDkim host.
2016-10-31 10:14:36 +00:00
## LMTP_HOST
2016-10-28 11:05:33 +00:00
Hostname for the lmtp host (probably dovecot).
2016-10-31 10:14:36 +00:00
## LMTP_PORT
2016-10-28 11:05:33 +00:00
Port for the lmtp host.
2016-10-31 10:14:36 +00:00
## LDAP_URI
2016-10-28 11:05:33 +00:00
Complete uri for the authentication ldap host.
2016-10-31 10:14:36 +00:00
## LDAP_BIND_DN
2016-10-28 11:05:33 +00:00
DN used to authenticate against ldap.
2016-10-31 10:14:36 +00:00
## LDAP_BIND_PASSWORD
2016-10-28 11:05:33 +00:00
Password used to authenticate against ldap.
2016-10-31 10:14:36 +00:00
## LDAP_ALIAS_QUERY_FILTER
2016-10-28 11:05:33 +00:00
Ldap filter for mail aliases.
2016-10-31 10:14:36 +00:00
## LDAP_DOMAIN_QUERY_FILTER
2016-10-28 11:05:33 +00:00
Ldap filter for domains.
2016-10-31 10:14:36 +00:00
## LDAP_MAILBOX_QUERY_FILTER
2016-10-28 11:05:33 +00:00
Ldap filter for mailboxes.
2016-10-31 10:14:36 +00:00
## LDAP_MAILBOX_SEARCH_BASE
2016-10-28 11:05:33 +00:00
Base DN to look for mailboxes on the ldap host.
2016-10-31 10:14:36 +00:00
## LDAP_DOMAIN_SEARCH_BASE
2016-10-28 11:05:33 +00:00
Base DN to look for valid domains on the ldap host.
2016-10-31 10:14:36 +00:00
## LDAP_DOMAIN_RESULT_ATTRIBUTE
2016-10-28 11:05:33 +00:00
- default: dc
Ldap attribute that is fetched in the domain query.
2016-10-31 10:14:36 +00:00
## LDAP_MAILBOX_RESULT_ATTRIBUTE
2016-10-28 11:05:33 +00:00
- default: cn
Ldap attribute that is fetched in the mailbox query.
2016-10-31 10:14:36 +00:00
## LDAP_STARTTLS
2016-10-28 11:05:33 +00:00
- default: yes
Whether to use tls when connecting to the ldap host.
2016-10-31 10:14:36 +00:00
## CERT_NAME
2016-10-28 11:05:33 +00:00
- default: fullchain.pem
Name of the certificate file.
2016-10-31 10:14:36 +00:00
## KEY_NAME
2016-10-28 11:05:33 +00:00
- default: privkey.pem
Name of the key file.
2016-10-31 10:14:36 +00:00
## MESSAGE_SIZELIMIT
2016-10-28 11:05:33 +00:00
- default: 20000000
Message size limit in bytes.
2016-10-31 10:14:36 +00:00
## MAILBOX_SIZELIMIT
2016-10-28 11:05:33 +00:00
- default: 0
Mailbox size limit in bytes. `0` disables the limit.
2016-10-31 10:14:36 +00:00
## TLS_SECURITY_LEVEL
2016-10-28 11:05:33 +00:00
- default: may
One of:
- none: TLS will not be used.
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
2016-10-31 10:14:36 +00:00
## TLS_PROTOCOLS
2016-10-28 11:05:33 +00:00
- default: !SSLv2, !SSLv3
Comma seperated list of accepted TLS protocols.
2016-10-31 10:14:36 +00:00
## TLS_CIPHERS
2016-10-28 11:05:33 +00:00
- default: high
The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
2016-10-31 10:14:36 +00:00
## TLS_EXCLUDE_CIPHERS
2016-10-28 11:05:33 +00:00
- default: aNULL, MD5, 3DES
Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
2016-10-31 10:14:36 +00:00
# Ports
2016-10-28 11:05:33 +00:00
- 25
- 587
2016-10-31 10:14:36 +00:00
# Capabilities
2016-10-28 11:05:33 +00:00
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID