summaryrefslogtreecommitdiffstats
path: root/files
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2024-02-15 14:21:02 +0100
committerGuilhem Moulin <guilhem@fripost.org>2024-02-15 14:26:05 +0100
commit20708ade1f56a1ef84b22ecdca42af9f9bd45c69 (patch)
treecbfdd72d949d3f766c857ed162836917d66e2c0a /files
parentd74a10cbc6abe451c39eef30b6c610d916090448 (diff)
Postfix: Use relay-smtps as relayhost transport.
Diffstat (limited to 'files')
-rw-r--r--files/etc/postfix/master.cf44
-rw-r--r--files/etc/postfix/tls_policy2
2 files changed, 45 insertions, 1 deletions
diff --git a/files/etc/postfix/master.cf b/files/etc/postfix/master.cf
new file mode 100644
index 0000000..3c60f31
--- /dev/null
+++ b/files/etc/postfix/master.cf
@@ -0,0 +1,44 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (no) (never) (100)
+# ==========================================================================
+smtp inet n - y - - smtpd
+pickup unix n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+tlsmgr unix - - y 1000? 1 tlsmgr
+rewrite unix - - y - - trivial-rewrite
+bounce unix - - y - 0 bounce
+defer unix - - y - 0 bounce
+trace unix - - y - 0 bounce
+verify unix - - y - 1 verify
+flush unix n - y 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - y - - smtp
+relay unix - - y - - smtp
+ -o syslog_name=postfix/$service_name
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+ -o smtp_tls_security_level=fingerprint
+relay-smtps unix - - y - - smtp
+ -o syslog_name=postfix/$service_name
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+ -o smtp_tls_wrappermode=yes
+ -o smtp_tls_security_level=fingerprint
+showq unix n - y - - showq
+error unix - - y - - error
+retry unix - - y - - error
+discard unix - - y - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - y - - lmtp
+anvil unix - - y - 1 anvil
+scache unix - - y - 1 scache
+postlog unix-dgram n - n - 1 postlogd
diff --git a/files/etc/postfix/tls_policy b/files/etc/postfix/tls_policy
index 2af19c5..c5641d3 100644
--- a/files/etc/postfix/tls_policy
+++ b/files/etc/postfix/tls_policy
@@ -1,3 +1,3 @@
# WARN: smtp_tls_fingerprint_digest MUST be sha256!
-[smtp.guilhem.org]:587 fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!TLSv1.2
+[smtp.guilhem.org]:465 fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!TLSv1.2
match=B2:37:09:EC:B9:54:DC:51:FA:77:A1:31:0D:30:06:84:7E:10:81:5B:9B:30:B0:31:6E:9A:7B:53:13:C8:37:62