Closed Mischback closed 1 year ago
Postfix
might be tied to a dedicated IPv4/IPv6 address.
This will make SPF/DMARC/... possible without too much interdependent settings with other services.
Highly relevant for an IPv6 setup, that maintains scalability.
See https://serverfault.com/questions/92181/how-to-make-postfix-use-another-ip-address#92207
Moved to #19
Basic setup completed with f749eb01c201f1f5d85f6997177c45bd0d1cd80b
This issue just documents the configuration of
Postfix
with some additional notes.Please note that
Postfix
andDovecot
work closely together and can not be handled independently!Postfix Configuration
mydestination
forPostfix
'scanonical domains
, that is domains that are directly related to the server. Might just belocalhost
and the actual mail setup relies onvirtual domains
mynetworks
: Should most likely be empty or just containing my very own subnetDovecot
for SASL authentication:smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
Verify this settingsmtpd_tls_security_level=may
Verfiy this setting (document what it is doing!)smtpd_tls_auth_only=yes
Verfiy this setting (document what it is doing!)smtpd_tls_cert_file=/etc/letsencrypt/live/webmail.example.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/webmail.example.org/privkey.pem
(see above)smtp_tls_security_level=may
Verify this setting (document what it is doing!)virtual_mailbox_maps
virtual_mailbox_domains
virtual_alias_maps
smtpd_recipient_restrictions=reject_sender_login_mismatch
Dovecot
'slmtp
service:virtual_transport=lmtp:unix:private/dovecot-lmtp
Dovecot
'squota
service:smtpd_recipient_restrictions=reject_unauth_destination,"check_policy_service unix:private/quota-status"
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Verify this setting (document what it is doing!)/etc/postfix/master.cf
smtpd_sender_login_maps
and make that work-o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject
michael@mischback.de michael@mischback.de
Details in #19inet_interfaces=all
Verify this setting!