diff options
| author | Paul Kocialkowski <contact@paulk.fr> | 2018-01-01 17:04:30 +0100 |
|---|---|---|
| committer | Paul Kocialkowski <contact@paulk.fr> | 2018-01-01 17:04:30 +0100 |
| commit | 0bd593073132d003e61e555d584edf56842e0a8a (patch) | |
| tree | d0eb4e49e3f27047d7cdbd9f8fc436e55c3a4095 | |
| parent | 4d0e421af2061cd0adaea6cbeb2e01b9c3b50d9a (diff) | |
| download | configuration-0bd593073132d003e61e555d584edf56842e0a8a.tar.gz configuration-0bd593073132d003e61e555d584edf56842e0a8a.tar.bz2 configuration-0bd593073132d003e61e555d584edf56842e0a8a.zip | |
Update gagarine configuration
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
20 files changed, 382 insertions, 160 deletions
diff --git a/apache2/gagarine/sites-available/default.conf b/apache2/gagarine/sites-available/always-default.conf index 52dd819..52dd819 100644 --- a/apache2/gagarine/sites-available/default.conf +++ b/apache2/gagarine/sites-available/always-default.conf diff --git a/apache2/gagarine/sites-available/gagarine.paulk.fr.conf b/apache2/gagarine/sites-available/gagarine.paulk.fr.conf index 0f3270d..10fa230 100644 --- a/apache2/gagarine/sites-available/gagarine.paulk.fr.conf +++ b/apache2/gagarine/sites-available/gagarine.paulk.fr.conf @@ -4,6 +4,7 @@ CustomLog ${APACHE_LOG_DIR}/gagarine.paulk.fr.log vhost_combined CustomLog ${APACHE_LOG_DIR}/gagarine.paulk.fr.log vhost_combined + Include /etc/munin/apache24.conf ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html @@ -18,6 +19,7 @@ CustomLog ${APACHE_LOG_DIR}/gagarine.paulk.fr.log vhost_combined CustomLog ${APACHE_LOG_DIR}/gagarine.paulk.fr.log vhost_combined + Include /etc/munin/apache24.conf ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html diff --git a/dovecot/gagarine/dovecot.conf b/dovecot/gagarine/local.conf index 23ccefd..939ab0d 100644 --- a/dovecot/gagarine/dovecot.conf +++ b/dovecot/gagarine/local.conf @@ -57,8 +57,6 @@ service auth { first_valid_uid = 100 first_valid_gid = 100 -mail_uid = 108 -mail_gid = 1001 ## SSL diff --git a/fail2ban/armstrong/fail2ban.conf b/fail2ban/armstrong/fail2ban.conf deleted file mode 100644 index 34ae1ee..0000000 --- a/fail2ban/armstrong/fail2ban.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Fail2Ban - -[Definition] -loglevel = INFO -logtarget = /srv/log/fail2ban.log -syslogsocket = auto - -socket = /var/run/fail2ban/fail2ban.sock -pidfile = /var/run/fail2ban/fail2ban.pid - -dbfile = /var/lib/fail2ban/fail2ban.sqlite3 -dbpurgeage = 86400 diff --git a/fail2ban/leonov/fail2ban.conf b/fail2ban/fail2ban.conf index 34ae1ee..2deaabc 100644 --- a/fail2ban/leonov/fail2ban.conf +++ b/fail2ban/fail2ban.conf @@ -1,4 +1,4 @@ -# Fail2Ban +# fail2ban [Definition] loglevel = INFO diff --git a/fail2ban/gagarine/fail2ban.conf b/fail2ban/gagarine/fail2ban.conf deleted file mode 100644 index 98a5e35..0000000 --- a/fail2ban/gagarine/fail2ban.conf +++ /dev/null @@ -1,9 +0,0 @@ -# fail2ban - -[Definition] - -loglevel = 3 -logtarget = /srv/log/fail2ban.log - -socket = /var/run/fail2ban/fail2ban.sock -pidfile = /var/run/fail2ban/fail2ban.pid diff --git a/fstab/gagarine/fstab b/fstab/gagarine/fstab index 40ff2b5..2146643 100644 --- a/fstab/gagarine/fstab +++ b/fstab/gagarine/fstab @@ -1 +1 @@ -UUID=010b116d-ab89-4315-8595-bcbf24d442ed /srv ext4 defaults,errors=remount-ro 0 2 +UUID=bd928bae-f294-4efd-986e-744205963f12 /srv ext4 defaults,errors=remount-ro 0 2 diff --git a/logrotate/gagarine/logrotate.d/razor b/logrotate/gagarine/logrotate.d/razor deleted file mode 100644 index 6b9813f..0000000 --- a/logrotate/gagarine/logrotate.d/razor +++ /dev/null @@ -1,4 +0,0 @@ -/srv/log/razor-agent.log -{ - monthly -} diff --git a/network/gagarine/interfaces b/network/gagarine/interfaces index 01fe149..2935b32 100644 --- a/network/gagarine/interfaces +++ b/network/gagarine/interfaces @@ -8,11 +8,37 @@ auto lo ## eth0 -iface eth0 inet static +iface eth0 inet manual + pre-up brctl addbr br0 + pre-up brctl addif br0 lan1 + pre-up brctl addif br0 lan2 + pre-up brctl addif br0 lan3 + pre-up brctl addif br0 lan4 + pre-up brctl addif br0 wan pre-up iptables-restore < /etc/network/iptables + post-up ip link add link eth0 name lan0 type vlan id 1 + post-up ip link set wan up + post-up ip link set lan1 up + post-up ip link set lan2 up + post-up ip link set lan3 up + post-up ip link set lan4 up + pre-down ip link set wan down + pre-down ip link set lan1 down + pre-down ip link set lan2 down + pre-down ip link set lan3 down + pre-down ip link set lan4 down + post-down ip link del lan0 + post-down brctl delbr br0 + +auto eth0 +allow-hotplug eth0 + +## lan0 + +iface lan0 inet static address 192.168.1.127 netmask 255.255.255.0 gateway 192.168.1.254 -auto eth0 -allow-hotplug eth0 +auto lan0 +allow-hotplug lan0 diff --git a/postfix/armstrong/main.cf b/postfix/armstrong/main.cf index 91e9a6c..c8976d8 100644 --- a/postfix/armstrong/main.cf +++ b/postfix/armstrong/main.cf @@ -14,7 +14,7 @@ biff=no ## network -mynetworks = 127.0.0.0/8, [::1]/128, 192.168.0.0/24, 109.190.93.129, 185.233.101.22 +mynetworks = 127.0.0.0/8, [::1]/128, 192.168.0.0/24, 82.233.88.171, 109.190.93.129, 185.233.101.22 inet_interfaces = all inet_protocols = all @@ -33,9 +33,11 @@ transport_maps = hash:/etc/postfix/transport ## restrictions +postscreen_greet_action=enforce + smtpd_helo_required=yes -smtpd_client_restrictions = reject_unauth_pipelining, reject_unknown_client_hostname -smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname +smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_unknown_client_hostname +smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unlisted_sender, reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender smtpd_recipient_restrictions = reject_unlisted_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_non_fqdn_recipient, reject_unauth_destination diff --git a/postfix/armstrong/master.cf b/postfix/armstrong/master.cf new file mode 100644 index 0000000..4ef8a49 --- /dev/null +++ b/postfix/armstrong/master.cf @@ -0,0 +1,124 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +#smtp inet n - y - - smtpd +smtp inet n - y - 1 postscreen +smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/postfix/gagarine/main.cf b/postfix/gagarine/main.cf index 087571d..7751460 100644 --- a/postfix/gagarine/main.cf +++ b/postfix/gagarine/main.cf @@ -17,7 +17,7 @@ alias_database = hash:/etc/aliases ## network -mynetworks = 127.0.0.0/8, [::1]/128, 192.168.1.0/24, 82.233.88.171, 185.233.101.22 +mynetworks = 127.0.0.0/8, [::1]/128, 192.168.1.0/24, 82.233.88.171, 109.190.93.129, 185.233.101.22 inet_interfaces = all inet_protocols = all @@ -35,9 +35,10 @@ mailbox_transport = procmail: ## restrictions +postscreen_greet_action=enforce + smtpd_helo_required=yes smtpd_client_restrictions = reject_unauth_pipelining, reject_unknown_client_hostname -smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unlisted_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender smtpd_recipient_restrictions = reject_unlisted_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination diff --git a/postfix/gagarine/master.cf b/postfix/gagarine/master.cf index fbbcef9..aca8944 100644 --- a/postfix/gagarine/master.cf +++ b/postfix/gagarine/master.cf @@ -7,14 +7,14 @@ # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) +# (yes) (yes) (no) (never) (100) # ========================================================================== -smtp inet n - - - - smtpd -o content_filter=spamassassin -#smtp inet n - - - 1 postscreen -#smtpd pass - - - - - smtpd -#dnsblog unix - - - - 0 dnsblog -#tlsproxy unix - - - - 0 tlsproxy -#submission inet n - - - - smtpd +#smtp inet n - y - - smtpd +smtp inet n - y - 1 postscreen +smtpd pass - - y - - smtpd -o content_filter=spamassassin +#dnsblog unix - - y - 0 dnsblog +tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes @@ -25,7 +25,7 @@ smtp inet n - - - - smtpd -o content_filter= # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - - - - smtpd +#smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes @@ -36,32 +36,32 @@ smtp inet n - - - - smtpd -o content_filter= # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#628 inet n - - - - qmqpd -pickup unix n - - 60 1 pickup -cleanup unix n - - - 0 cleanup +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - - 1000? 1 tlsmgr -rewrite unix - - - - - trivial-rewrite -bounce unix - - - - 0 bounce -defer unix - - - - 0 bounce -trace unix - - - - 0 bounce -verify unix - - - - 1 verify -flush unix n - - 1000? 0 flush +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - - - - smtp -relay unix - - - - - smtp +smtp unix - - y - - smtp +relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - - - - showq -error unix - - - - - error -retry unix - - - - - error -discard unix - - - - - discard +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual -lmtp unix - - - - - lmtp -anvil unix - - - - 1 anvil -scache unix - - - - 1 scache +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual @@ -122,6 +122,6 @@ mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} procmail unix - n n - - pipe - flags=DORX user=dovenull argv=/usr/bin/procmail -t -o -m SENDER=${sender} USER=${user} DOMAIN=${domain} EXTENSION=${extension} RECIPIENT=${recipient} MAILBOX=${mailbox} /etc/procmailrc + flags=DORX user=dovenull:srv argv=/usr/bin/procmail -t -o -m SENDER=${sender} USER=${user} DOMAIN=${domain} EXTENSION=${extension} RECIPIENT=${recipient} MAILBOX=${mailbox} /etc/procmailrc spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} diff --git a/postfix/leonov/main.cf b/postfix/leonov/main.cf index 0bebb4d..8ab11e3 100644 --- a/postfix/leonov/main.cf +++ b/postfix/leonov/main.cf @@ -14,7 +14,7 @@ biff=no ## network -mynetworks = 127.0.0.0/8, [::1]/128, 192.168.0.0/24, 82.233.88.171, 109.190.93.129 +mynetworks = 127.0.0.0/8, [::1]/128, 192.168.0.0/24, 82.233.88.171, 109.190.93.129, 185.233.101.22 inet_interfaces = all inet_protocols = all @@ -33,9 +33,11 @@ transport_maps = hash:/etc/postfix/transport ## restrictions +postscreen_greet_action=enforce + smtpd_helo_required=yes smtpd_client_restrictions = reject_unauth_pipelining, reject_unknown_client_hostname -smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname +smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unlisted_sender, reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender smtpd_recipient_restrictions = reject_unlisted_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_non_fqdn_recipient, reject_unauth_destination diff --git a/postfix/leonov/master.cf b/postfix/leonov/master.cf new file mode 100644 index 0000000..4ef8a49 --- /dev/null +++ b/postfix/leonov/master.cf @@ -0,0 +1,124 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +#smtp inet n - y - - smtpd +smtp inet n - y - 1 postscreen +smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/procmail/gagarine/procmailrc b/procmail/gagarine/procmailrc index e57468f..8b7ce80 100644 --- a/procmail/gagarine/procmailrc +++ b/procmail/gagarine/procmailrc @@ -5,6 +5,7 @@ MAILDIR=/srv/mail/$MAILBOX PATH=/bin:/usr/bin:/usr/local/bin DEFAULT=$MAILDIR/ LOGFILE=/srv/log/procmail.log +UMASK=113 ## paulk diff --git a/rsyslog/gagarine/rsyslog.conf b/rsyslog/gagarine/rsyslog.conf deleted file mode 100644 index 04a483b..0000000 --- a/rsyslog/gagarine/rsyslog.conf +++ /dev/null @@ -1,45 +0,0 @@ -# rsyslog - -## Modules - -$ModLoad imuxsock -$ModLoad imklog - -## Global - -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat -$FileOwner root -$FileGroup srv -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -$WorkDirectory /srv/spool/rsyslog - -$IncludeConfig /etc/rsyslog.d/*.conf - -## Rules - -auth,authpriv.* /srv/log/auth.log -*.*;auth,authpriv.none -/srv/log/syslog.log -daemon.* -/srv/log/daemon.log -kern.* -/srv/log/kernel.log -lpr.* -/srv/log/lpr.log -mail.* -/srv/log/mail.log -user.* -/srv/log/user.log -news.* -/srv/log/new.log -git.* -/srv/log/git.log - -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/srv/log/debug.log -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/srv/log/messages.log -*.emerg :omusrmsg:* - -daemon.*;mail.*;\ - news.err;\ - *.=debug;*.=info;\ - *.=notice;*.=warn |/dev/xconsole diff --git a/rsyslog/leonov/rsyslog.conf b/rsyslog/leonov/rsyslog.conf deleted file mode 100644 index c992dc3..0000000 --- a/rsyslog/leonov/rsyslog.conf +++ /dev/null @@ -1,45 +0,0 @@ -# rsyslog - -## Modules - -module(load="imuxsock") -module(load="imklog") - -## Global - -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat -$FileOwner root -$FileGroup srv -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -$WorkDirectory /var/spool/rsyslog - -$IncludeConfig /etc/rsyslog.d/*.conf - -## Rules - -auth,authpriv.* /srv/log/auth.log -*.*;auth,authpriv.none -/srv/log/syslog.log -daemon.* -/srv/log/daemon.log -kern.* -/srv/log/kernel.log -lpr.* -/srv/log/lpr.log -mail.* -/srv/log/mail.log -user.* -/srv/log/user.log -news.* -/srv/log/new.log -git.* -/srv/log/git.log - -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/srv/log/debug.log -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/srv/log/messages.log -*.emerg :omusrmsg:* - -daemon.*;mail.*;\ - news.err;\ - *.=debug;*.=info;\ - *.=notice;*.=warn |/dev/xconsole diff --git a/rsyslog/armstrong/rsyslog.conf b/rsyslog/rsyslog.conf index c992dc3..c992dc3 100644 --- a/rsyslog/armstrong/rsyslog.conf +++ b/rsyslog/rsyslog.conf diff --git a/spamassassin/gagarine/local.cf b/spamassassin/gagarine/local.cf index 0f0a3fd..6e6f5c3 100644 --- a/spamassassin/gagarine/local.cf +++ b/spamassassin/gagarine/local.cf @@ -1,6 +1,63 @@ # spamassasin -trusted_networks 82.233.88.171 -skip_rbl_checks 0 -use_razor2 1 +## plugins + +loadplugin Mail::SpamAssassin::Plugin::RelayCountry +loadplugin Mail::SpamAssassin::Plugin::TextCat +loadplugin Mail::SpamAssassin::Plugin::AWL +loadplugin Mail::SpamAssassin::Plugin::Shortcircuit + +## spam report + +required_score 5 +report_safe 0 + +## bayes + +use_bayes 1 +bayes_auto_learn 1 +bayes_ignore_header X-Bogosity +bayes_ignore_header X-Spam-Flag +bayes_ignore_header X-Spam-Status + +## pyzor + use_pyzor 1 + +## razor + +use_razor2 1 +razor_timeout 8 + +## whitelist + +auto_whitelist_path /var/spool/spamassassin/auto-whitelist +auto_whitelist_file_mode 0666 + +## languages + +ok_languages en fr vi +ok_locales en + +normalize_charset 1 + +## shortcircuit + +shortcircuit ALL_TRUSTED on + +shortcircuit USER_IN_WHITELIST on +shortcircuit USER_IN_DEF_WHITELIST on +shortcircuit USER_IN_ALL_SPAM_TO on +shortcircuit SUBJECT_IN_WHITELIST on + +shortcircuit USER_IN_BLACKLIST on +shortcircuit USER_IN_BLACKLIST_TO on +shortcircuit SUBJECT_IN_BLACKLIST on + +shortcircuit BAYES_99 spam +shortcircuit BAYES_00 ham + +## network + +trusted_networks 82.233.88.171 +trusted_networks 185.233.101.22 |