|
|
Ligne 402 : |
Ligne 402 : |
|
| |
|
| ==Configuration== | | ==Configuration== |
| Par défaut, postfix fournit une configuration suffisante. Voici les modifications que j'y ai apporté :
| |
| <pre>
| |
| smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
| |
| biff = no
| |
| disable_vrfy_command = yes
| |
| smtpd_helo_required = yes
| |
|
| |
| smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
| |
| smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
| |
| smtpd_use_tls=yes
| |
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
| |
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
| |
|
| |
| mydomain = proxmox.domain.tld
| |
| append_dot_mydomain = yes
| |
| myhostname = proxmox.domain.tld
| |
| myorigin = /etc/mailname
| |
| mydestination = proxmox.domain.tld, localhost.localdomain, localhost
| |
|
| |
| relayhost =
| |
| smtp_sasl_password_maps =
| |
|
| |
| mynetworks = 127.0.0.0/8, [::1], ipv4_de_votre_serveur, [ipv6_de_votre_serveur]
| |
|
| |
| relay_domains =
| |
| relay_recipient_maps =
| |
|
| |
| inet_interfaces = 127.0.0.1, [::1], ipv4_de_votre_serveur, [ipv6_de_votre_serveur]
| |
| inet_protocols = all
| |
|
| |
| alias_maps = proxy:hash:/etc/aliases
| |
|
| |
| smtpd_sasl_auth_enable = no
| |
| smtpd_sasl_local_domain = $myhostname
| |
|
| |
| smtpd_sender_restrictions =
| |
| reject_unknown_sender_domain,
| |
| reject_non_fqdn_sender
| |
|
| |
| smtpd_recipient_restrictions =
| |
| permit_inet_interfaces,
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_non_fqdn_hostname,
| |
| reject_non_fqdn_sender,
| |
| reject_non_fqdn_recipient,
| |
| reject_unauth_destination
| |
|
| |
|
| |
| smtpd_client_restrictions =
| |
| permit_inet_interfaces,
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_unauth_pipelining
| |
|
| |
| smtpd_helo_restrictions =
| |
| permit_inet_interfaces,
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_invalid_helo_hostname,
| |
| reject_non_fqdn_helo_hostname,
| |
| reject_unknown_helo_hostname
| |
|
| |
| smtpd_data_restrictions =
| |
| permit_inet_interfaces,
| |
| permit_mynetworks,
| |
| permit_sasl_authenticated,
| |
| reject_unauth_pipelining
| |
| </pre>
| |
|
| |
| Il faudra évidemment configurer les directives <code>inet_interfaces</code> <code>myhostname</code> et <code>mydomain</code>
| |
|
| |
|
| ==Certificats SSL== | | ==Certificats SSL== |