summaryrefslogtreecommitdiff
path: root/docs/configdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2018-02-16 14:36:54 +0100
committerJan Dittberner <jandd@cacert.org>2018-02-16 14:40:42 +0100
commit61f4c6512e5ab543e6406e2b2483415b218c8a4a (patch)
tree373c330c47726d3f62be356869a3acf4b43b79fd /docs/configdiff
parent537da2dae9ab782d7f5092fc675fb8397c3cd968 (diff)
downloadcacert-infradocs-61f4c6512e5ab543e6406e2b2483415b218c8a4a.tar.gz
cacert-infradocs-61f4c6512e5ab543e6406e2b2483415b218c8a4a.tar.xz
cacert-infradocs-61f4c6512e5ab543e6406e2b2483415b218c8a4a.zip
Maintenance on emailout
- upgrade OS to Debian Stretch - modernize Postfix configuration - setup ED25519 ssh host key
Diffstat (limited to 'docs/configdiff')
-rw-r--r--docs/configdiff/emailout/postfix-main.cf52
-rw-r--r--docs/configdiff/emailout/postfix.diff61
2 files changed, 52 insertions, 61 deletions
diff --git a/docs/configdiff/emailout/postfix-main.cf b/docs/configdiff/emailout/postfix-main.cf
new file mode 100644
index 0000000..90c57a1
--- /dev/null
+++ b/docs/configdiff/emailout/postfix-main.cf
@@ -0,0 +1,52 @@
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+
+compatibility_level = 2
+
+mydomain = emailout.intra.cacert.org
+myorigin = /etc/mailname
+
+mydestination = emailout.cacert.org, emailout, localhost.localdomain, localhost
+myhostname = emailout.intra.cacert.org
+
+mynetworks = 172.16.2.0/24 10.0.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+
+biff = no
+
+smtp_helo_name = infrastructure.cacert.org
+
+# TLS parameters
+#
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_security_level=may
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# map internal host names to their corresponding admin addresses
+canonical_maps = pcre:/etc/postfix/canonical_maps
+
+mailbox_size_limit = 0
+recipient_delimiter = +
+
+# DKIM milter
+# http://www.postfix.org/MILTER_README.html
+# TODO: enable DKIM once the DNS record is in place
+#smtpd_milters = unix:/opendkim/opendkim.sock
+#non_smtpd_milters = $smtpd_milters
+
+# what to do if the dkim filter fails
+#milter_default_action = accept
+#milter_command_timeout = 5s
+#milter_connect_timeout = $milter_command_timeout
+#milter_content_timeout = 45s
+
+transport_maps = hash:/etc/postfix/transport
+local_transport = error:local delivery is disabled
diff --git a/docs/configdiff/emailout/postfix.diff b/docs/configdiff/emailout/postfix.diff
deleted file mode 100644
index 1e1d759..0000000
--- a/docs/configdiff/emailout/postfix.diff
+++ /dev/null
@@ -1,61 +0,0 @@
-diff -urwN wheezy-chroot/etc/postfix/dynamicmaps.cf vm-emailout/rootfs/etc/postfix/dynamicmaps.cf
---- wheezy-chroot/etc/postfix/dynamicmaps.cf 2016-05-08 00:51:54.738716333 +0200
-+++ vm-emailout/rootfs/etc/postfix/dynamicmaps.cf 2015-02-02 13:58:10.151038663 +0100
-@@ -4,3 +4,4 @@
- #==== ================================ ============= ============
- tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
- sqlite /usr/lib/postfix/dict_sqlite.so dict_sqlite_open
-+pcre /usr/lib/postfix/dict_pcre.so dict_pcre_open
-diff -urwN wheezy-chroot/etc/postfix/main.cf vm-emailout/rootfs/etc/postfix/main.cf
---- wheezy-chroot/etc/postfix/main.cf 2016-05-08 00:51:55.514721219 +0200
-+++ vm-emailout/rootfs/etc/postfix/main.cf 2015-02-02 19:13:43.370652677 +0100
-@@ -5,6 +5,8 @@
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
-+mydomain = emailout.intra.cacert.org
-+smtp_helo_name = infrastructure.cacert.org
-
- smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
- biff = no
-@@ -24,16 +26,37 @@
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-+smtp_tls_security_level = may
-+
-+# map internal host names to their corresponding admin addresses
-+canonical_maps = pcre:/etc/postfix/canonical_maps
-+
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
-
--myhostname = infra02.intra.cacert.org
-+myhostname = emailout.intra.cacert.org
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
--mydestination = infra02.intra.cacert.org, localhost.intra.cacert.org, , localhost
-+mydestination = emailout.cacert.org, emailout, localhost.localdomain, localhost
- relayhost =
--mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-+mynetworks = 172.16.2.0/24 10.0.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
-+inet_protocols = all
-+
-+# DKIM milter
-+# http://www.postfix.org/MILTER_README.html
-+# TODO: enable DKIM once the DNS record is in place
-+#smtpd_milters = unix:/opendkim/opendkim.sock
-+#non_smtpd_milters = $smtpd_milters
-+
-+# what to do if the dkim filter fails
-+#milter_default_action = accept
-+#milter_command_timeout = 5s
-+#milter_connect_timeout = $milter_command_timeout
-+#milter_content_timeout = 45s
-+
-+transport_maps = hash:/etc/postfix/transport
-+local_transport = error:local delivery is disabled