[pmg-api.git] / src / templates / master.cf.in

#
# Postfix master process configuration file.  Each logical line
# describes how a Postfix daemon program should be run.
#
# A logical line starts with non-whitespace, non-comment text.
# Empty lines and whitespace-only lines are ignored, as are comment
# lines whose first non-whitespace character is a `#'.
# A line that starts with whitespace continues a logical line.
#
# The fields that make up each line are described below. A "-" field
# value requests that a default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next field).  With INET transports, a service is specified as
# host:port.  The host part (and colon) may be omitted. Either host
# or port may be given in symbolic form or in numeric form. Examples
# for the SMTP server:  localhost:smtp receives mail via the loopback
# interface only; 10025 receives mail on port 10025.
#
# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
# sockets, "fifo" for named pipes.
#
# Private: whether or not access is restricted to the mail system.
# Default is private service.  Internet (inet) sockets can't be private.
#
# Unprivileged: whether the service runs with root privileges or as
# the owner of the Postfix system (the owner name is controlled by the
# mail_owner configuration variable in the main.cf file). Only the
# pipe, virtual and local delivery daemons require privileges.
#
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
# The proxymap server can run chrooted, but doing so defeats most of
# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time
# field requests that wake up events be sent only to services that
# are actually being used.  Specify 0 for no wakeup. Presently, only
# the pickup, queue manager and flush daemons need a wakeup timer.
#
# Max procs: the maximum number of processes that may execute this
# service simultaneously. Default is to use a globally configurable
# limit (the default_process_limit configuration parameter in main.cf).
# Specify 0 for no process count limit.
#
# Command + args: the command to be executed. The command name is
# relative to the Postfix program directory (pathname is controlled by
# the daemon_directory configuration variable). Adding one or more
# -v options turns on verbose logging for that service; adding a -D
# option enables symbolic debugging (see the debugger_command variable
# in the main.cf configuration file). See individual command man pages
# for specific command-line options, if any.
#
# In order to use the "uucp" message transport below, set up entries
# in the transport table.
#
# In order to use the "cyrus" message transport below, configure it
# in main.cf as the mailbox_transport.
#
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================

[% IF ! pmg.mail.before_queue_filtering -%]
scan      unix  -       -       n       -       [% pmg.mail.max_filters %]      lmtp
  -o lmtp_send_xforward_command=yes
  -o lmtp_connection_cache_on_demand=no
  -o disable_dns_lookups=yes
[% END -%]

[% pmg.mail.int_port %]       inet  n -       -       -       [% pmg.mail.max_smtpd_out %]      smtpd
[% IF pmg.mail.before_queue_filtering -%]
  -o smtpd_proxy_filter=127.0.0.1:10023
  -o smtpd_proxy_options=speed_adjust
  -o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
[%- ELSE -%]
  -o content_filter=scan:127.0.0.1:10023
[%- END %]
  -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_data_restrictions=
  -o smtpd_forbid_bare_newline=no

[% pmg.mail.ext_port %]       inet  n -       -       -       1 postscreen

smtpd       pass  - -       -       -       [% pmg.mail.max_smtpd_in %]      smtpd
[% IF pmg.mail.before_queue_filtering -%]
  -o smtpd_proxy_filter=127.0.0.1:10024
  -o smtpd_proxy_options=speed_adjust
  -o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
[%- ELSE -%]
  -o content_filter=scan:127.0.0.1:10024
[%- END %]
  -o receive_override_options=no_address_mappings
  -o smtpd_discard_ehlo_keywords=silent-discard,dsn
  -o mynetworks=127.0.0.0/8,[% postfix.int_ip %]

127.0.0.1:10025 inet  n       -       n       -       -      smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_restriction_classes=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o smtpd_tls_security_level=none
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o message_size_limit=[% (pmg.mail.maxsize*2) %]

pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
  -o message_size_limit=[% (pmg.mail.maxsize*2) %]

qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
verify    unix  -       -       -       -       1       verify
trace     unix  -       -       n       -       0       bounce
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
discard   unix  -       -       -       -       -       discard
retry     unix  -       -       -       -       -       error
dnsblog   unix  -       -       -       -       0       dnsblog
tlsproxy  unix  -       -       -       -       0       tlsproxy
Commit	Line	Data
f609bf7f DM	1	#
	2	# Postfix master process configuration file. Each logical line
	3	# describes how a Postfix daemon program should be run.
	4	#
8609f465	5	# A logical line starts with non-whitespace, non-comment text.
f609bf7f DM	6	# Empty lines and whitespace-only lines are ignored, as are comment
	7	# lines whose first non-whitespace character is a `#'.
	8	# A line that starts with whitespace continues a logical line.
	9	#
	10	# The fields that make up each line are described below. A "-" field
	11	# value requests that a default value be used for that field.
	12	#
	13	# Service: any name that is valid for the specified transport type
	14	# (the next field). With INET transports, a service is specified as
	15	# host:port. The host part (and colon) may be omitted. Either host
	16	# or port may be given in symbolic form or in numeric form. Examples
	17	# for the SMTP server: localhost:smtp receives mail via the loopback
	18	# interface only; 10025 receives mail on port 10025.
	19	#
	20	# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
	21	# sockets, "fifo" for named pipes.
	22	#
	23	# Private: whether or not access is restricted to the mail system.
	24	# Default is private service. Internet (inet) sockets can't be private.
	25	#
	26	# Unprivileged: whether the service runs with root privileges or as
	27	# the owner of the Postfix system (the owner name is controlled by the
	28	# mail_owner configuration variable in the main.cf file). Only the
	29	# pipe, virtual and local delivery daemons require privileges.
	30	#
	31	# Chroot: whether or not the service runs chrooted to the mail queue
	32	# directory (pathname is controlled by the queue_directory configuration
	33	# variable in the main.cf file). Presently, all Postfix daemons can run
	34	# chrooted, except for the pipe, virtual and local delivery daemons.
	35	# The proxymap server can run chrooted, but doing so defeats most of
	36	# the purpose of having that service in the first place.
	37	# The files in the examples/chroot-setup subdirectory describe how
	38	# to set up a Postfix chroot environment for your type of machine.
	39	#
	40	# Wakeup time: automatically wake up the named service after the
	41	# specified number of seconds. A ? at the end of the wakeup time
	42	# field requests that wake up events be sent only to services that
	43	# are actually being used. Specify 0 for no wakeup. Presently, only
	44	# the pickup, queue manager and flush daemons need a wakeup timer.
	45	#
	46	# Max procs: the maximum number of processes that may execute this
	47	# service simultaneously. Default is to use a globally configurable
	48	# limit (the default_process_limit configuration parameter in main.cf).
	49	# Specify 0 for no process count limit.
	50	#
	51	# Command + args: the command to be executed. The command name is
	52	# relative to the Postfix program directory (pathname is controlled by
	53	# the daemon_directory configuration variable). Adding one or more
	54	# -v options turns on verbose logging for that service; adding a -D
	55	# option enables symbolic debugging (see the debugger_command variable
	56	# in the main.cf configuration file). See individual command man pages
	57	# for specific command-line options, if any.
	58	#
1359baef	59	# In order to use the "uucp" message transport below, set up entries
f609bf7f DM	60	# in the transport table.
	61	#
	62	# In order to use the "cyrus" message transport below, configure it
	63	# in main.cf as the mailbox_transport.
	64	#
	65	# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
	66	# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
	67	#
	68	# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
	69	#
	70	# ==========================================================================
	71	# service type private unpriv chroot wakeup maxproc command + args
	72	# (yes) (yes) (yes) (never) (100)
	73	# ==========================================================================
	74
e0cbdf9f	75	[% IF ! pmg.mail.before_queue_filtering -%]
f609bf7f	76	scan unix - - n - [% pmg.mail.max_filters %] lmtp
8609f465 WB	77	-o lmtp_send_xforward_command=yes
	78	-o lmtp_connection_cache_on_demand=no
	79	-o disable_dns_lookups=yes
e0cbdf9f	80	[% END -%]
f609bf7f	81
75a20f14	82	[% pmg.mail.int_port %] inet n - - - [% pmg.mail.max_smtpd_out %] smtpd
e0cbdf9f SI	83	[% IF pmg.mail.before_queue_filtering -%]
	84	-o smtpd_proxy_filter=127.0.0.1:10023
	85	-o smtpd_proxy_options=speed_adjust
	86	-o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
	87	[%- ELSE -%]
8609f465	88	-o content_filter=scan:127.0.0.1:10023
e0cbdf9f	89	[%- END %]
8609f465 WB	90	-o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
	91	-o smtpd_helo_restrictions=
	92	-o smtpd_client_restrictions=
	93	-o smtpd_sender_restrictions=
77e44f91	94	-o smtpd_data_restrictions=
a54b3ca4	95	-o smtpd_forbid_bare_newline=no
f609bf7f	96
75a20f14	97	[% pmg.mail.ext_port %] inet n - - - 1 postscreen
f609bf7f	98
f609bf7f	99	smtpd pass - - - - [% pmg.mail.max_smtpd_in %] smtpd
e0cbdf9f SI	100	[% IF pmg.mail.before_queue_filtering -%]
	101	-o smtpd_proxy_filter=127.0.0.1:10024
	102	-o smtpd_proxy_options=speed_adjust
	103	-o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
	104	[%- ELSE -%]
8609f465	105	-o content_filter=scan:127.0.0.1:10024
e0cbdf9f	106	[%- END %]
8609f465 WB	107	-o receive_override_options=no_address_mappings
	108	-o smtpd_discard_ehlo_keywords=silent-discard,dsn
	109	-o mynetworks=127.0.0.0/8,[% postfix.int_ip %]
f609bf7f DM	110
f609bf7f DM	111	127.0.0.1:10025 inet n - n - - smtpd
8609f465 WB	112	-o content_filter=
	113	-o local_recipient_maps=
	114	-o relay_recipient_maps=
	115	-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
	116	-o smtpd_helo_restrictions=
	117	-o smtpd_client_restrictions=
	118	-o smtpd_restriction_classes=
	119	-o smtpd_sender_restrictions=
	120	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	121	-o mynetworks=127.0.0.0/8
	122	-o smtpd_error_sleep_time=0
	123	-o smtpd_client_connection_count_limit=0
	124	-o smtpd_client_connection_rate_limit=0
	125	-o smtpd_tls_security_level=none
	126	-o smtpd_authorized_xforward_hosts=127.0.0.0/8
	127	-o message_size_limit=[% (pmg.mail.maxsize*2) %]
f609bf7f	128
8609f465 WB	129	pickup fifo n - - 60 1 pickup
	130	cleanup unix n - - - 0 cleanup
	131	-o message_size_limit=[% (pmg.mail.maxsize*2) %]
	132
	133	qmgr fifo n - - 300 1 qmgr
	134	rewrite unix - - - - - trivial-rewrite
	135	bounce unix - - - - 0 bounce
	136	defer unix - - - - 0 bounce
	137	flush unix n - - 1000? 0 flush
	138	proxymap unix - - n - - proxymap
	139	smtp unix - - - - - smtp
	140	relay unix - - - - - smtp
	141	showq unix n - - - - showq
	142	error unix - - - - - error
	143	local unix - n n - - local
	144	virtual unix - n n - - virtual
	145	lmtp unix - - n - - lmtp
f609bf7f	146	verify unix - - - - 1 verify
8609f465	147	trace unix - - n - 0 bounce
f609bf7f DM	148	tlsmgr unix - - - 1000? 1 tlsmgr
	149	anvil unix - - - - 1 anvil
	150	scache unix - - - - 1 scache
	151	discard unix - - - - - discard
	152	retry unix - - - - - error
	153	dnsblog unix - - - - 0 dnsblog
	154	tlsproxy unix - - - - 0 tlsproxy
	155