72 lines
3.3 KiB
Django/Jinja
72 lines
3.3 KiB
Django/Jinja
divert(-1)dnl
|
|
dnl #
|
|
dnl # This file is managed by ansible
|
|
dnl #
|
|
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
|
|
VERSIONID(`setup for linux')dnl
|
|
OSTYPE(`linux')dnl
|
|
dnl #
|
|
define(`confDEF_USER_ID', ``8:12'')dnl
|
|
define(`confTO_CONNECT', `1m')dnl
|
|
define(`confTRY_NULL_MX_LIST', `True')dnl
|
|
define(`confDONT_PROBE_INTERFACES', `True')dnl
|
|
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
|
|
define(`ALIAS_FILE', `/etc/aliases')dnl
|
|
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
|
|
define(`UUCP_MAILER_MAX', `2000000')dnl
|
|
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
|
|
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
|
|
dnl #
|
|
define(`confAUTH_REALM', `{{ mail_server }}')dnl
|
|
define(`confAUTH_OPTIONS', `A p y')dnl
|
|
TRUST_AUTH_MECH(`GSSAPI PLAIN LOGIN')dnl
|
|
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI PLAIN LOGIN')dnl
|
|
dnl #
|
|
define(`confCACERT_PATH', `/etc/mail/certs')dnl
|
|
define(`confCACERT', `{{ tls_certs }}/{{ mail_server }}-chain.crt')dnl
|
|
define(`confSERVER_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
|
|
define(`confSERVER_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
|
|
define(`confDH_PARAMETERS', `{{ tls_certs }}/ffdhe3072.pem')dnl
|
|
define(`confCLIENT_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
|
|
define(`confCLIENT_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
|
|
|
|
dnl #
|
|
FEATURE(`no_default_msa', `dnl')dnl
|
|
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
|
|
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
|
|
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
|
|
FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db')dnl
|
|
GENERICS_DOMAIN_FILE(`/etc/mail/local-host-names')dnl
|
|
FEATURE(redirect)dnl
|
|
FEATURE(always_add_domain)dnl
|
|
FEATURE(use_cw_file)dnl
|
|
FEATURE(use_ct_file)dnl
|
|
dnl #
|
|
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
|
|
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
|
|
FEATURE(`blacklist_recipients')dnl
|
|
EXPOSED_USER(`root')dnl
|
|
dnl #
|
|
DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=A, InputMailFilters=grossd')dnl
|
|
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
|
|
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
|
|
dnl #
|
|
LOCAL_DOMAIN(`localhost.localdomain')dnl
|
|
MASQUERADE_AS(`{{ mail_domain }}')dnl
|
|
FEATURE(masquerade_envelope)dnl
|
|
FEATURE(allmasquerade)
|
|
FEATURE(masquerade_entire_domain)dnl
|
|
FEATURE(`accept_unresolvable_domains')dnl
|
|
dnl #
|
|
define(`confMATCH_GECOS')dnl
|
|
define(`confDOMAIN_NAME', `{{ mail_domain }}')dnl
|
|
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirpathSafe,GroupWritableIncludeFileSafe,GroupWritableForwardFile,ForwardFileInGroupWritableDirPath')dnl
|
|
dnl #
|
|
MAIL_FILTER(`grossd', `S=inet:5523@localhost, T=C:10m;R:5m')
|
|
dnl
|
|
MAILER(smtp)dnl
|
|
MAILER(procmail)dnl
|
|
LOCAL_CONFIG
|
|
O CipherList=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
|
|
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
O ClientSSLOptions=+SSL_OP_NO_SSLv2
|