-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathendfix.cf
338 lines (314 loc) · 20.4 KB
/
endfix.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
#################################################################################################################################################
# NAME: endfix.cf
# TYPE: CONFIGURATION FILE
# DESCRIPTION: Endware Postfix configuration
#
# AUTHOR: THE ENDWARE DEVELOPMENT TEAM
# CREATION DATE: AUGUST 2 2016
# VERSION: 0.03
# REVISION DATE: DECEMBER 31 2018
# COPYRIGHT: THE ENDWARE DEVELOPMENT TEAM, 2016
#
# CHANGE LOG: - Update the instructions
# - Reorganized sections, headers
# - Worked on Instructions
# - File Creation
#
########################################################################################################################################
# DEPENDENCIES: postfix, openssl
########################################################################################################################################
# INSTRUCTIONS: Copy this file to /etc/postfix/main.cf, postmap the alias files, start the postfix server.
#
# Do the following at a command prompt:
#
# $ su
# # cd /etc/postfix/
# # newaliases
# # cp main.cf main.bkp
# # cp endfix.cf /etc/postfix/main.cf
# # nano main.cf
#
# Edit these variables to proper values:
#
# default_privs = linux_username
# myhostname = host.m6xf7ewtiekxmvqwqd.onion
# mydomain = m6xf7ewtiekxmvqwqd.onion
#
#### Update the sender,client access and virtual alias maps and run postmap on files :
# # echo "[email protected] username" >> virtual
# # postmap virtual
# # echo "[email protected] username" >> virtusertables
# # postmap virtusertables
# # echo "[email protected] permit" >> sender_access
# # echo "* reject" >> sender_access
# # postmap sender_access
# # echo "192.168.1.25 permit" >> client_access
# # echo "* reject" >> client_access
# # postmap client_access
# # echo "[email protected] permit" >> recipient_access
# # echo "* reject" >> recipient_access
# # postmap recipient_access
# # newaliases
##### Make some directories and generate ssl certificates
# # mkdir -p /etc/tls
# # mkdir -p /etc/tls/private
# # mkdir -p /etc/tls/certs
# # cd /etc/tls/private
# # openssl req -x509 -newkey rsa:4096 -keyout smtpd.key -out smtpd.crt -days 365 -nodes
# put some fake/funny data in the certificate
# # mv smtpd.crt /etc/tls/certs
##### Repeat for dovecot
# # openssl req -x509 -newkey rsa:4096 -keyout dovecot.key -out dovecot.crt -days 365 -nodes
# # mv dovecot.crt /etc/tls/certs
#
################# START THE SERVICE ###################################
# # SYSTMED
# # systemctl reload postfix
# # systemctl start postfix
# # systemctl status postfix
# #
# # OPENRC
# # rc-update enable postfix default
# # rc-service postfix start
# # rc-service postfix status
#
#############################################################################################################################################################################
# ACKNOWLEDGMENTS
#############################################################################################################################################################################
# The Endware Development Team would like to acknowledge the work and efforts of OdiliTime, Balrog and SnakeDude who graciously hosted and promoted this software project.
# We would also like to acknowledge the work and efforts of Stephen Lynx, the creator and maintainer of LynxChan.
# Without their efforts and their wonderful web site www.endchan.xyz, The Endware Suite would not exist in the public domain at all in any form.
#
# So thanks to OdiliTime, Balrog, SnakeDude, and Stephen Lynx for inspiring this work and for hosting and promoting it.
#
# The Endware Suite including Endwall,Endsets,Endlists,Endtools,Endloads and Endtube are named in honor of Endchan.
#
# The Endware Suite is available for download at the following locations:
# https://gitgud.io/Endwall/ , https://github.com/endwall2/, https://www.endchan.xyz/os/, http://42xlyaqlurifvvtq.onion,
#
# Special thanks to the designer of the current EndWare logo which replaces the previous logo. It looks great!
# Thank you also to early beta testers including a@a, and to other contributors including Joshua Moon (for user_agents.txt split and other good suggestions)
# as well as to the detractors who helped to critique this work and to ultimately improve it.
#
# We also acknowledge paste.debian.net, ix.io, gitgud and github for their hosting services,
# without which distribution would be limited, so thank you.
#
# https://www.endchan.xyz, http://paste.debian.net, https://gitgud.io, https://github.com, http://ix.io
#
# We salute you!
#
# In the end, may it all end well.
#
# The Endware Development Team
##############################################################################################################################################################################
##############################################################################################################################################################################
# LICENSE AGREEMENT
##############################################################################################################################################################################
# BEGINNING OF LICENSE AGREEMENT
# TITLE: THE ENDWARE END USER LICENSE AGREEMENT (EULA)
# CREATION DATE: MARCH 19, 2016
# VERSION: 1.18
# VERSION DATE: JUNE 28, 2018
# COPYRIGHT: THE ENDWARE DEVELOPMENT TEAM, 2016-2018
# ALL RIGHTS RESERVED
#
# WHAT CONSTITUTES "USE"? WHAT IS A "USER"?
# 0) a) Use of this program means the ability to study, possess, run, copy, modify, publish, distribute and sell the code as included in all lines of this file,
# in text format or as a binary file constituting this particular program or its compiled binary machine code form, as well as the the performance
# of these aforementioned actions and activities.
# 0) b) A user of this program is any individual who has been granted use as defined in section 0) a) of the LICENSE AGREEMENT, and is granted to those individuals listed in section 1.
# WHO MAY USE THIS PROGRAM ?
# 1) a) This program may be used by any living human being, any person, any corporation, any company, and by any sentient individual with the willingness and ability to do so.
# 1) b) This program may be used by any citizen or resident of any country, and by any human being without citizenship or residency.
# 1) c) This program may be used by any civilian, military officer, government agent, private citizen, government official, sovereign, monarch, head of state,
# dignitary, ambassador, legislator,congressional representative, member of parliament, senator, judicial official, judge, prosecutor, lawyer, law enforcement officer,
# police constable, noble, commoner, clergy, laity, and generally all classes and ranks of people, persons, and human beings mentioned and those not mentioned.
# 1) d) This program may be used by any human being of any sex or gender, including men, women, or any other sex, or gender not mentioned.
# 1) e) This program may be used by any human being of any affiliation, political viewpoint, political affiliation, religious belief, religious affiliation, and by those of non-belief or non affiliation.
# 1) f) This program may be used by any human being of any race, ethnicity, identity, origin, genetic makeup, physical appearance, mental ability, and by those of any other physical
# or non physical characteristics of differentiation.
# 1) g) This program may be used by any human being of any sexual orientation, including heterosexual, homosexual, bisexual, asexual, or any other sexual orientation not mentioned.
# 1) h) This program may be used by all business classes and business entities, including corporations, limited liability companies, sole proprietorships, partnerships, joint venture companies, private companies, publicly owned companies, and any other business class not specifically mentioned.
# 1) i) This program may be used by anyone.
# WHERE MAY A USER USE THIS PROGRAM ?
# 2) a) This program may be used in any country, in any geographic location of the planet Earth, in any marine or maritime environment, at sea, sub-sea, in a submarine, underground,
# in the air, in an airplane, dirigible, blimp, or balloon, in a car, bus, motor vehicle, armored transport vehicle, and at any distance from the surface of the planet Earth, including in orbit about the Earth or the Moon,
# on a satellite orbiting about the Earth, the Moon, about any Solar System planet and its moons, on any space transport vehicle, and anywhere in the Solar System including the Moon, Mars, and all other Solar System planets not listed.
# 2) b) This program may be used in any residential, commercial, business, and governmental property or location and in all public and private spaces.
# 2) c) This program may be used anywhere.
# IN WHAT CONTEXT OR CIRCUMSTANCES MAY A USER USE THIS PROGRAM?
# 3) This program may be used by any person, human being or sentient individual for any purpose and in any context and in any setting including for personal use, academic use,
# business use, commercial use, government use, non-governmental organization use, non-profit organization use, military use, civilian use, and generally any other use
# not specifically mentioned.
# WHAT MAY A "USER" DO WITH THIS PROGRAM ?
# 4) Any user of this program is granted the freedom to read and study the code.
# 5) a) Any user of this program is granted the freedom to distribute, publish, and share the code with any recipient of their choice electronically or by any other method of transmission.
# 5) b) The LICENCSE AGREEMENT, ACKNOWLEDGMENTS, Header and Instructions must remain attached to the code in their entirety when re-distributed.
# 5) c) Any user of this program is granted the freedom to sell this software as distributed or to bundle it with other software or saleable goods.
# 6) a) Any user of this program is granted the freedom to modify the code.
# 6) b) When modified, any user of this program is granted the freedom of re-distribution of their modified code if and only if the user attatchs the LICENSE AGREEMENT
# in its entirety to their modified code before re-distribution.
# 6) c) Any user of this software is granted the freedom to sell their modified copy of this software or to bundle their modified copy with other software or saleable goods.
# 6) d) Any modified code shall be sublicensed by the modifier and distributor only under the original terms of the Endware End User License Agreement as presented in this LICENSE AGREEMENT.
# 6) e) Any user of this software agrees that any derivative works produced as a result of user modification will be sublicensed when re-distributed under the original terms of this LICENSE AGREEMENT exactly as presented.
# 7) a) Any user of this program is granted the freedom to run this code on any computer of their choice.
# 7) b) Any user of this program is granted the freedom to run as many simultaneous instances of this code, on as many computers as they are able to and desire, and for as long as they desire and are
# able to do so with any degree of simultaneity in use.
# WHAT MUST A "USER" NOT DO WITH THIS PROGRAM ?
# 8) Any user of this program is not granted the freedom to procure a patent for the methods presented in this software, and agrees not to do so.
# 9) Any user of this program is not granted the freedom to arbitrarily procure a copyright on this software as presented, and agrees not to do so.
# 10) Any user of this program is not granted the freedom to obtain or retain intellectual property rights on this software as presented and agrees not to do so.
# 11) a) Any user of this program may use this software as part of a patented process, as a substitutable input into the process; however the user agrees not to attempt to patent this software as part of their patented process.
# 11) b) This software is a tool, like a hammer, and may be used in a process which applies for and gains a patent, as a substitutable input into the process;
# however the software tool itself may not be included in the patent or covered by the patent as a novel invention, and the user agrees not to do this and not to attempt to do this.
# WHO GRANTS THESE FREEDOMS ?
# 12) The creators of this software are the original developer,"Endwall", and anyone listed as being a member of "The Endware Development Team" by "Endwall", as well as ancillary contributors, and user modifiers and developers of the software.
# 13) The aforementioned freedoms of use listed in sections 4),5),6),and 7) are granted by the creators of this software and the Endware Development Team to any qualifying user listed in section 1) and
# comporting with any restrictions and qualifications mentioned in sections 2), 3), 8), 9), 10) and 11) of this LICENSE AGREEMENT.
# WHAT RELATIONSHIP DO THE USERS HAVE WITH THE CREATORS OF THE SOFTWARE ?
# 14) This software is distributed "AS IS" without any warranty and without any guaranty and the creators do not imply anything about its usefulness or efficacy.
# 15) If the user suffers or sustains financial loss, informational loss, material loss, physical loss or data loss as a result of using, running, or modifying this software
# the user agrees that they will hold the creators of this software, "The Endware Development Team", "Endwall", and the programmers involved in its creation, free from prosecution,
# free from indemnity, and free from liability, and will not attempt to seek restitution, compensation, or payment for any such loss real or imagined.
# 16) If a user makes a significant improvement to this software, and if this improvement is included in a release, the user agrees not to seek remuneration or payment
# from the creators of this software or from Endwall or from the Endware Development Team, for any such work contribution performed, and the user understands
# that there will be no such remuneration or payment rendered to them for any such contribution.
# END OF LICENSE AGREEMENT
##################################################################################################################################################################################
# ADDITIONAL NOTES:
# 17) If a user finds a significant flaw or makes a significant improvement to this software, please feel free to notify the original developers so that we may also
# include your user improvement in the next release; users are not obligated to do this, but we would enjoy this courtesy tremendously.
#
# 18) Sections 0) a) 0) b) and 1) a) are sufficient for use; however sections 1) b) through 1) i) are presented to clarify 1 a) and to enforce non-discrimination and non-exclusion of use.
# For example some people may choose to redefine the meaning of the words "person" "human being" or "sentient individual" to exclude certain types of people.
# This would be deemed unacceptable and is specifically rejected by the enumeration presented. If the wording presented is problematic please contact us and suggest a change,
# and it will be taken into consideration.
#################################################################################################################################################################################
#################################### BEGINNING OF CONFIGURATION ######################################################
############################ DAEMON AND DIRECTORIES #################################
compatibility_level = 2
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
default_privs = linux_username
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
###################### SERVER INFORMATION ##########################################
smtpd_banner = "MY HIDDEN MAIL SERVER $mydomain ESMTP"
mynetworks_style = host
myhostname = host.m6xf7ewtiekxmvqwqd.onion
mydomain = m6xf7ewtiekxmvqwqd.onion
myorigin = $mydomain
inet_interfaces = localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, web.$mydomain
mynetworks = 127.0.0.0/8, localhost, $myhostname, $mydomain
################## ALIASES AND VIRTUAL MAPS ##########################################################
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
local_recipient_maps = unix:passwd.byname $alias_maps
virtual_maps = hash:/etc/postfix/virtusertables
virtual_alias_maps = hash:/etc/postfix/virtual
###################### TLS ENCRYPTION #######################################################
smtp_tls_security_level = encrypt
smtpd_tls_security_level = encrypt
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
tls_random_bytes = 64
tls_random_reseed_period = 3600s
smtpd_use_tls = yes
smtpd_tls_ciphers = high
smtp_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, RC4, MD5, DES, 3DES, DES-CBC3-SHA, RC4-SHA, AES256-SHA, AES128-SHA
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_starttls_timeout = 360s
smtp_tls_session_cache_timeout = 3600s
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/tls/certs/smtpd.crt
smtpd_tls_key_file = /etc/tls/private/smtpd.key
###################### SASL AUTHENTICATION #################################################
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = no
smtpd_sasl_exceptions_networks = !localhost
smtp_sasl_security_options = noanonymous, noplaintext, nodictionary, noactive
################## RESTRICTIONS ###########################################################
smtpd_helo_restrictions = permit_mynetworks,
permit
smtpd_data_restrictions = reject_unauth_pipelining,
permit
smtpd_etrn_restrictions = permit_mynetworks,
reject
smtpd_client_restrictions = permit_mynetworks,
check client_access hash:/etc/postfix/client_access,
permit
smtpd_sender_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
permit_sasl_authenticated,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions = permit_mynetworks,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_unauth_pipelining,
reject_unauth_destination,
reject_non_fqdn_recipient,
permit_sasl_authenticated,
permit
################ OTHER CONFIGS ################################
mailbox_size_limit = 0
message_size_limit = 102400000
maximal_queue_lifetime = 2h
bounce_queue_lifetime = 1h
in_flow_delay = 1s
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10
smtpd_soft_error_limit = 2
smtpd_hard_error_limit = 5
smtpd_junk_command_limit = 3
strict_rfc821_envelopes = no
show_user_unknown_table_name = no
##################### REJECT CODES ########################
access_map_reject_code = 554
defer_code = 554
invalid_hostname_reject_code = 554
maps_rbl_reject_code = 554
non_fqdn_reject_code = 554
reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_sender_reject_code = 550
unknown_local_recipient_reject_code = 550
#################################################################
######################################### END OF CONFIGURATION #######################################################