diff options
| -rw-r--r-- | konfigurera.mdwn | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/konfigurera.mdwn b/konfigurera.mdwn index 9ba1e3a..7c249ac 100644 --- a/konfigurera.mdwn +++ b/konfigurera.mdwn @@ -148,22 +148,22 @@ address. Pick (only one) of the following sections. ### Single relayhost (`smtp.fripost.org:587`) for all outgoing messages -Create a file `/etc/postfix/sasl/passwd` +Create a file `/etc/postfix/sasl/passwd`: sudo install -m 0400 /dev/null /etc/postfix/sasl/passwd (it should only be readable by the superuser). Edit it and enter your credentials in the following format: - [smtp.fripost.org]:587 USERNAME@fripost.org:XXXXXXXX + [smtp.fripost.org]:587 USERNAME@fripost.org:XXXXXXXX Now you need to hash the file using `postmap(1)`: sudo postmap hash:/etc/postfix/sasl/passwd -(Postfix doesn't read the file directly, but the compiled lookup table. -Thus you'll have to run that command again whenever the file is updated.) - +(Postfix doesn't read the file directly, but the compiled lookup table +instead. Thus you'll have to run `postmap(1)` again whenever the file +is updated.) Now add the following to `/etc/postfix/main.cf`: mynetworks_style = host @@ -200,10 +200,10 @@ based on the envelope sender address. This is useful if you want to use Create a file `/etc/postfix/sasl/passwd` as before (ensure that only the superuser can read it!), and enter all your credentials: - [smtp.fripost.org]:587 USERNAME1@fripost.org:XXXXXXXX - [smtp.example.org]:587 USERNAME2@example.org:XXXXXXXX + [smtp.fripost.org]:587 USERNAME1@fripost.org:XXXXXXXX + [smtp.example.org]:587 USERNAME2@example.org:XXXXXXXX -Next, write your SSL/TLS client policy in `/etc/postfix/tls_policy` +Next, write your SSL/TLS client policy in `/etc/postfix/tls_policy`: [smtp.example.org]:587 secure ciphers=high protocols=!SSLv2:!SSLv3 [smtp.fripost.org]:587 fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1 @@ -212,14 +212,14 @@ Next, write your SSL/TLS client policy in `/etc/postfix/tls_policy` (see `postconf(5)` for details; the fingerprint of our [server certificate](http://git.fripost.org/fripost-ansible/plain/certs/public/smtp.fripost.org.pem)'s public key can be found [here](https://fripost.org/certs.asc)), -and your relayhost policy in `/etc/postfix/relayhost_map` +and your relayhost policy in `/etc/postfix/relayhost_map`: @fripost.org [smtp.fripost.org]:587 @example.org [smtp.example.org]:587 -Here, we tell Postfix to use the `smtp.fripost.org:587` relayhost for -which the envelope sender address is under the `fripost.org` domain, and -the `smtp.example.org:587` relayhost for which the envelope sender +Here, we tell Postfix to use the `smtp.fripost.org:587` relayhost when +the envelope sender address is under the `fripost.org` domain, and +the `smtp.example.org:587` relayhost for when the envelope sender address is under the `example.org` domain. (The brackets around the hostname tell Postfix not perform MX lookups.) @@ -232,7 +232,7 @@ Ensure to compile the lookup tables for all files that have been edited: The configuration in `/etc/postfix/main.cf` is like that of the previous section, except that we're replacing the `smtp_tls_*` options by `smtp_tls_policy_maps`. We also keep a default `relayhost` value for -envelope sender addresses that don't map the `relayhost_map` lookup +envelope sender addresses that don't match the `relayhost_map` lookup table. mynetworks_style = host |