myvemailbackup/build/run/installer.sh

#!/usr/bin/env bash

###############
#//
#//  Postfix
#//
###############
# Postfix
postconf -e 'myorigin = $mydomain'
postconf -e 'inet_interfaces = all'
postconf -e 'inet_protocols = ipv4'
postconf -e 'smtp_address_preference = ipv4'
postconf -e 'message_size_limit = 0'
postconf -e 'mailbox_size_limit = 0'

# Touch aliases db
newaliases

# Logging
postconf -e "maillog_file = /var/log/maillog"

# Backup mail server specific settings
postconf -e 'maximal_queue_lifetime = 30d'
postconf -e 'minimal_backoff_time = 60s'
postconf -e 'relay_recipient_maps = '
postconf -e "relay_domains = lmdb:/etc/postfix/relaydomains"
postconf -e "transport_maps = lmdb:/etc/postfix/transportmaps"

# Security
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtp_tls_security_level = may'

postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop'
postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
postconf -e 'smtp_tls_loglevel = 1'
openssl rehash /etc/ssl/certs || c_rehash /etc/ssl/certs

[ -d /etc/postfix/ssl/ ] || mkdir -p /etc/postfix/ssl/
postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/tls.key"
postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/tls.pem"

# # Enforce TLSv1.2 or TLSv1.2
postconf -e "smtpd_tls_protocols = >=TLSv1.2"

# Spam filters (https://www.linuxbabe.com/mail-server/block-email-spam-postfix)
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_helo_access lmdb:/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

# Check postqueue every 5 seconds
install /dev/stdin /usr/local/bin/postqueue-check >/dev/null <<'postqueue'
#!/usr/bin/env bash
if postqueue -p | grep -q 'Mail queue is empty'
then
    exit 0
else
    postqueue -f
fi
postqueue
First commit 2024-12-19 20:27:46 +00:00			`#!/usr/bin/env bash`

			`###############`
			`#//`
			`#// Postfix`
			`#//`
			`###############`
			`# Postfix`
			`postconf -e 'myorigin = $mydomain'`
			`postconf -e 'inet_interfaces = all'`
			`postconf -e 'inet_protocols = ipv4'`
			`postconf -e 'smtp_address_preference = ipv4'`
			`postconf -e 'message_size_limit = 0'`
			`postconf -e 'mailbox_size_limit = 0'`

			`# Touch aliases db`
			`newaliases`

			`# Logging`
			`postconf -e "maillog_file = /var/log/maillog"`

			`# Backup mail server specific settings`
			`postconf -e 'maximal_queue_lifetime = 30d'`
			`postconf -e 'minimal_backoff_time = 60s'`
			`postconf -e 'relay_recipient_maps = '`
			`postconf -e "relay_domains = lmdb:/etc/postfix/relaydomains"`
			`postconf -e "transport_maps = lmdb:/etc/postfix/transportmaps"`

			`# Security`
			`postconf -e 'smtpd_tls_security_level = may'`
			`postconf -e 'smtp_tls_security_level = may'`

			`postconf -e 'smtpd_tls_loglevel = 1'`
			`postconf -e 'smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop'`
			`postconf -e 'smtp_tls_CApath = /etc/ssl/certs'`
			`postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"`
			`postconf -e 'smtp_tls_loglevel = 1'`
			`openssl rehash /etc/ssl/certs \|\| c_rehash /etc/ssl/certs`

			`[ -d /etc/postfix/ssl/ ] \|\| mkdir -p /etc/postfix/ssl/`
			`postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/tls.key"`
			`postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/tls.pem"`

			`# # Enforce TLSv1.2 or TLSv1.2`
			`postconf -e "smtpd_tls_protocols = >=TLSv1.2"`

			`# Spam filters (https://www.linuxbabe.com/mail-server/block-email-spam-postfix)`
			`postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname"`
			`postconf -e "smtpd_helo_required = yes"`
			`postconf -e "smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_helo_access lmdb:/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname"`
			`postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"`

			`# Check postqueue every 5 seconds`
			`install /dev/stdin /usr/local/bin/postqueue-check >/dev/null <<'postqueue'`
			`#!/usr/bin/env bash`
			`if postqueue -p \| grep -q 'Mail queue is empty'`
			`then`
			`exit 0`
			`else`
			`postqueue -f`
			`fi`
			`postqueue`