forked from infra/ansible
89 lines
2.9 KiB
Django/Jinja
89 lines
2.9 KiB
Django/Jinja
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
inet_interfaces = all
|
|
|
|
message_size_limit = 50000000
|
|
recipient_delimiter = +
|
|
|
|
mydomain = {{ mail_domain }}
|
|
myhostname = {{ ansible_fqdn }}
|
|
myorigin = {{ ansible_fqdn }}
|
|
mydestination = localhost.{{ mail_domain }}, localhost
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|
|
relayhost =
|
|
|
|
# TLS parameters
|
|
smtp_use_tls = yes
|
|
smtp_tls_loglevel = 2
|
|
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
smtpd_use_tls=yes
|
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
smtpd_sasl_type = dovecot
|
|
smtpd_sasl_path = private/auth
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_security_options = noanonymous
|
|
|
|
smtpd_helo_restrictions = permit_mynetwork
|
|
warn_if_reject reject_non_fqdn_hostname
|
|
check_helo_access hash:/etc/postfix/helo_access
|
|
#check_client_access cidr:/etc/postfix/client_access
|
|
|
|
smtpd_recipient_restrictions = permit_mynetworks
|
|
permit_sasl_authenticated
|
|
reject_unauth_destination
|
|
check_recipient_access hash:/etc/postfix/recipient_access
|
|
|
|
smtpd_data_restrictions = warn_if_reject reject_unauth_pipelining
|
|
|
|
smtpd_restriction_classes = rbl, rblgrey
|
|
|
|
rbl = reject_rbl_client sbl.spamhaus.org
|
|
reject_rbl_client cbl.abuseat.org
|
|
|
|
rblgrey = reject_rbl_client sbl.spamhaus.org
|
|
reject_rbl_client cbl.abuseat.org
|
|
check_policy_service unix:private/spfpolicy
|
|
check_policy_service inet:127.0.0.1:10023
|
|
|
|
content_filter = amavis:[127.0.0.1]:10024
|
|
receive_override_options = no_address_mappings
|
|
|
|
virtual_mailbox_domains = {{ mail_domain }}
|
|
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
|
|
virtual_alias_maps = hash:/etc/postfix/virtual_alias
|
|
#virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual-maps.cf
|
|
#virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap-aliases.cf
|
|
|
|
virtual_transport = dovecot
|
|
dovecot_destination_recipient_limit = 1
|
|
|