main.cf - Opengist

Revision a25e6d68e4159e3493656e86a8dd872201dbb19e

main.cf · 3.6 KiB · CFEngine3 Raw

# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = peppermint.node.swee.codes biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/peppermint.node.swee.codes/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/peppermint.node.swee.codes/privkey.pem smtpd_use_tls=yes smtpd_tls_auth_only = yes smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous # Authentication smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. # Restrictions smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = peppermint.node.swee.codes alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydomain = swee.codes myorigin = swee.codes mydestination = localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all # Handing off local delivery to Dovecot's LMTP, and telling it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp # Virtual domains, users, and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf # Even more Restrictions and MTA params disable_vrfy_command = yes strict_rfc821_envelopes = yes #smtpd_etrn_restrictions = reject #smtpd_reject_unlisted_sender = yes #smtpd_reject_unlisted_recipient = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtp_always_send_ehlo = yes #smtpd_hard_error_limit = 1 smtpd_timeout = 30s smtp_helo_timeout = 15s smtp_rcpt_timeout = 15s smtpd_recipient_limit = 40 minimal_backoff_time = 180s maximal_backoff_time = 3h # Reply Rejection Codes invalid_hostname_reject_code = 550 non_fqdn_reject_code = 550 unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 milter_protocol = 2 milter_default_action = accept smtpd_milters = inet:localhost:12301 non_smtpd_milters = inet:localhost:12301 spamassassin_destination_recipient_limit = 1

1	# See /usr/share/postfix/main.cf.dist for a commented, more complete version
2
3	# Debian specific: Specifying a file name will cause the first
4	# line of that file to be used as the name. The Debian default
5	# is /etc/mailname.
6	#myorigin = /etc/mailname
7
8	smtpd_banner = peppermint.node.swee.codes
9	biff = no
10
11	# appending .domain is the MUA's job.
12	append_dot_mydomain = no
13
14	# Uncomment the next line to generate "delayed mail" warnings
15	#delay_warning_time = 4h
16
17	readme_directory = no
18
19	# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
20	# fresh installs.
21	compatibility_level = 2
22
23	# TLS parameters
24	smtpd_tls_cert_file=/etc/letsencrypt/live/peppermint.node.swee.codes/fullchain.pem
25	smtpd_tls_key_file=/etc/letsencrypt/live/peppermint.node.swee.codes/privkey.pem
26	smtpd_use_tls=yes
27	smtpd_tls_auth_only = yes
28	smtp_tls_security_level = may
29	smtpd_tls_security_level = may
30	smtpd_sasl_security_options = noanonymous, noplaintext
31	smtpd_sasl_tls_security_options = noanonymous
32
33	# Authentication
34	smtpd_sasl_type = dovecot
35	smtpd_sasl_path = private/auth
36	smtpd_sasl_auth_enable = yes
37
38	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
39	# information on enabling SSL in the smtp client.
40
41	# Restrictions
42	smtpd_helo_restrictions =
43	permit_mynetworks,
44	permit_sasl_authenticated,
45	reject_invalid_helo_hostname,
46	reject_non_fqdn_helo_hostname
47	smtpd_recipient_restrictions =
48	permit_mynetworks,
49	permit_sasl_authenticated,
50	reject_non_fqdn_recipient,
51	reject_unknown_recipient_domain,
52	reject_unlisted_recipient,
53	reject_unauth_destination
54	smtpd_sender_restrictions =
55	permit_mynetworks,
56	permit_sasl_authenticated,
57	reject_non_fqdn_sender,
58	reject_unknown_sender_domain
59	smtpd_relay_restrictions =
60	permit_mynetworks,
61	permit_sasl_authenticated,
62	defer_unauth_destination
63
64	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
65	# information on enabling SSL in the smtp client.
66
67	myhostname = peppermint.node.swee.codes
68	alias_maps = hash:/etc/aliases
69	alias_database = hash:/etc/aliases
70	mydomain = swee.codes
71	myorigin = swee.codes
72	mydestination = localhost
73	relayhost =
74	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
75	mailbox_size_limit = 0
76	recipient_delimiter = +
77	inet_interfaces = all
78	inet_protocols = all
79
80	# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
81	virtual_transport = lmtp:unix:private/dovecot-lmtp
82
83	# Virtual domains, users, and aliases
84	virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
85	virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
86	virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
87	mysql:/etc/postfix/mysql-virtual-email2email.cf
88
89	# Even more Restrictions and MTA params
90	disable_vrfy_command = yes
91	strict_rfc821_envelopes = yes
92	#smtpd_etrn_restrictions = reject
93	#smtpd_reject_unlisted_sender = yes
94	#smtpd_reject_unlisted_recipient = yes
95	smtpd_delay_reject = yes
96	smtpd_helo_required = yes
97	smtp_always_send_ehlo = yes
98	#smtpd_hard_error_limit = 1
99	smtpd_timeout = 30s
100	smtp_helo_timeout = 15s
101	smtp_rcpt_timeout = 15s
102	smtpd_recipient_limit = 40
103	minimal_backoff_time = 180s
104	maximal_backoff_time = 3h
105
106	# Reply Rejection Codes
107	invalid_hostname_reject_code = 550
108	non_fqdn_reject_code = 550
109	unknown_address_reject_code = 550
110	unknown_client_reject_code = 550
111	unknown_hostname_reject_code = 550
112	unverified_recipient_reject_code = 550
113	unverified_sender_reject_code = 550
114	milter_protocol = 2
115	milter_default_action = accept
116	smtpd_milters = inet:localhost:12301
117	non_smtpd_milters = inet:localhost:12301
118	spamassassin_destination_recipient_limit = 1