swee revised this gist . Go to revision
1 file changed, 118 insertions
main.cf(file created)
| @@ -0,0 +1,118 @@ | |||
| 1 | + | # See /usr/share/postfix/main.cf.dist for a commented, more complete version | |
| 2 | + | ||
| 3 | + | # Debian specific: Specifying a file name will cause the first | |
| 4 | + | # line of that file to be used as the name. The Debian default | |
| 5 | + | # is /etc/mailname. | |
| 6 | + | #myorigin = /etc/mailname | |
| 7 | + | ||
| 8 | + | smtpd_banner = peppermint.node.swee.codes | |
| 9 | + | biff = no | |
| 10 | + | ||
| 11 | + | # appending .domain is the MUA's job. | |
| 12 | + | append_dot_mydomain = no | |
| 13 | + | ||
| 14 | + | # Uncomment the next line to generate "delayed mail" warnings | |
| 15 | + | #delay_warning_time = 4h | |
| 16 | + | ||
| 17 | + | readme_directory = no | |
| 18 | + | ||
| 19 | + | # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on | |
| 20 | + | # fresh installs. | |
| 21 | + | compatibility_level = 2 | |
| 22 | + | ||
| 23 | + | # TLS parameters | |
| 24 | + | smtpd_tls_cert_file=/etc/letsencrypt/live/peppermint.node.swee.codes/fullchain.pem | |
| 25 | + | smtpd_tls_key_file=/etc/letsencrypt/live/peppermint.node.swee.codes/privkey.pem | |
| 26 | + | smtpd_use_tls=yes | |
| 27 | + | smtpd_tls_auth_only = yes | |
| 28 | + | smtp_tls_security_level = may | |
| 29 | + | smtpd_tls_security_level = may | |
| 30 | + | smtpd_sasl_security_options = noanonymous, noplaintext | |
| 31 | + | smtpd_sasl_tls_security_options = noanonymous | |
| 32 | + | ||
| 33 | + | # Authentication | |
| 34 | + | smtpd_sasl_type = dovecot | |
| 35 | + | smtpd_sasl_path = private/auth | |
| 36 | + | smtpd_sasl_auth_enable = yes | |
| 37 | + | ||
| 38 | + | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |
| 39 | + | # information on enabling SSL in the smtp client. | |
| 40 | + | ||
| 41 | + | # Restrictions | |
| 42 | + | smtpd_helo_restrictions = | |
| 43 | + | permit_mynetworks, | |
| 44 | + | permit_sasl_authenticated, | |
| 45 | + | reject_invalid_helo_hostname, | |
| 46 | + | reject_non_fqdn_helo_hostname | |
| 47 | + | smtpd_recipient_restrictions = | |
| 48 | + | permit_mynetworks, | |
| 49 | + | permit_sasl_authenticated, | |
| 50 | + | reject_non_fqdn_recipient, | |
| 51 | + | reject_unknown_recipient_domain, | |
| 52 | + | reject_unlisted_recipient, | |
| 53 | + | reject_unauth_destination | |
| 54 | + | smtpd_sender_restrictions = | |
| 55 | + | permit_mynetworks, | |
| 56 | + | permit_sasl_authenticated, | |
| 57 | + | reject_non_fqdn_sender, | |
| 58 | + | reject_unknown_sender_domain | |
| 59 | + | smtpd_relay_restrictions = | |
| 60 | + | permit_mynetworks, | |
| 61 | + | permit_sasl_authenticated, | |
| 62 | + | defer_unauth_destination | |
| 63 | + | ||
| 64 | + | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |
| 65 | + | # information on enabling SSL in the smtp client. | |
| 66 | + | ||
| 67 | + | myhostname = peppermint.node.swee.codes | |
| 68 | + | alias_maps = hash:/etc/aliases | |
| 69 | + | alias_database = hash:/etc/aliases | |
| 70 | + | mydomain = swee.codes | |
| 71 | + | myorigin = swee.codes | |
| 72 | + | mydestination = localhost | |
| 73 | + | relayhost = | |
| 74 | + | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |
| 75 | + | mailbox_size_limit = 0 | |
| 76 | + | recipient_delimiter = + | |
| 77 | + | inet_interfaces = all | |
| 78 | + | inet_protocols = all | |
| 79 | + | ||
| 80 | + | # Handing off local delivery to Dovecot's LMTP, and telling it where to store mail | |
| 81 | + | virtual_transport = lmtp:unix:private/dovecot-lmtp | |
| 82 | + | ||
| 83 | + | # Virtual domains, users, and aliases | |
| 84 | + | virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf | |
| 85 | + | virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf | |
| 86 | + | virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, | |
| 87 | + | mysql:/etc/postfix/mysql-virtual-email2email.cf | |
| 88 | + | ||
| 89 | + | # Even more Restrictions and MTA params | |
| 90 | + | disable_vrfy_command = yes | |
| 91 | + | strict_rfc821_envelopes = yes | |
| 92 | + | #smtpd_etrn_restrictions = reject | |
| 93 | + | #smtpd_reject_unlisted_sender = yes | |
| 94 | + | #smtpd_reject_unlisted_recipient = yes | |
| 95 | + | smtpd_delay_reject = yes | |
| 96 | + | smtpd_helo_required = yes | |
| 97 | + | smtp_always_send_ehlo = yes | |
| 98 | + | #smtpd_hard_error_limit = 1 | |
| 99 | + | smtpd_timeout = 30s | |
| 100 | + | smtp_helo_timeout = 15s | |
| 101 | + | smtp_rcpt_timeout = 15s | |
| 102 | + | smtpd_recipient_limit = 40 | |
| 103 | + | minimal_backoff_time = 180s | |
| 104 | + | maximal_backoff_time = 3h | |
| 105 | + | ||
| 106 | + | # Reply Rejection Codes | |
| 107 | + | invalid_hostname_reject_code = 550 | |
| 108 | + | non_fqdn_reject_code = 550 | |
| 109 | + | unknown_address_reject_code = 550 | |
| 110 | + | unknown_client_reject_code = 550 | |
| 111 | + | unknown_hostname_reject_code = 550 | |
| 112 | + | unverified_recipient_reject_code = 550 | |
| 113 | + | unverified_sender_reject_code = 550 | |
| 114 | + | milter_protocol = 2 | |
| 115 | + | milter_default_action = accept | |
| 116 | + | smtpd_milters = inet:localhost:12301 | |
| 117 | + | non_smtpd_milters = inet:localhost:12301 | |
| 118 | + | spamassassin_destination_recipient_limit = 1 | |
Newer
Older