101 lines
2.9 KiB
Django/Jinja
101 lines
2.9 KiB
Django/Jinja
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
|
# fresh installs.
|
|
compatibility_level = 2
|
|
|
|
mailbox_size_limit = 0
|
|
|
|
myhostname = mail.{{ base_domain }}
|
|
mydomain = {{ base_domain }}
|
|
alias_maps = hash:/etc/aliases
|
|
myorigin = $mydomain
|
|
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
|
|
relayhost =
|
|
relay_domains =
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ ipv4_subnet }}
|
|
mailbox_size_limit = 0
|
|
recipient_delimiter = +
|
|
inet_interfaces = {{ mail_ipv4_addr }}, 127.0.0.1
|
|
inet_protocols = ipv4, ipv6
|
|
|
|
require_home_directory = yes
|
|
|
|
# Procmail
|
|
mailbox_command = procmail -a "$EXTENSION"
|
|
|
|
# rewrite @foo.csclub.internal to @csclub.internal for locally generated mail
|
|
masquerade_domains = $mydomain
|
|
masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
|
|
local_header_rewrite_clients = permit_inet_interfaces, permit_mynetworks
|
|
|
|
# SpamAssassin
|
|
milter_default_action = accept
|
|
milter_connect_macros = j {daemon_name} v {if_name} _
|
|
non_smtpd_milters = $smtpd_milters
|
|
smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock
|
|
|
|
# TLS parameters
|
|
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
#smtpd_use_tls=yes
|
|
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
# HELO restrictions
|
|
smtpd_helo_required = yes
|
|
smtpd_helo_restrictions =
|
|
permit_mynetworks,
|
|
reject_invalid_helo_hostname,
|
|
#reject_non_fqdn_helo_hostname,
|
|
permit
|
|
|
|
# Sender (MAIL FROM) restrictions
|
|
smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre
|
|
smtpd_sender_restrictions =
|
|
permit_mynetworks,
|
|
reject_sender_login_mismatch,
|
|
reject_non_fqdn_sender
|
|
#reject_unknown_sender_domain
|
|
|
|
# Relay restrictions
|
|
smtpd_relay_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_unauth_destination
|
|
|
|
# Recipient (RCPT TO) restrictions
|
|
smtpd_recipient_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_unauth_destination,
|
|
reject_non_fqdn_recipient,
|
|
#reject_unknown_reverse_client_hostname,
|
|
reject_unknown_recipient_domain
|
|
|
|
# SASL
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_type = dovecot
|
|
smtpd_sasl_path = private/auth
|
|
broken_sasl_auth_clients = yes
|