83 lines
2.7 KiB
Django/Jinja
83 lines
2.7 KiB
Django/Jinja
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
|
|
# smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
|
|
smtpd_banner = {{ local_smtpd_banner }}
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
|
# fresh installs.
|
|
compatibility_level = 2
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
smtpd_use_tls=yes
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
|
myhostname = {{ local_smtp_relay_hostname }}
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|
|
myorigin = /etc/mailname
|
|
mydestination = $myhostname, localhost
|
|
relayhost = [{{ upstream_smtp_relay_server }}]:{{ upstream_smtp_relay_port }}
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
mailbox_size_limit = 0
|
|
recipient_delimiter = +
|
|
# inet_interfaces = loopback-only
|
|
inet_interfaces = all
|
|
inet_protocols = all
|
|
|
|
# http://www.postfix.org/SASL_README.html
|
|
|
|
smtpd_sasl_type = cyrus
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_path = smtpd
|
|
|
|
# https://wiki.debian.org/PostfixAndSASL
|
|
# smtpd authenticates users into aperture postfix
|
|
|
|
cyrus_sasl_config_path = /etc/postfix/sasl
|
|
smtpd_sasl_local_domain = $myhostname
|
|
smtpd_sasl_auth_enable = yes
|
|
broken_sasl_auth_clients = yes
|
|
smtpd_sasl_security_options = noanonymous
|
|
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
|
|
|
|
# https://www.linode.com/docs/email/postfix/postfix-smtp-debian7/
|
|
|
|
# smtp authenticates aperture postfix oubound/upstream to smtp2go
|
|
|
|
# enable SASL authentication
|
|
smtp_sasl_auth_enable = yes
|
|
# disallow methods that allow anonymous authentication.
|
|
smtp_sasl_security_options = noanonymous
|
|
# where to find sasl_passwd
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
|
# Enable STARTTLS encryption
|
|
smtp_use_tls = yes
|
|
# where to find CA certificates
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
|
|
# Add users by using saslpasswd2
|
|
# https://www.planetcobalt.net/patrick.koetter/smtpauth/sasldb_configuration.html
|