94 lines
2.8 KiB
CFEngine3
94 lines
2.8 KiB
CFEngine3
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
smtpd_banner = $myhostname ESMTP
|
|
biff = no
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
readme_directory = no
|
|
|
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
|
# fresh installs.
|
|
compatibility_level = 2
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file=/etc/letsencrypt/live/thunix.net/fullchain.pem
|
|
smtpd_tls_key_file=/etc/letsencrypt/live/thunix.net/privkey.pem
|
|
smtpd_use_tls=yes
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
smtp_tls_security_level = may
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
|
myhostname = thunix.net
|
|
|
|
mydomain = thunix.net
|
|
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|
|
|
|
#myorigin = /etc/mailname
|
|
myorigin = $mydomain
|
|
|
|
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost, thunix.cf
|
|
relayhost =
|
|
mynetworks = 127.0.0.0/8
|
|
mailbox_size_limit = 0
|
|
recipient_delimiter = +
|
|
inet_interfaces = all
|
|
inet_protocols = all
|
|
#inet_protocols = ipv4
|
|
|
|
home_mailbox = Maildir/
|
|
|
|
# SMTP-Auth settings
|
|
smtpd_sasl_type = dovecot
|
|
smtpd_sasl_path = private/auth
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_security_options = noanonymous
|
|
smtpd_sasl_local_domain = $myhostname
|
|
|
|
# Enforce the requirement for a helo to be sent for each message
|
|
smtpd_helo_required = yes
|
|
|
|
# Don't accept mail from domains that don't exist.
|
|
smtpd_sender_restrictions = reject_unknown_sender_domain
|
|
|
|
#Allow ONLY authenticated users to send email
|
|
smtpd_recipient_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_unauth_destination,
|
|
reject_invalid_hostname,
|
|
reject_unauth_pipelining,
|
|
reject_non_fqdn_sender,
|
|
reject_non_fqdn_recipient,
|
|
reject_unknown_sender_domain,
|
|
reject_unknown_recipient_domain,
|
|
reject_unknown_reverse_client_hostname,
|
|
check_policy_service unix:private/policyd-spf,
|
|
reject_rbl_client bl.fmb.la=127.0.1.[24;25;26;27;28],
|
|
reject_rbl_client spam.dnsbl.anonmails.de,
|
|
reject_rbl_client uribl.abuse.ro,
|
|
reject_rbl_client all.spamrats.com,
|
|
reject_rbl_client sbl.spamhaus.org,
|
|
reject_rbl_client xbl.spamhaus.org,
|
|
reject_rbl_client pbl.spamhaus.org,
|
|
reject_rbl_client blackholes.tepucom.nl,
|
|
reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
|
|
reject_rbl_client truncate.gbudb.net,
|
|
reject_rhsbl_sender dbl.spamhaus.org
|
|
|
|
policyd-spf_time_limit = 3600
|
|
|
|
milter_default_action = accept
|
|
milter_protocol = 6
|
|
smtpd_milters = local:opendkim/opendkim.sock
|
|
non_smtpd_milters = $smtpd_milters
|
|
|
|
# message delivery requests that any client is allowed (50/hr)
|
|
smtpd_client_auth_rate_limit = 50
|
|
anvil_rate_time_unit = 60m
|