1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 |
- #
- # /etc/postfix/main.cf (Salt managed)
- #
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- compatibility_level=2
- smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # TLS parameters
- smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.cert.pem
- smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key.pem
- smtpd_use_tls=yes
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- smtpd_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
- smtp_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
- smtp_tls_protocols = !SSLv2, !SSLv3
- smtpd_tls_protocols = !SSLv2 !SSLv3
- smtpd_tls_exclude_ciphers = RC4, aNULL
- smtp_tls_exclude_ciphers = RC4, aNULL
- # SASL parameters
- smtpd_sasl_auth_enable = yes
- broken_sasl_auth_clients = yes
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_local_domain =
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
- myhostname = mail.ffho.net
- alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
- alias_database = hash:/etc/aliases
- virtual_alias_domains = hash:/etc/postfix/virtual-domains
- virtual_alias_maps = hash:/etc/postfix/virtual-aliases
- myorigin = /etc/mailname
- mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
- relayhost =
- # Read mynetworks from file
- mynetworks = /etc/postfix/mynetworks
- mailbox_command = procmail -a "$EXTENSION"
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
-
- smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_checks,
- check_sender_access regexp:/etc/postfix/sender_checks_regexp,
- reject_non_fqdn_sender,
- reject_unknown_sender_domain
- smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient-rfc,
- reject_non_fqdn_recipient,
- reject_unknown_recipient_domain,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- reject_unauth_pipelining,
- # Local Whitelist to override greylisting
- check_client_access hash:/etc/postfix/greylist_override,
- # greylisting by greyfix:
- check_policy_service unix:private/greyfix,
- permit
- # switched from policyd-weight to postscreen on buster (policyd-weight didn't work anymore)
- postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
- postscreen_blacklist_action = drop
- postscreen_greet_action = enforce
- postscreen_dnsbl_threshold = 3
- postscreen_dnsbl_action = enforce
- postscreen_dnsbl_sites =
- pbl.spamhaus.org*2
- sbl-xbl.spamhaus.org*3
- bl.spamcop.net*2
- ix.dnsbl.manitu.net*3
- # MailScanner checks
- header_checks = regexp:/etc/postfix/header_checks
|