123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 |
- # See /usr/share/postfix/main.cf.dist for a commented, more complete version
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # TLS parameters
- smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.cert.pem
- smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key.pem
- smtpd_use_tls=yes
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
- smtp_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
- smtp_tls_protocols = !SSLv2, !SSLv3
- smtpd_tls_protocols = !SSLv2 !SSLv3
- smtpd_tls_exclude_ciphers = RC4, aNULL
- smtp_tls_exclude_ciphers = RC4, aNULL
- # SASL parameters
- smtpd_sasl_auth_enable = yes
- broken_sasl_auth_clients = yes
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_local_domain =
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
- myhostname = mail.ffho.net
- alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
- alias_database = hash:/etc/aliases
- virtual_alias_domains = hash:/etc/postfix/virtual-domains
- virtual_alias_maps = hash:/etc/postfix/virtual-aliases
- #, hash:/var/lib/mailman/data/virtual-mailman
- myorigin = /etc/mailname
- mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
- relayhost =
- # TAKE CARE! If using postfix-to-mailman.py:
- # never ever put a (sub)domain into $relay_domains AND $virtual_alias_domains
- #relay_domains = lists.ffho.net
- #relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
- #transport_maps = hash:/etc/postfix/transport
- #mailman_destination_recipient_limit = 1
- #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mynetworks = /etc/postfix/mynetworks
- mailbox_command = procmail -a "$EXTENSION"
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
-
- smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_checks,
- check_sender_access regexp:/etc/postfix/sender_checks_regexp,
- reject_non_fqdn_sender,
- reject_unknown_sender_domain
- smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient-rfc,
- reject_non_fqdn_recipient,
- reject_unknown_recipient_domain,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- reject_unauth_pipelining,
- #Local Whitelist to override greylisting and RBL checks
- check_client_access hash:/etc/postfix/rbl_override,
- #embed policyd-weight daemon: RBL quorum instead of termination by vote of only ONE RBL
- check_policy_service inet:127.0.0.1:12525,
- #greylisting by greyfix:
- check_policy_service unix:private/greyfix,
- permit
- #insert MailScanner checks
- header_checks = regexp:/etc/postfix/header_checks
|