FreifunkHochstift
/
ffho-salt-public


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
							# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.crt
smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL

# SASL parameters
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = 

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.ffho.net
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
virtual_alias_domains = hash:/etc/postfix/virtual-domains
virtual_alias_maps = hash:/etc/postfix/virtual-aliases
#, hash:/var/lib/mailman/data/virtual-mailman
myorigin = /etc/mailname
mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
relayhost = 
# TAKE CARE! If using postfix-to-mailman.py:
# never ever put a (sub)domain into $relay_domains AND $virtual_alias_domains
#relay_domains = lists.ffho.net
#relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
#transport_maps = hash:/etc/postfix/transport
#mailman_destination_recipient_limit = 1
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = /etc/postfix/mynetworks
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
 				
smtpd_sender_restrictions =     check_sender_access hash:/etc/postfix/sender_checks,   
				check_sender_access regexp:/etc/postfix/sender_checks_regexp,
                                reject_non_fqdn_sender,
                                reject_unknown_sender_domain

smtpd_recipient_restrictions =  check_recipient_access hash:/etc/postfix/access_recipient-rfc,
                                reject_non_fqdn_recipient,
                                reject_unknown_recipient_domain, 
                                permit_mynetworks, 
                                permit_sasl_authenticated,
                                reject_unauth_destination, 
                                reject_unauth_pipelining,
                                #Local Whitelist to override greylisting and RBL checks
                                check_client_access hash:/etc/postfix/rbl_override,
                                #embed policyd-weight daemon: RBL quorum instead of termination by vote of only ONE RBL
                                check_policy_service inet:127.0.0.1:12525,
                                #greylisting by greyfix:
				check_policy_service unix:private/greyfix,
				permit

#insert MailScanner checks
header_checks = regexp:/etc/postfix/header_checks