|
@@ -1,95 +0,0 @@
|
|
-#
|
|
|
|
-# /etc/postfix/main.cf (Salt managed)
|
|
|
|
-#
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-# Debian specific: Specifying a file name will cause the first
|
|
|
|
-# line of that file to be used as the name. The Debian default
|
|
|
|
-# is /etc/mailname.
|
|
|
|
-#myorigin = /etc/mailname
|
|
|
|
-
|
|
|
|
-compatibility_level=2
|
|
|
|
-
|
|
|
|
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
|
|
-biff = no
|
|
|
|
-
|
|
|
|
-# appending .domain is the MUA's job.
|
|
|
|
-append_dot_mydomain = no
|
|
|
|
-
|
|
|
|
-# Uncomment the next line to generate "delayed mail" warnings
|
|
|
|
-#delay_warning_time = 4h
|
|
|
|
-
|
|
|
|
-readme_directory = no
|
|
|
|
-
|
|
|
|
-# TLS parameters
|
|
|
|
-smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.cert.pem
|
|
|
|
-smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key.pem
|
|
|
|
-smtpd_use_tls=yes
|
|
|
|
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
|
|
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
-smtpd_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
|
|
|
|
-smtp_tls_mandatory_protocols = TLSv1.3 TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
|
|
|
|
-smtp_tls_protocols = !SSLv2, !SSLv3
|
|
|
|
-smtpd_tls_protocols = !SSLv2 !SSLv3
|
|
|
|
-smtpd_tls_exclude_ciphers = RC4, aNULL
|
|
|
|
-smtp_tls_exclude_ciphers = RC4, aNULL
|
|
|
|
-
|
|
|
|
-# SASL parameters
|
|
|
|
-smtpd_sasl_auth_enable = yes
|
|
|
|
-broken_sasl_auth_clients = yes
|
|
|
|
-smtpd_sasl_security_options = noanonymous
|
|
|
|
-smtpd_sasl_local_domain =
|
|
|
|
-
|
|
|
|
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
|
|
-# information on enabling SSL in the smtp client.
|
|
|
|
-
|
|
|
|
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
|
|
|
-myhostname = mail.ffho.net
|
|
|
|
-alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
|
|
|
|
-alias_database = hash:/etc/aliases
|
|
|
|
-virtual_alias_domains = hash:/etc/postfix/virtual-domains
|
|
|
|
-virtual_alias_maps = hash:/etc/postfix/virtual-aliases
|
|
|
|
-
|
|
|
|
-myorigin = /etc/mailname
|
|
|
|
-mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
|
|
|
|
-relayhost =
|
|
|
|
-
|
|
|
|
-# Read mynetworks from file
|
|
|
|
-mynetworks = /etc/postfix/mynetworks
|
|
|
|
-mailbox_command = procmail -a "$EXTENSION"
|
|
|
|
-mailbox_size_limit = 0
|
|
|
|
-recipient_delimiter = +
|
|
|
|
-inet_interfaces = all
|
|
|
|
-
|
|
|
|
-smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_checks,
|
|
|
|
- check_sender_access regexp:/etc/postfix/sender_checks_regexp,
|
|
|
|
- reject_non_fqdn_sender,
|
|
|
|
- reject_unknown_sender_domain
|
|
|
|
-
|
|
|
|
-smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient-rfc,
|
|
|
|
- reject_non_fqdn_recipient,
|
|
|
|
- reject_unknown_recipient_domain,
|
|
|
|
- permit_mynetworks,
|
|
|
|
- permit_sasl_authenticated,
|
|
|
|
- reject_unauth_destination,
|
|
|
|
- reject_unauth_pipelining,
|
|
|
|
- # Local Whitelist to override greylisting
|
|
|
|
- check_client_access hash:/etc/postfix/greylist_override,
|
|
|
|
- # greylisting by greyfix:
|
|
|
|
- check_policy_service unix:private/greyfix,
|
|
|
|
- permit
|
|
|
|
-
|
|
|
|
-# switched from policyd-weight to postscreen on buster (policyd-weight didn't work anymore)
|
|
|
|
-postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
|
|
|
|
-postscreen_blacklist_action = drop
|
|
|
|
-postscreen_greet_action = enforce
|
|
|
|
-postscreen_dnsbl_threshold = 3
|
|
|
|
-postscreen_dnsbl_action = enforce
|
|
|
|
-postscreen_dnsbl_sites =
|
|
|
|
- pbl.spamhaus.org*2
|
|
|
|
- sbl-xbl.spamhaus.org*3
|
|
|
|
- bl.spamcop.net*2
|
|
|
|
- ix.dnsbl.manitu.net*3
|
|
|
|
-
|
|
|
|
-# MailScanner checks
|
|
|
|
-header_checks = regexp:/etc/postfix/header_checks
|
|
|