main.cf.mail.in.ffho.net 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
  2. # Debian specific: Specifying a file name will cause the first
  3. # line of that file to be used as the name. The Debian default
  4. # is /etc/mailname.
  5. #myorigin = /etc/mailname
  6. smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
  7. biff = no
  8. # appending .domain is the MUA's job.
  9. append_dot_mydomain = no
  10. # Uncomment the next line to generate "delayed mail" warnings
  11. #delay_warning_time = 4h
  12. readme_directory = no
  13. # TLS parameters
  14. smtpd_tls_cert_file=/etc/ssl/certs/mail.ffho.net.cert.pem
  15. smtpd_tls_key_file=/etc/ssl/private/mail.ffho.net.key.pem
  16. smtpd_use_tls=yes
  17. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  18. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  19. smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
  20. smtp_tls_mandatory_protocols = TLSv1.2 TLSv1.1 !TLSv1 !SSLv2 !SSLv3
  21. smtp_tls_protocols = !SSLv2, !SSLv3
  22. smtpd_tls_protocols = !SSLv2 !SSLv3
  23. smtpd_tls_exclude_ciphers = RC4, aNULL
  24. smtp_tls_exclude_ciphers = RC4, aNULL
  25. # SASL parameters
  26. smtpd_sasl_auth_enable = yes
  27. broken_sasl_auth_clients = yes
  28. smtpd_sasl_security_options = noanonymous
  29. smtpd_sasl_local_domain =
  30. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
  31. # information on enabling SSL in the smtp client.
  32. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
  33. myhostname = mail.ffho.net
  34. alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
  35. alias_database = hash:/etc/aliases
  36. virtual_alias_domains = hash:/etc/postfix/virtual-domains
  37. virtual_alias_maps = hash:/etc/postfix/virtual-aliases
  38. #, hash:/var/lib/mailman/data/virtual-mailman
  39. myorigin = /etc/mailname
  40. mydestination = ffho.net, mail.in.ffho.net, mail.ffho.net, lists.ffho.net, localhost
  41. relayhost =
  42. # TAKE CARE! If using postfix-to-mailman.py:
  43. # never ever put a (sub)domain into $relay_domains AND $virtual_alias_domains
  44. #relay_domains = lists.ffho.net
  45. #relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
  46. #transport_maps = hash:/etc/postfix/transport
  47. #mailman_destination_recipient_limit = 1
  48. #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  49. mynetworks = /etc/postfix/mynetworks
  50. mailbox_command = procmail -a "$EXTENSION"
  51. mailbox_size_limit = 0
  52. recipient_delimiter = +
  53. inet_interfaces = all
  54. smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_checks,
  55. check_sender_access regexp:/etc/postfix/sender_checks_regexp,
  56. reject_non_fqdn_sender,
  57. reject_unknown_sender_domain
  58. smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access_recipient-rfc,
  59. reject_non_fqdn_recipient,
  60. reject_unknown_recipient_domain,
  61. permit_mynetworks,
  62. permit_sasl_authenticated,
  63. reject_unauth_destination,
  64. reject_unauth_pipelining,
  65. #Local Whitelist to override greylisting and RBL checks
  66. check_client_access hash:/etc/postfix/rbl_override,
  67. #embed policyd-weight daemon: RBL quorum instead of termination by vote of only ONE RBL
  68. check_policy_service inet:127.0.0.1:12525,
  69. #greylisting by greyfix:
  70. check_policy_service unix:private/greyfix,
  71. permit
  72. #insert MailScanner checks
  73. header_checks = regexp:/etc/postfix/header_checks