# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/yunohost_crt.pem
smtpd_tls_key_file=/etc/ssl/private/yunohost_key.pem
smtpd_tls_CAfile = /etc/ssl/certs/ca-yunohost_crt.pem
smtpd_use_tls=yes
smtpd_tls_exclude_ciphers = aNULL, MD5, DES, ADH
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = {{ domain }}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = {{ domain }}
mydestination = localhost
relayhost = 
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

#### add yunohost ####
message_size_limit = 10240000

# Virtual Domains Control 
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf 
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf 
virtual_mailbox_base = 
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf 
virtual_alias_domains = 
virtual_minimum_uid = 100 
virtual_uid_maps = static:vmail 
virtual_gid_maps = static:mail

# Dovecot LDA 
virtual_transport = dovecot 
dovecot_destination_recipient_limit = 1

# Enable SASL authentication for the smtpd daemon 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_type = dovecot 
smtpd_sasl_path = private/auth 
# Fix some outlook's bugs 
broken_sasl_auth_clients = yes 
# Reject anonymous connections 
smtpd_sasl_security_options = noanonymous 
smtpd_sasl_local_domain =


# Use AMaVis 
content_filter = amavis:[127.0.0.1]:10024

# Wait until the RCPT TO command before evaluating restrictions 
smtpd_delay_reject = yes 
 
# Basics Restrictions 
smtpd_helo_required = yes 
strict_rfc821_envelopes = yes 
 
# Requirements for the connecting server 
smtpd_client_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_rbl_client bl.spamcop.net, 
    reject_rbl_client cbl.abuseat.org, 
    reject_rbl_client sbl-xbl.spamhaus.org, 
    permit 
 
# Requirements for the HELO statement 
smtpd_helo_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_non_fqdn_hostname, 
    reject_invalid_hostname, 
    permit 
 
# Requirements for the sender address 
smtpd_sender_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_non_fqdn_sender, 
    reject_unknown_sender_domain,
    permit 
 
# Requirement for the recipient address 
smtpd_recipient_restrictions = 
    permit_mynetworks, 
    permit_sasl_authenticated, 
    reject_non_fqdn_recipient, 
    reject_unknown_recipient_domain, 
    reject_unauth_destination,
    check_policy_service unix:private/policy-spf
    check_policy_service inet:127.0.0.1:10023
    permit

# Use SPF
policy-spf_time_limit = 3600s

# SRS
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
sender_canonical_classes = envelope_sender

# Ignore some headers
smtp_header_checks = regexp:/etc/postfix/header_checks