mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
127 lines
3.5 KiB
Django/Jinja
127 lines
3.5 KiB
Django/Jinja
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
# line of that file to be used as the name. The Debian default
|
|
# is /etc/mailname.
|
|
#myorigin = /etc/mailname
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file=/etc/ssl/certs/yunohost_crt.pem
|
|
smtpd_tls_key_file=/etc/ssl/private/yunohost_key.pem
|
|
smtpd_tls_CAfile = /etc/ssl/certs/ca-yunohost_crt.pem
|
|
smtpd_use_tls=yes
|
|
smtpd_tls_exclude_ciphers = aNULL, MD5, DES, ADH
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
myhostname = {{ domain }}
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|
|
mydomain = {{ domain }}
|
|
mydestination = localhost
|
|
relayhost =
|
|
mynetworks = 127.0.0.0/8
|
|
mailbox_command = procmail -a "$EXTENSION"
|
|
mailbox_size_limit = 0
|
|
recipient_delimiter = +
|
|
inet_interfaces = all
|
|
inet_protocols = ipv4
|
|
|
|
#### add yunohost ####
|
|
message_size_limit = 10240000
|
|
|
|
# Virtual Domains Control
|
|
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
|
|
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf
|
|
virtual_mailbox_base =
|
|
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
|
|
virtual_alias_domains =
|
|
virtual_minimum_uid = 100
|
|
virtual_uid_maps = static:vmail
|
|
virtual_gid_maps = static:mail
|
|
|
|
# Dovecot LDA
|
|
virtual_transport = dovecot
|
|
dovecot_destination_recipient_limit = 1
|
|
|
|
# Enable SASL authentication for the smtpd daemon
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_type = dovecot
|
|
smtpd_sasl_path = private/auth
|
|
# Fix some outlook's bugs
|
|
broken_sasl_auth_clients = yes
|
|
# Reject anonymous connections
|
|
smtpd_sasl_security_options = noanonymous
|
|
smtpd_sasl_local_domain =
|
|
|
|
|
|
# Use AMaVis
|
|
content_filter = amavis:[127.0.0.1]:10024
|
|
|
|
# Wait until the RCPT TO command before evaluating restrictions
|
|
smtpd_delay_reject = yes
|
|
|
|
# Basics Restrictions
|
|
smtpd_helo_required = yes
|
|
strict_rfc821_envelopes = yes
|
|
|
|
# Requirements for the connecting server
|
|
smtpd_client_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_rbl_client bl.spamcop.net,
|
|
reject_rbl_client cbl.abuseat.org,
|
|
reject_rbl_client sbl-xbl.spamhaus.org,
|
|
permit
|
|
|
|
# Requirements for the HELO statement
|
|
smtpd_helo_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_non_fqdn_hostname,
|
|
reject_invalid_hostname,
|
|
permit
|
|
|
|
# Requirements for the sender address
|
|
smtpd_sender_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_non_fqdn_sender,
|
|
reject_unknown_sender_domain,
|
|
permit
|
|
|
|
# Requirement for the recipient address
|
|
smtpd_recipient_restrictions =
|
|
permit_mynetworks,
|
|
permit_sasl_authenticated,
|
|
reject_non_fqdn_recipient,
|
|
reject_unknown_recipient_domain,
|
|
reject_unauth_destination,
|
|
check_policy_service unix:private/policy-spf
|
|
check_policy_service inet:127.0.0.1:10023
|
|
permit
|
|
|
|
# Use SPF
|
|
policy-spf_time_limit = 3600s
|
|
|
|
# SRS
|
|
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
|
|
sender_canonical_classes = envelope_sender
|
|
|
|
# Ignore some headers
|
|
smtp_header_checks = regexp:/etc/postfix/header_checks
|