main.cf.j2 3.62 KB
Newer Older
Hinrikus Wolf's avatar
Hinrikus Wolf committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_use_tls = yes
smtpd_tls_cert_file=/var/lib/acme/live/wolfscloud.de/fullchain
smtpd_tls_key_file=/var/lib/acme/live/wolfscloud.de/privkey
smtpd_tls_auth_only=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = 
	permit_mynetworks
	permit_sasl_authenticated
	defer_unauth_destination
myhostname = {{ ansible_fqdn }}
42
43
alias_maps = cdb:/etc/aliases
alias_database = cdb:/etc/aliases
Hinrikus Wolf's avatar
Hinrikus Wolf committed
44
45
46
47
48
49
50
51
52
myorigin = /etc/mailname
mydestination = $myhostname, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

53
virtual_mailbox_domains = $mydestination, {{ virtual_domains | join(" ") }}
Hinrikus Wolf's avatar
Hinrikus Wolf committed
54
55
56
57
58
virtual_mailbox_base = /var/vmail/
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000
59
virtual_alias_maps = cdb:/etc/postfix/virtual
Hinrikus Wolf's avatar
Hinrikus Wolf committed
60
smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
Hinrikus Wolf's avatar
Hinrikus Wolf committed
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

################################################################################
## POSTSCREEN - ERSTE STUFE DER SPAM/UCE/VIREN-ABWEHRMECHANISMEN
#
# Django : 2014-10-29 - PERMANENT WHITE/BLACKLIST TEST
# default: postscreen_access_list = permit_mynetworks
postscreen_access_list = permit_mynetworks
                         cidr:/etc/postfix/postscreen_whitelist
#
# default: postscreen_blacklist_action = ignore
postscreen_blacklist_action = drop
 
 
# Django : 2014-10-29 - MAIL EXCHANGER POLICY TESTS
# default: postscreen_whitelist_interfaces = static:all
 
# Django : 2014-10-29 - PRE 220 GREETING TESTS
#
# default: postscreen_greet_banner = $smtpd_banner
#
# default: postscreen_greet_action = ignore
postscreen_greet_action = enforce
 
# default: postscreen_dnsbl_threshold = 1
postscreen_dnsbl_threshold = 2
#
# default: postscreen_dnsbl_sites =
postscreen_dnsbl_sites = zen.spamhaus.org*1
                         bl.spamcop.net*1
                         b.barracudacentral.org*1
                         #swl.spamhaus.org*2
			 list.dnswl.org*-5
#                        
# default: postscreen_dnsbl_action = ignore
postscreen_dnsbl_action = enforce
 
 
# Django : 2014-10-29 - POST 220 GREETING TESTS
#
# default: postscreen_dnsbl_whitelist_threshold = 0
postscreen_dnsbl_whitelist_threshold = -1
#
# default: postscreen_pipelining_enable = no
postscreen_pipelining_enable = yes
#
# default: postscreen_pipelining_action = enforce
#
# default: postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_enable = yes
# default: postscreen_non_smtp_command_action = drop
#
# default: postscreen_bare_newline_enable = no
postscreen_bare_newline_enable = yes
#
# default: postscreen_bare_newline_action = ignore
postscreen_bare_newline_action = drop
#