---

postfix_domains:
  - "{{ domain }}"
postfix_virtual_domains: []

postfix_tls_cert: /etc/ssl/private/fullchain.pem
postfix_tls_key: /etc/ssl/private/privkey.pem

# possible values: modern, intermediate, old, previous
# see also: https://ssl-config.mozilla.org/
postfix_tls_configuration: 'previous'

postfix_prefer_lmtp: false

postfix_enable_postscreen: true
postfix_enable_memcached: false
postfix_login_suffix: ''
postfix_dnsbl_sites:
  - name: zen.spamhaus.org
  - name: bl.spamcop.net
  - name: b.barracudacentral.org
  - name: '#swl.spamhaus.org'
    modifier: 2
  - name: list.dnswl.org
    modifier: -5
postfix_network_access:
  - cidr: 134.130.5.32/27  # rwth
    action: permit
postfix_content_filter: false  # or: spamassassin
postfix_message_size_limit: 10240000  # 10M

postfix_aliases_rt: []
#  - queue: IT
#    url: https://rt.example.com
#    address: it

postfix_relay_host: ""
postfix_transport_maps: []
#  - domain: foo.example.com
#    server: mail.bar.example.com
#    port: 2025
#    protocol: smtp
#    use_mx: true

postfix_verify_spf: false
postfix_verify_spf_testmode: true
postfix_enable_srs: false
# Note: This requires at least buster-backports or newer.
postfix_enable_mta_sts: false

postfix_my_networks: []
postfix_notify_classes: []
postfix_satellite_only: false

## sane defaults for postfix satellites
#
# postfix_satellite_only: true
# postfix_enable_postscreen: false
# postfix_domains: []
# postfix_notify_classes:
#   - 2bounce
# postfix_relay_host: relay.example.com
# postfix_tls_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
# postfix_tls_key: "/etc/ssl/private/ssl-cert-snakeoil.key"