debian_postfix.conf.master 5.28 KB
Newer Older
1 2
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
3
virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
4
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
5 6 7
virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
virtual_mailbox_base = {vmail_mailbox_base}
8 9
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
Rescue9's avatar
Rescue9 committed
10
sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
11
inet_protocols=all
12
inet_interfaces = all
13 14 15
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
Dominik's avatar
Dominik committed
16
smtpd_restriction_classes = greylisting
Thom's avatar
Thom committed
17
greylisting = check_policy_service inet:127.0.0.1:10023
18
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
19 20 21 22 23
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
smtpd_tls_key_file = {config_dir}/smtpd.key
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
24 25
relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
26
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
27
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
Jesse Norell's avatar
Jesse Norell committed
28
smtpd_helo_required = yes
29
smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
30
smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
31
smtpd_reject_unlisted_sender = no
32
smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
Jesse Norell's avatar
Jesse Norell committed
33
smtpd_etrn_restrictions = permit_mynetworks, reject
34
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
35 36 37
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit   = 1
38
virtual_transport = maildrop
39 40 41 42
header_checks = regexp:{config_dir}/header_checks
mime_header_checks = regexp:{config_dir}/mime_header_checks
nested_header_checks = regexp:{config_dir}/nested_header_checks
body_checks = regexp:{config_dir}/body_checks
43
owner_request_special = no
44
smtp_tls_security_level = may
45 46 47
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
48 49
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
Thom's avatar
Thom committed
50
smtpd_tls_mandatory_ciphers = medium
51 52
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
tls_preempt_cipherlist = yes
53
address_verify_negative_refresh_time=60s
54 55
# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
enable_original_recipient = yes
56
sender_dependent_relayhost_maps = proxy:mysql:{config_dir}/mysql-virtual_sender-relayhost.cf
57
smtp_sasl_password_maps = proxy:mysql:{config_dir}/mysql-virtual_sender-relayauth.cf, texthash:{config_dir}/sasl_passwd
58 59 60 61
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous