infra/ansible-role-mailserver
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-mailserver/templates/postfix/main.cf.j2

103 lines
4 KiB
Django/Jinja
Raw Blame History

compatibility_level = 3.7
# Sane defaults
biff = no
append_dot_mydomain = no
local_header_rewrite_clients = permit_inet_interfaces permit_sasl_authenticated
readme_directory = no
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
message_size_limit = 102400000
# Disable all error reports to postmaster@, because they sometimes contain
# passwords or other confidential information
notify_classes =
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_non_fqdn_recipient,
# Quota check via Dovecot
check_policy_service unix:private/policy-quota,
permit
mua_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
mua_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
# Sender verification is disabled!
warn_if_reject,
reject_authenticated_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated
mua_client_restrictions = permit_sasl_authenticated,
reject
# Host settings
myhostname = {{ inventory_hostname }}
mydomain = {{ ansible_domain }}
myorigin = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination = {{ inventory_hostname_short }} {{ inventory_hostname }} localhost
# TLS parameters
smtpd_tls_cert_file = {{ mailserver.smtp_tls_cert }}
smtpd_tls_key_file = {{ mailserver.smtp_tls_key }}
mua_tls_cert_file = {{ mailserver.submission_tls_cert }}
mua_tls_key_file = {{ mailserver.submission_tls_key }}
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
# Postfixadmin and dovecot integration
relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf
virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf pgsql:/etc/postfix/pgsql/virtual_alias_domain_maps.cf pgsql:/etc/postfix/pgsql/virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
local_transport = dovecot
local_recipient_maps = $virtual_mailbox_maps
smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql/virtual_sender_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# Special address that discards all mails
transport_maps = inline:{discard@{{ inventory_hostname }}=discard:}
# PostSRS integration
sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
# Milters
milter_protocol = 6
milter_default_action = accept
smtpd_milters = {{ ' '.join(mailserver.postfix.milters) }}
non_smtpd_milters = {{ ' '.join(mailserver.postfix.milters) }}
# Header checks
mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks
Reference in a new issue View git blame Copy permalink