infra/ansible-role-postfix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-postfix/templates/main.cf.j2
Julian Rother 1a34983a35 Added alias_maps as a separate option 
Previously alias_maps was set to the same value as virtual_alias_maps, which
behaves quite differently and generally does not make much sense.
2021-10-16 16:41:48 +02:00

138 lines
4.9 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file = {{ postfix.ssl.cert }}
smtpd_tls_key_file = {{ postfix.ssl.key }}
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = {{ postfix.ssl.incoming_security_level }}
smtpd_tls_auth_only = yes
smtp_tls_security_level = {{ postfix.ssl.outgoing_security_level }}
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# SMTPD default settings
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
myhostname = {{ inventory_hostname }}
mydomain = {{ postfix.mydomain|d(ansible_domain) }}
myorigin = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix.mynetworks|join(' ') }}
mydestination = {{ inventory_hostname_short }} {{ inventory_hostname }} localhost {{ postfix.mydestination|join(' ') }}
alias_maps = {{ postfix.alias_maps }}
relayhost = {{ postfix.relayhost }}
relay_domains = {{ postfix.relay_domains|join(', ') }}
relay_transport = {{ postfix.relay_transport }}
transport_maps = {{ postfix.transport_maps|join(', ') }}
sender_dependent_relayhost_maps = {{ postfix.sender_dependent_relayhost_maps }}
local_recipient_maps = {{ postfix.local_recipient_maps|join(', ') }}
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
message_size_limit = {{ postfix.message_size_limit }}
# Restrictions
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
# reject_sender_login_mismatch, # Disabled because we dont map correctly
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_non_fqdn_recipient,
{% if postfix.check_dovecot_quota -%}
check_policy_service inet:127.0.0.1:12340,
{% endif -%}
permit
mua_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
mua_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated
mua_client_restrictions = permit_sasl_authenticated,
reject
{% if ("mailbox_transport" in postfix and postfix.mailbox_transport == "dovecot")
or postfix.ldap.enable
%}
{# This applies when LDAP or dovecot are configured #}
smtpd_sasl_auth_enable = yes
{% endif %}
{% if ("mailbox_transport" in postfix and postfix.mailbox_transport == "dovecot")
and postfix.ldap.enable
%}
{# This applies when dovecot and LDAP are configured #}
dovecot_destination_recipient_limit = 1
mailbox_transport = dovecot
{% endif %}
{% if ("mailbox_transport" in postfix and postfix.mailbox_transport == "dovecot")
and not postfix.ldap.enable
%}
{# This applies when dovecot is configured, but not LDAP #}
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
dovecot_destination_recipient_limit = 1
mailbox_transport = dovecot
{% endif %}
# Virtual maps
virtual_alias_domains = {{ postfix.virtual_alias_domains|join(' ') }}
virtual_alias_maps = {{ postfix.virtual_alias_maps }}
# header checks
mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks
# milter
milter_protocol = 6
milter_default_action = accept
smtpd_milters = {{ ' '.join(postfix.smtpd_milters) }}
non_smtpd_milters = {{ ' '.join(postfix.non_smtpd_milters) }}
Reference in a new issue View git blame Copy permalink