|
|
|
@ -8,7 +8,7 @@ myorigin = $mydomain |
|
|
|
# what host to use as a relay |
|
|
|
relayhost = |
|
|
|
# hosts to forward mail to |
|
|
|
relay_domains = |
|
|
|
#relay_domains = |
|
|
|
# only forward mail from local host |
|
|
|
mynetworks_style = host |
|
|
|
# domains to consider primary (local) endpoints |
|
|
|
@ -37,17 +37,10 @@ dovecot_destination_recipient_limit = 1 |
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache |
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache |
|
|
|
# whether to allow or enforce TLS. Acceptable values are 'none', 'may', or 'encrypt'. |
|
|
|
smtpd_tls_security_level=encrypt |
|
|
|
smtpd_tls_security_level=may |
|
|
|
# where to find certs |
|
|
|
smtpd_tls_cert_file=/vol/ssl/fullchain.pem |
|
|
|
smtpd_tls_key_file=/vol/ssl/privkey.pem |
|
|
|
# domain to consider local |
|
|
|
smtpd_sasl_local_domain = $myhostname |
|
|
|
# security settings |
|
|
|
smtpd_client_restrictions = permit_sasl_authenticated, reject |
|
|
|
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, permit_sasl_authenticated, reject |
|
|
|
#smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname |
|
|
|
smtpd_sasl_security_options = noanonymous |
|
|
|
# what to use for sasl |
|
|
|
smtpd_sasl_type = dovecot |
|
|
|
# Can be an absolute path, or relative to $queue_directory |
|
|
|
@ -55,8 +48,27 @@ smtpd_sasl_type = dovecot |
|
|
|
smtpd_sasl_path = private/auth |
|
|
|
# and the common settings to enable SASL: |
|
|
|
smtpd_sasl_auth_enable = yes |
|
|
|
# With Postfix version before 2.10, use smtpd_recipient_restrictions |
|
|
|
|
|
|
|
### Security ### |
|
|
|
# these settings apply to BOTH authenticated and unauthenticated mail |
|
|
|
# for security settings for only authenticated mail, use options in master.cf |
|
|
|
smtpd_delay_reject = yes |
|
|
|
smtpd_helo_required = yes |
|
|
|
# reject hosts with malformed identifiers |
|
|
|
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname |
|
|
|
# reject hosts that improperly use SMTP commands |
|
|
|
smtpd_data_restrictions = reject_unauth_pipelining |
|
|
|
# reject unauthorized relay attempts |
|
|
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination |
|
|
|
# reject mail from IPs listed in spam list |
|
|
|
smtpd_recipient_restrictions = |
|
|
|
permit_mynetworks, |
|
|
|
permit_sasl_authenticated, |
|
|
|
# reject_rbl_client zen.spamhaus.org, |
|
|
|
# reject_rhsbl_reverse_client dbl.spamhaus.org, |
|
|
|
# reject_rhsbl_helo dbl.spamhaus.org, |
|
|
|
# reject_rhsbl_sender dbl.spamhaus.org, |
|
|
|
permit |
|
|
|
|
|
|
|
### Misc ### |
|
|
|
# whether to send "new mail" notifications to users |
|
|
|
|
Mario Alegre
5 years ago