### Network ### # interfaces & protocols to listen on inet_interfaces = all inet_protocols = all myorigin = $mydomain # what host to use as a relay relayhost = # hosts to forward mail to #relay_domains = # only forward mail from local host mynetworks_style = host # domains to consider primary (local) endpoints mydestination = $myhostname, $mydomain, localhost.localdomain, localhost ### Users ### # get list of valid users from here instead of /etc/passwd local_recipient_maps = hash:/etc/postfix/users # get list of user aliases from this file virtual_alias_maps = hash:/etc/postfix/aliases # Address tag delimiter. If an email is sent to ${user}${delimiter}*, # the email is sent to ${user} if that address is not already explicitly defined. recipient_delimiter = - ### Delivery ### # what backend to use to deliver local & virtual mail local_transport = dovecot # set recipient limit to 1 so X-Original-To header addition will work dovecot_destination_recipient_limit = 1 ### Outgoing Mail ### # enable opportunistic TLS for outgoing mail smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # log whether connection has completed encryption handshake smtp_tls_loglevel = 1 ### Incoming Mail ### # enable opportunistic TLS for incoming mail smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # prevent sending passwords over unsecured connections smtpd_tls_auth_only = yes # where to find certs smtpd_tls_cert_file=/vol/ssl/fullchain.pem smtpd_tls_key_file=/vol/ssl/privkey.pem # what to use for sasl smtpd_sasl_type = dovecot # Can be an absolute path, or relative to $queue_directory # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below smtpd_sasl_path = private/auth # and the common settings to enable SASL: smtpd_sasl_auth_enable = yes ### Security ### # these settings apply to BOTH authenticated and unauthenticated mail # for security settings for only authenticated mail, use options in master.cf smtpd_delay_reject = yes smtpd_helo_required = yes # reject hosts with malformed HELO identifiers smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname # reject hosts that improperly use SMTP commands smtpd_data_restrictions = reject_unauth_pipelining # reject unauthorized relay attempts smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination # reject blacklisted addresses smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/deny, permit # reject hosts that are likely to be spammers smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, # weaker version of reject_unknown_client_hostname # the strong version may cause problems with some legitimate senders (eg, Verizon) # reject_unknown_reverse_client_hostname, # reject clients from lists of known spammers # reject_rbl_client zen.spamhaus.org, # reject_rhsbl_reverse_client dbl.spamhaus.org, # reject_rhsbl_helo dbl.spamhaus.org, # reject_rhsbl_sender dbl.spamhaus.org, permit ### Misc ### # whether to send "new mail" notifications to users # on by default, but we turn off because we're not using system users biff = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # maximum size allowed for sent messages, in bytes message_size_limit = 102400000