mar
/
container
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
build files for making podman containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
8 Branches
0 Tags
2.3 MiB
 
 
Tree: b00c608744
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b00c608744'
${ noResults }
container/mailsrv/assets/postfix/main.cf.part

96 lines
3.6 KiB
Raw Blame History

### Network ###
# interfaces & protocols to listen on
inet_interfaces = all
inet_protocols = all
myorigin = $mydomain
# what host to use as a relay
relayhost =
# hosts to forward mail to
#relay_domains =
# only forward mail from local host
mynetworks_style = host
# domains to consider primary (local) endpoints
mydestination = $myhostname, $mydomain, localhost.localdomain, localhost
### Users ###
# get list of valid users from here instead of /etc/passwd
local_recipient_maps = hash:/etc/postfix/users
# get list of user aliases from this file
virtual_alias_maps = hash:/etc/postfix/aliases
# Address tag delimiter. If an email is sent to ${user}${delimiter}*,
# the email is sent to ${user} if that address is not already explicitly defined.
recipient_delimiter = -
### Delivery ###
# what backend to use to deliver local & virtual mail
local_transport = dovecot
# set recipient limit to 1 so X-Original-To header addition will work
dovecot_destination_recipient_limit = 1
### Outgoing Mail ###
# enable opportunistic TLS for outgoing mail
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# log whether connection has completed encryption handshake
smtp_tls_loglevel = 1
### Incoming Mail ###
# enable opportunistic TLS for incoming mail
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# prevent sending passwords over unsecured connections
smtpd_tls_auth_only = yes
# where to find certs
smtpd_tls_cert_file=/vol/ssl/fullchain.pem
smtpd_tls_key_file=/vol/ssl/privkey.pem
# what to use for sasl
smtpd_sasl_type = dovecot
# Can be an absolute path, or relative to $queue_directory
# Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below
smtpd_sasl_path = private/auth
# and the common settings to enable SASL:
smtpd_sasl_auth_enable = yes
### Security ###
# these settings apply to BOTH authenticated and unauthenticated mail
# for security settings for only authenticated mail, use options in master.cf
smtpd_delay_reject = yes
smtpd_helo_required = yes
# reject hosts with malformed HELO identifiers
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
# reject hosts that improperly use SMTP commands
smtpd_data_restrictions = reject_unauth_pipelining
# reject unauthorized relay attempts
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# reject blacklisted addresses
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/deny, permit
# reject hosts that are likely to be spammers
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client_hostname,
# weaker version of reject_unknown_client_hostname
# the strong version may cause problems with some legitimate senders (eg, Verizon)
# reject_unknown_reverse_client_hostname,
# reject clients from lists of known spammers
# reject_rbl_client zen.spamhaus.org,
# reject_rhsbl_reverse_client dbl.spamhaus.org,
# reject_rhsbl_helo dbl.spamhaus.org,
# reject_rhsbl_sender dbl.spamhaus.org,
permit
### Misc ###
# whether to send "new mail" notifications to users
# on by default, but we turn off because we're not using system users
biff = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# maximum size allowed for sent messages, in bytes
message_size_limit = 102400000