|
|
|
@ -4,14 +4,14 @@ compatibility_level=2
|
|
|
|
|
myhostname = {{ HOSTNAME }}
|
|
|
|
|
mydomain = {{ MYDOMAIN }}
|
|
|
|
|
mydestination = $myhostname, localhost
|
|
|
|
|
# mynetworks = 192.168.1.0/24, 127.0.0.0/8
|
|
|
|
|
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAY_NETS }}
|
|
|
|
|
myorigin = $mydomain
|
|
|
|
|
relay_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/relay_domains.cf
|
|
|
|
|
maillog_file = /dev/stdout
|
|
|
|
|
maillog_file_prefixes = /logs
|
|
|
|
|
maillog_file = /logs/postfix.log
|
|
|
|
|
|
|
|
|
|
# In kube we don't often don't have a stable outgoing IP Address, use a relayhost for this.
|
|
|
|
|
relayhost = {{ RELAY_HOST }}
|
|
|
|
|
{% if RELAY_HOST is defined %}relayhost = {{ RELAY_HOST }}{% endif %}
|
|
|
|
|
|
|
|
|
|
# enable auth via Dovecot
|
|
|
|
|
smtpd_sasl_auth_enable = yes
|
|
|
|
@ -34,9 +34,12 @@ virtual_transport=lmtp:inet:{{ DOVECOT_HOST }}:{{ DOVECOT_LMTP_PORT }}
|
|
|
|
|
local_transport = virtual
|
|
|
|
|
local_recipient_maps = $virtual_mailbox_maps
|
|
|
|
|
|
|
|
|
|
# SPAM scanner
|
|
|
|
|
{% if SMTPD_MILTERS is defined %}smtpd_milters = {{ SMTPD_MILTERS }}{% endif %}
|
|
|
|
|
|
|
|
|
|
# TLS server (receiving)
|
|
|
|
|
smtpd_tls_auth_only = yes
|
|
|
|
|
smtpd_tls_security_level = encrypt
|
|
|
|
|
smtpd_tls_security_level = {% if SMTPD_TLS_SECURITY_LEVEL is defined %}{{ SMTPD_TLS_SECURITY_LEVEL }}{% else %}encrypt{% endif %}
|
|
|
|
|
smtpd_tls_key_file = /cert/tls.key
|
|
|
|
|
smtpd_tls_cert_file = /cert/tls.crt
|
|
|
|
|
#smtpd_tls_CAfile = /cert/ca.crt
|
|
|
|
@ -60,7 +63,8 @@ smtpd_recipient_restrictions =
|
|
|
|
|
permit_sasl_authenticated,
|
|
|
|
|
reject_unauth_destination,
|
|
|
|
|
reject_non_fqdn_recipient,
|
|
|
|
|
reject_unknown_recipient_domain
|
|
|
|
|
reject_unknown_recipient_domain,
|
|
|
|
|
permit
|
|
|
|
|
smtpd_relay_restrictions =
|
|
|
|
|
permit_sasl_authenticated,
|
|
|
|
|
reject_unauth_destination
|
|
|
|
|