You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
2.6 KiB
Django/Jinja
72 lines
2.6 KiB
Django/Jinja
compatibility_level=2
|
|
|
|
# basic domain settings
|
|
myhostname = {{ HOSTNAME }}
|
|
mydomain = {{ MYDOMAIN }}
|
|
mydestination = $myhostname, localhost
|
|
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAY_NETS }}
|
|
myorigin = $mydomain
|
|
relay_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/relay_domains.cf
|
|
maillog_file_prefixes = /logs
|
|
maillog_file = /logs/postfix.log
|
|
|
|
# In kube we don't often don't have a stable outgoing IP Address, use a relayhost for this.
|
|
{% if RELAY_HOST is defined %}relayhost = {{ RELAY_HOST }}{% endif %}
|
|
|
|
# enable auth via Dovecot
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_path = inet:{{ DOVECOT_HOST }}:{{ DOVECOT_AUTH_PORT }}
|
|
smtpd_sasl_type = dovecot
|
|
|
|
message_size_limit = 52428800
|
|
|
|
# virtual mail setup for Postgresql and Dovecot transport
|
|
virtual_mailbox_limit = 0
|
|
virtual_mailbox_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_domains_maps.cf
|
|
virtual_mailbox_maps = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_mailbox_maps.cf
|
|
virtual_alias_maps = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_alias_maps.cf
|
|
virtual_uid_maps = static:8
|
|
virtual_gid_maps = static:8
|
|
virtual_minimum_uid = 8
|
|
virtual_transport=lmtp:inet:{{ DOVECOT_HOST }}:{{ DOVECOT_LMTP_PORT }}
|
|
|
|
# also local accounts are handled via virtual users, configure aliases for those in PostfixAdmin
|
|
local_transport = virtual
|
|
local_recipient_maps = $virtual_mailbox_maps
|
|
|
|
# SPAM scanner
|
|
{% if SMTPD_MILTERS is defined %}smtpd_milters = {{ SMTPD_MILTERS }}{% endif %}
|
|
|
|
# TLS server (receiving)
|
|
smtpd_tls_auth_only = yes
|
|
smtpd_tls_security_level = {% if SMTPD_TLS_SECURITY_LEVEL is defined %}{{ SMTPD_TLS_SECURITY_LEVEL }}{% else %}encrypt{% endif %}
|
|
smtpd_tls_key_file = /cert/tls.key
|
|
smtpd_tls_cert_file = /cert/tls.crt
|
|
#smtpd_tls_CAfile = /cert/ca.crt
|
|
|
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
# TLS client (sending)
|
|
smtp_tls_security_level = encrypt
|
|
|
|
# Don't talk to mail systems that don't know their own hostname.
|
|
smtpd_helo_restrictions = reject_unknown_helo_hostname
|
|
|
|
# Don't accept mail from domains that don't exist.
|
|
smtpd_sender_restrictions = reject_unknown_sender_domain
|
|
|
|
# Block clients that speak too early.
|
|
smtpd_data_restrictions = reject_unauth_pipelining
|
|
|
|
# security and basic spam protection
|
|
smtpd_recipient_restrictions =
|
|
permit_sasl_authenticated,
|
|
reject_unauth_destination,
|
|
reject_non_fqdn_recipient,
|
|
reject_unknown_recipient_domain,
|
|
permit
|
|
smtpd_relay_restrictions =
|
|
permit_sasl_authenticated,
|
|
reject_unauth_destination
|
|
smtpd_client_restrictions =
|
|
permit_sasl_authenticated |