mail
/
postfix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
3.5.13-r0
3.5.13-r1
3.5.13-r2
3.5.6-r27
3.5.6-r28
3.5.6-r29
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
postfix/conf/main.cf.jinja

72 lines
2.6 KiB
Django/Jinja
Raw Permalink Blame History

compatibility_level=2
# basic domain settings
myhostname = {{ HOSTNAME }}
mydomain = {{ MYDOMAIN }}
mydestination = $myhostname, localhost
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAY_NETS }}
myorigin = $mydomain
relay_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/relay_domains.cf
maillog_file_prefixes = /logs
maillog_file = /logs/postfix.log
# In kube we don't often don't have a stable outgoing IP Address, use a relayhost for this.
{% if RELAY_HOST is defined %}relayhost = {{ RELAY_HOST }}{% endif %}
# enable auth via Dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = inet:{{ DOVECOT_HOST }}:{{ DOVECOT_AUTH_PORT }}
smtpd_sasl_type = dovecot
message_size_limit = 52428800
# virtual mail setup for Postgresql and Dovecot transport
virtual_mailbox_limit = 0
virtual_mailbox_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_mailbox_maps.cf
virtual_alias_maps = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/virtual_alias_maps.cf
virtual_uid_maps = static:8
virtual_gid_maps = static:8
virtual_minimum_uid = 8
virtual_transport=lmtp:inet:{{ DOVECOT_HOST }}:{{ DOVECOT_LMTP_PORT }}
# also local accounts are handled via virtual users, configure aliases for those in PostfixAdmin
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
# SPAM scanner
{% if SMTPD_MILTERS is defined %}smtpd_milters = {{ SMTPD_MILTERS }}{% endif %}
# TLS server (receiving)
smtpd_tls_auth_only = yes
smtpd_tls_security_level = {% if SMTPD_TLS_SECURITY_LEVEL is defined %}{{ SMTPD_TLS_SECURITY_LEVEL }}{% else %}encrypt{% endif %}
smtpd_tls_key_file = /cert/tls.key
smtpd_tls_cert_file = /cert/tls.crt
#smtpd_tls_CAfile = /cert/ca.crt
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# TLS client (sending)
smtp_tls_security_level = encrypt
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# security and basic spam protection
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit
smtpd_relay_restrictions =
permit_sasl_authenticated,
reject_unauth_destination
smtpd_client_restrictions =
permit_sasl_authenticated
Reference in New Issue View Git Blame Copy Permalink