您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

150 行
4.0KB

  1. {{ansible_managed|comment}}
  2. ### common settings
  3. # Debian specific: Specifying a file name will cause the first
  4. # line of that file to be used as the name. The Debian default
  5. # is /etc/mailname.
  6. smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
  7. biff = no
  8. # appending .domain is the MUA's job.
  9. append_dot_mydomain = no
  10. readme_directory = no
  11. # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
  12. # fresh installs.
  13. compatibility_level = 2
  14. ### general settings
  15. myhostname = {{mailname}}
  16. alias_maps = hash:/etc/aliases
  17. alias_database = hash:/etc/aliases
  18. mydestination = $myhostname, {{inventory_hostname}}, localhost.localdomain, localhost
  19. relayhost =
  20. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  21. mailbox_size_limit = 0
  22. recipient_delimiter = +
  23. inet_interfaces = all
  24. inet_protocols = all
  25. ### TLS parameters
  26. smtpd_tls_cert_file={{postfix_certificate_fullchain_file}}
  27. smtpd_tls_key_file={{postfix_certificate_private_key_file}}
  28. smtpd_use_tls=yes
  29. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  30. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  31. ### transport configuration
  32. relay_domains = hash:/etc/postfix/transport_maps
  33. transport_maps = hash:/etc/postfix/transport_maps
  34. ### rules and restricitons
  35. message_size_limit = 52428800
  36. # some rules from http://www.postfix.org/SMTPD_ACCESS_README.html
  37. # Allow connections from trusted networks only.
  38. #smtpd_client_restrictions = permit_mynetworks, reject
  39. # Require that a remote SMTP client introduces itself
  40. #smtpd_helo_required = yes
  41. # Don't talk to mail systems that don't know their own hostname.
  42. #smtpd_helo_restrictions = reject_unknown_helo_hostname
  43. # Don't accept mail from domains that don't exist.
  44. #smtpd_sender_restrictions = reject_unknown_sender_domain
  45. # Spam control: exclude local clients and authenticated clients
  46. # from DNSBL and SPF lookups.
  47. smtpd_recipient_restrictions =
  48. permit_mynetworks,
  49. permit_sasl_authenticated,
  50. {% if postfix_check_spf %}
  51. check_policy_service unix:private/policyd-spf,
  52. {% endif %}
  53. {% if postfix_check_spamhaus %}
  54. reject_rbl_client zen.spamhaus.org,
  55. reject_rhsbl_reverse_client dbl.spamhaus.org,
  56. reject_rhsbl_helo dbl.spamhaus.org,
  57. reject_rhsbl_sender dbl.spamhaus.org
  58. {% endif %}
  59. # Relay control: local clients and authenticated clients
  60. # may specify any destination domain.
  61. smtpd_relay_restrictions =
  62. permit_mynetworks,
  63. reject_unauth_destination
  64. # Block clients that speak too early.
  65. smtpd_data_restrictions = reject_unauth_pipelining
  66. {% if postfix_check_spf %}
  67. policy-spf_time_limit = 3600
  68. {% endif %}
  69. {#
  70. # Enforce mail volume quota via policy service callouts.
  71. smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
  72. #}
  73. ### DKIM and DMARC
  74. non_smtpd_milters =
  75. {% if postfix_with_opendkim %}
  76. unix:/run/opendkim/opendkim.sock,
  77. {% endif %}
  78. {% if postfix_with_opendmarc %}
  79. unix:/run/opendmarc/opendmarc.sock
  80. {% endif %}
  81. smtpd_milters =
  82. {% if postfix_with_opendkim %}
  83. unix:/run/opendkim/opendkim.sock,
  84. {% endif %}
  85. {% if postfix_with_opendmarc %}
  86. unix:/run/opendmarc/opendmarc.sock
  87. {% endif %}
  88. ### Virtual Domain Hosting
  89. virtual_alias_domains =
  90. hash:/etc/postfix/virtual_alias_domains,
  91. virtual_alias_maps =
  92. hash:/etc/postfix/virtual_alias_maps,
  93. {% if postfix_method == "postfixadmin" %}
  94. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_maps.cf,
  95. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_maps.cf,
  96. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_catchall_maps.cf
  97. {% endif %}
  98. virtual_mailbox_domains =
  99. hash:/etc/postfix/virtual_mailbox_domains,
  100. {% if postfix_method == "postfixadmin" %}
  101. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_domains_maps.cf
  102. {% endif %}
  103. virtual_mailbox_maps =
  104. hash:/etc/postfix/virtual_mailbox_maps,
  105. {% if postfix_method == "postfixadmin" %}
  106. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_mailbox_maps.cf,
  107. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_mailbox_maps.cf
  108. {% endif %}
  109. virtual_transport = {{postfix_virtual_transport}}