You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

192 lines
5.0KB

  1. {{ansible_managed|comment}}
  2. ### common settings
  3. # Debian specific: Specifying a file name will cause the first
  4. # line of that file to be used as the name. The Debian default
  5. # is /etc/mailname.
  6. smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
  7. biff = no
  8. # appending .domain is the MUA's job.
  9. append_dot_mydomain = no
  10. readme_directory = no
  11. # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
  12. # fresh installs.
  13. compatibility_level = 2
  14. ### general settings
  15. myhostname = {{mailname}}
  16. alias_maps = hash:/etc/aliases
  17. alias_database = hash:/etc/aliases
  18. mydestination = $myhostname, {{inventory_hostname}}, localhost.localdomain, localhost
  19. relayhost = {{postfix_relayhost}}
  20. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  21. mailbox_size_limit = 0
  22. recipient_delimiter = +
  23. inet_interfaces = all
  24. inet_protocols = all
  25. {% if postfix_relayhost_auth_enabled %}
  26. ### outgoing relay auth
  27. # Enable auth
  28. smtp_sasl_auth_enable = yes
  29. # Set username and password
  30. smtp_sasl_password_maps = static:{{postfix_relayhost_auth_user}}:{{postfix_relayhost_auth_pass}}
  31. smtp_sasl_security_options = noanonymous
  32. # Turn on tls encryption
  33. smtp_tls_security_level = encrypt
  34. header_size_limit = 4096000
  35. {% endif %}
  36. ### TLS parameters
  37. smtpd_tls_cert_file={{postfix_certificate_fullchain_file}}
  38. smtpd_tls_key_file={{postfix_certificate_private_key_file}}
  39. smtpd_use_tls=yes
  40. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  41. {% if not postfix_relayhost_auth_enabled %}
  42. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  43. smtp_tls_security_level = may
  44. {% endif %}
  45. ### rules and restricitons
  46. message_size_limit = 52428800
  47. # some rules from http://www.postfix.org/SMTPD_ACCESS_README.html
  48. # Allow connections from trusted networks only.
  49. #smtpd_client_restrictions = permit_mynetworks, reject
  50. # Require that a remote SMTP client introduces itself
  51. #smtpd_helo_required = yes
  52. # Don't talk to mail systems that don't know their own hostname.
  53. #smtpd_helo_restrictions = reject_unknown_helo_hostname
  54. # Don't accept mail from domains that don't exist.
  55. #smtpd_sender_restrictions = reject_unknown_sender_domain
  56. # Spam control: exclude local clients and authenticated clients
  57. # from DNSBL and SPF lookups.
  58. smtpd_recipient_restrictions =
  59. permit_mynetworks,
  60. permit_sasl_authenticated,
  61. {% if postfix_check_spf %}
  62. check_policy_service unix:private/policyd-spf,
  63. {% endif %}
  64. {% if postfix_check_spamhaus %}
  65. reject_rbl_client zen.spamhaus.org,
  66. reject_rhsbl_reverse_client dbl.spamhaus.org,
  67. reject_rhsbl_helo dbl.spamhaus.org,
  68. reject_rhsbl_sender dbl.spamhaus.org
  69. {% endif %}
  70. # Relay control: local clients and authenticated clients
  71. # may specify any destination domain.
  72. smtpd_relay_restrictions =
  73. permit_mynetworks,
  74. reject_unauth_destination
  75. # Block clients that speak too early.
  76. smtpd_data_restrictions = reject_unauth_pipelining
  77. {% if postfix_check_spf %}
  78. policy-spf_time_limit = 3600
  79. {% endif %}
  80. {#
  81. # Enforce mail volume quota via policy service callouts.
  82. smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
  83. #}
  84. ### DKIM and DMARC
  85. non_smtpd_milters =
  86. {% if postfix_with_opendkim %}
  87. unix:/run/opendkim/opendkim.sock,
  88. {% endif %}
  89. {% if postfix_with_opendmarc %}
  90. unix:/run/opendmarc/opendmarc.sock,
  91. {% endif %}
  92. smtpd_milters =
  93. {% if postfix_with_opendkim %}
  94. unix:/run/opendkim/opendkim.sock,
  95. {% endif %}
  96. {% if postfix_with_opendmarc %}
  97. unix:/run/opendmarc/opendmarc.sock,
  98. {% endif %}
  99. ### transport configuration
  100. relay_domains =
  101. hash:/etc/postfix/transport_maps,
  102. transport_maps =
  103. hash:/etc/postfix/transport_maps,
  104. {% if postfix_with_sympa %}
  105. hash:/etc/postfix/transport.sympa,
  106. hash:/var/lib/sympa/transport,
  107. {% endif %}
  108. ### Virtual Domain Hosting
  109. virtual_alias_domains =
  110. hash:/etc/postfix/virtual_alias_domains,
  111. virtual_alias_maps =
  112. hash:/etc/postfix/virtual_alias_maps,
  113. {% if postfix_with_postfixadmin %}
  114. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_maps.cf,
  115. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_maps.cf,
  116. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_catchall_maps.cf,
  117. {% endif %}
  118. {% if postfix_with_sympa %}
  119. hash:/etc/postfix/virtual.sympa,
  120. {% endif %}
  121. virtual_mailbox_domains =
  122. hash:/etc/postfix/virtual_mailbox_domains,
  123. {% if postfix_with_postfixadmin %}
  124. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_domains_maps.cf,
  125. {% endif %}
  126. {% if postfix_with_sympa %}
  127. hash:/etc/postfix/transport.sympa,
  128. {% endif %}
  129. virtual_mailbox_maps =
  130. hash:/etc/postfix/virtual_mailbox_maps,
  131. {% if postfix_with_postfixadmin %}
  132. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_mailbox_maps.cf,
  133. proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_mailbox_maps.cf,
  134. {% endif %}
  135. {% if postfix_with_sympa %}
  136. hash:/etc/postfix/transport.sympa,
  137. hash:/var/lib/sympa/transport,
  138. hash:/etc/postfix/virtual.sympa,
  139. {% endif %}
  140. virtual_transport = {{postfix_virtual_transport}}
  141. {% if postfix_with_sympa %}
  142. ### sympa
  143. sympa_destination_recipient_limit = 1
  144. sympabounce_destination_recipient_limit = 1
  145. {% endif %}