blob: 6fcb852d497eb218676b0e87ae2319d93f17009c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Who are we? This varies depending on host.
myhostname = {{ mail_hostname }}
mydestination = {{ mail_hostname }}, localhost.localdomain, localhost
# Configure various things. These should be the same everywhere.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
inet_interfaces = all
myorigin = /etc/mailname
relayhost =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
mailbox_size_limit = 0
home_mailbox = Maildir/
# Configure TLS. We use the snakeoild self-signed certificate Debian
# creates automatically. MTAs don't generally care, this is just for
# opportunistic crypto use, but we don't rely on it.
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
# SASL authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, nodictionary
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
# Enable postgrey.
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023
|