# Please be sure to read the /usr/share/doc/postfix/README.MDK file # to learn about differences from stock postfix to Mandriva package. # This file contains only the parameters changed from a default install # see /etc/postfix/main.cf.dist for a commented, fuller version of this file. # These are changed by postfix install script readme_directory = /usr/share/doc/postfix/README_FILES html_directory = /usr/share/doc/postfix/html sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop command_directory = /usr/sbin manpage_directory = /usr/share/man daemon_directory = /usr/libexec/postfix meta_directory = /etc/postfix shlib_directory = /usr/lib64 compatibility_level = 2 data_directory = /var/lib/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq queue_directory = /var/spool/postfix mail_owner = postfix <% if all_tags.include?('postfix::simple_relay') || all_tags.include?('postfix::server::secondary') %> relayhost = sucuk.<%= domain %> <%- end -%> # User configurable parameters <% if all_tags.include?('postfix::simple_relay') %> inet_interfaces = localhost <% else %> inet_interfaces = all <% end %> inet_protocols = all <% if @hostname == 'neru' then %> # We do not have a reverse on ipv6 :( smtp_address_preference = ipv4 <%- end -%> # FIXME Do not hardcode this mynetworks = 212.85.158.144/28 [2a02:2178:2:7::]/64 127.0.0.1 163.172.148.228 [2001:bc8:4400:2800::4115] myhostname = <%= fqdn %> mydomain = <%= domain %> myorigin = $mydomain <%- if all_tags.include?('postfix::server::secondary') -%> relay_domains = <%= domain %>, ml.<%= domain %>, group.<%= domain %> <%- end -%> mydestination = <%= fqdn %> ml.<%= domain %> <%- if all_tags.include?('postfix::server::primary') -%> virtual_mailbox_domains = <%= domain %>, group.<%= domain %> # postfix complain if not set # Mar 22 23:51:20 alamut postfix/virtual[22952]: fatal: bad string length 0 < 1: virtual_mailbox_base = virtual_mailbox_base = /var/lib/mail # local_recipient_maps is disabled, as we need to route all # non local email to ryu as long as mageia ml are hosted # there. Hence the use of fallback_transport , but this is # taken in account only of local_recipient_maps is empty local_recipient_maps = # route ml to ryu ( ml being mageia-*@mageia ) fallback_transport_maps = regexp:/etc/postfix/transport_regexp # needed by sympa to handle bounce, according to the doc recipient_delimiter = + alias_maps = hash:/etc/postfix/aliases virtual_alias_maps = ldap:/etc/postfix/ldap_aliases.conf ldap:/etc/postfix/group_aliases.conf hash:/etc/postfix/virtual_aliases <%- if classes.include?('sympa::server') -%> regexp:/etc/postfix/sympa_aliases <%- end -%> <% else %> <%- if classes.include?('sympa::server') -%> virtual_alias_maps = regexp:/etc/postfix/sympa_aliases <%- end -%> <%- end -%> <%- if all_tags.include?('postfix::server') -%> transport_maps = regexp:/etc/postfix/transport_regexp content_filter = smtp-filter:[127.0.0.1]:10025 <%- end -%> <%- if classes.include?('sympa::server') -%> sympa_destination_recipient_limit = 1 sympabounce_destination_recipient_limit = 1 <%- end -%> #delay_warning_time = 4h smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>) unknown_local_recipient_reject_code = 450 smtp-filter_destination_concurrency_limit = 2 lmtp-filter_destination_concurrency_limit = 2 # disabled for the time being, as the certificate do not exist # FIXME create the cert in puppet smtpd_use_tls = no #smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem #smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem #smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt # enable opportunistic TLS when sending smtp_tls_security_level = may smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt <%- if all_tags.include?('postfix::server') -%> smtpd_etrn_restrictions = reject smtpd_helo_required = yes smtpd_data_restrictions = permit_mynetworks reject_unauth_pipelining reject_multi_recipient_bounce smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender # not done yet, not sure if we need to offer this kind of service # permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_non_fqdn_helo_hostname reject_unknown_sender_domain reject_unknown_client <%- if classes.include?('postgrey') -%> check_policy_service unix:extern/postgrey/socket <%- end -%> check_sender_access hash:/etc/postfix/access <%- end -%>