aboutsummaryrefslogtreecommitdiffstats
path: root/modules/postfix/templates/main.cf
blob: 74931e7744e526897fe74784c836710607573092 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Please be sure to read the /usr/share/doc/postfix/README.MDK file
# to learn about differences from stock postfix to Mandriva package.
# This file contains only the parameters changed from a default install
# see /etc/postfix/main.cf.dist for a commented, fuller version of this file.


# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
meta_directory = /etc/postfix
shlib_directory = /usr/lib64
compatibility_level = 2
data_directory = /var/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
<% if all_tags.include?('postfix::simple_relay') || all_tags.include?('postfix::server::secondary') %>
relayhost = sucuk.<%= domain %>
<%- end -%>

# User configurable parameters

<% if all_tags.include?('postfix::simple_relay') %>
inet_interfaces = localhost, 127.0.0.1
<% else %>
inet_interfaces = all
<% end %>

inet_protocols = all
<% if @hostname == 'neru' then %>
# We do not have a reverse on ipv6 :(
smtp_address_preference = ipv4
<%- end -%>

# FIXME Do not hardcode this
mynetworks = 212.85.158.144/28 [2a02:2178:2:7::]/64 127.0.0.1/16 163.172.148.228 [2001:bc8:4400:2800::4115]
myhostname = <%= fqdn %>
mydomain = <%= domain %>
<%- if all_tags.include?('postfix::server::secondary') -%>
relay_domains = <%= domain %>,
                ml.<%= domain %>,
                group.<%= domain %>
<%- end -%>

mydestination = <%= fqdn %>
                ml.<%= domain %>

<%- if all_tags.include?('postfix::server::primary') -%>

virtual_mailbox_domains = <%= domain %>,
                          group.<%= domain %>

# postfix complain if not set
# Mar 22 23:51:20 alamut postfix/virtual[22952]: fatal: bad string length 0 < 1: virtual_mailbox_base = 
virtual_mailbox_base = /var/lib/mail

# local_recipient_maps is disabled, as we need to route all
# non local email to ryu as long as mageia ml are hosted 
# there. Hence the use of fallback_transport , but this is
# taken in account only of local_recipient_maps is empty
local_recipient_maps =
# route ml to ryu ( ml being mageia-*@mageia )
fallback_transport_maps = regexp:/etc/postfix/transport_regexp

# needed by sympa to handle bounce, according to the doc
recipient_delimiter = +


alias_maps = hash:/etc/postfix/aliases

virtual_alias_maps = ldap:/etc/postfix/ldap_aliases.conf
                     ldap:/etc/postfix/group_aliases.conf
                     hash:/etc/postfix/virtual_aliases
<%- if classes.include?('sympa::server') -%>
                     regexp:/etc/postfix/sympa_aliases
<%- end -%>
<% else %>
<%- if classes.include?('sympa::server') -%>
virtual_alias_maps = regexp:/etc/postfix/sympa_aliases
<%- end -%>
<%- end -%>

# Adding DKIM Miler for primaryserver (sucuk)
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

# Adding Sender Rewriting Scheme
#sender_canonical_maps = tcp:localhost:10003
i#sender_canonical_classes = envelope_sender
#recipient_canonical_maps = tcp:localhost:10002
#recipient_canonical_classes= envelope_recipient,header_recipient

<%- if all_tags.include?('postfix::server') -%>
transport_maps = regexp:/etc/postfix/transport_regexp
content_filter = smtp-filter:[127.0.0.1]:10025
<%- end -%>

<%- if classes.include?('sympa::server') -%>
sympa_destination_recipient_limit = 1
sympabounce_destination_recipient_limit = 1
<%- end -%>

#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
# enable opportunistic TLS when receiving
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/ssl/postfix/postfix.crt
smtpd_tls_key_file = /etc/ssl/postfix/postfix.key
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

<%- if all_tags.include?('postfix::server') -%>
smtpd_etrn_restrictions = reject

smtpd_helo_required = yes

smtpd_data_restrictions = permit_mynetworks
                          reject_unauth_pipelining 
                          reject_multi_recipient_bounce

smtpd_recipient_restrictions = permit_mynetworks
#    not done yet, not sure if we need to offer this kind of service
#    permit_sasl_authenticated
    reject_non_fqdn_helo_hostname
    reject_non_fqdn_recipient
    reject_non_fqdn_sender
    check_sender_access hash:/etc/postfix/access
    reject_rhsbl_helo sbl.spamhaus.org
    reject_rhsbl_reverse_client sbl.spamhaus.org
    reject_rhsbl_sender sbl.spamhaus.org
    reject_rbl_client sbl.spamhaus.org
    reject_unauth_destination
    reject_unknown_sender_domain
    reject_unknown_client
  <%- if classes.include?('postgrey') -%>
    check_policy_service unix:extern/postgrey/socket
  <%- end -%>
<%- end -%>

# Needed for buggy clients
always_add_missing_headers = yes