Postfix config

1. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
2.  
3.  
4. # Debian specific:  Specifying a file name will cause the first
5. # line of that file to be used as the name.  The Debian default
6. # is /etc/mailname.
7. #myorigin = /etc/mailname
8.  
9. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
10. biff = no
11.  
12. # appending .domain is the MUA's job.
13. append_dot_mydomain = no
14.  
15. # Uncomment the next line to generate "delayed mail" warnings
16. #delay_warning_time = 4h
17.  
18. readme_directory = no
19.  
20. # TLS parameters
21. # smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
22. # smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
23. #smtpd_tls_cert_file=/home/ruslan/Data/ssl/certs/postfix.pem
24. #smtpd_tls_key_file=/home/ruslan/Data/ssl/private/postfix.pem
25. smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
26. smtpd_tls_key_file=/etc/dovecot/private/dovecot.pem
27.  
28. smtpd_use_tls=yes
29. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
30. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
31.  
32. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
33. # information on enabling SSL in the smtp client.
34.  
35. # smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
36. # smtpd_relay_restrictions = permit_sasl_authenticated defer_unauth_destination
37.  
38. ## The internet domain name of this mail system. The default is to use $myhostname minus the first component
39. # mydomain = putin.ru
40.  
41. ## The internet hostname of this mail system. The default is to use the fully-qualified domain name (FQDN) from gethostname(), or to use the non-FQDN result from gethostname() and append ".$mydomain". $myhostname is used as a default value for many other configuration parameters.
42. myhostname = mail.putin.ru
43.  
44. ##  The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default, $myhostname, is adequate for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to [email protected].
45. # myorigin = /etc/mailname
46. myorigin = putin.ru
47.  
48. ## (default: $myhostname, localhost.$mydomain, localhost)
49. ## The list of domains that are delivered via the $local_transport mail delivery transport.
50. ## The default mydestination value specifies names for the local machine only. On a mail domain gateway, you should also include $mydomain.
51. mydestination = putin.ru, localhost
52.  
53. alias_maps = hash:/etc/aliases
54. alias_database = hash:/etc/aliases
55. relayhost =
56. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
57. mailbox_size_limit = 0
58. recipient_delimiter = +
59. inet_interfaces = all
60. home_mailbox = Maildir/
61. mailbox_command =
62.  
63. #######################################################
64. ## http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
65. smtpd_sasl_type = dovecot
66.  
67. # Can be an absolute path, or relative to $queue_directory
68. # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below
69. smtpd_sasl_path = private/auth
70.  
71. # and the common settings to enable SASL:
72. smtpd_sasl_auth_enable = yes
73.  
74. ####################
75. ## Relay restrictions
76. ## With Postfix version before 2.10, use smtpd_recipient_restrictions
77.  
78. smtpd_relay_restrictions =
79.  permit_mynetworks,
80.  permit_sasl_authenticated,
81.  reject_unauth_destination,
82. # SPF:
83.  check_policy_service unix:private/policy-spf
84.  
85. #######################################################
86. ## Virtual Emails
87. ## https://wiki.debian.org/Postfix#Virtual_Emails
88.  
89. virtual_alias_maps = hash:/home/ruslan/Data/Postfix/virtual
90.  
91. #######################################################
92. ## Forward emails
93. ## https://wiki.debian.org/Postfix#Forward_Emails
94.  
95. # alias_maps = hash:/etc/aliases
96.  
97. ## Already set, see above
98. #######################################################
99.  
100. ## Increasing message size limit to 50MB:
101. message_size_limit=52428800
102.  
103. ######################################################
104. ## Anti-spam settings
105. ## http://wolandblog.com/850-filtruem-spam-pravilno-s-primerami-dlya-postfix/
106. ## http://www.postfix.org/postconf.5.html
107.  
108. address_verify_sender = <>
109. smtpd_helo_required = yes
110.  
111. smtpd_client_restrictions =
112.  permit_mynetworks,
113.   # host check's:
114.     # No PTR:
115. # reject_unknown_client_hostname,
116. # reject_unknown_reverse_client_hostname,
117.  reject_unauth_pipelining
118.  
119. smtpd_helo_restrictions =
120.   permit_mynetworks,
121.   # HELO check:
122.   reject_invalid_helo_hostname,
123.   reject_non_fqdn_helo_hostname,
124.   reject_unknown_helo_hostname
125.  
126. smtpd_sender_restrictions =
127.   permit_mynetworks,
128.   # MAIL FROM check:
129.   reject_non_fqdn_sender,
130.   reject_unknown_sender_domain
131. #  reject_unverified_sender,
132.  
133.  
134. smtpd_recipient_restrictions =
135.   permit_mynetworks,
136.   # RCPT TO check:
137.   reject_non_fqdn_recipient,
138. #  reject_unauth_destination,
139.   reject_unlisted_recipient,
140. # SPF:
141. #  check_policy_service unix:private/policy-spf
142.  
143. ################################################
144. ## SPF
145. ## https://help.ubuntu.com/community/Postfix/SPF
146.  
147. policy-spf_time_limit = 3600s