# postfix config file# uncomment for debugging if neededsoft_bounce=yes

1. # postfix config file
2.  
3. # uncomment for debugging if needed
4. soft_bounce=yes
5.  
6. # postfix main
7. mail_owner = postfix
8. setgid_group = postdrop
9. delay_warning_time = 4
10.  
11. # postfix paths
12. html_directory = no
13. command_directory = /usr/sbin
14. daemon_directory = /usr/lib/postfix
15. queue_directory = /var/spool/postfix
16. sendmail_path = /usr/sbin/sendmail.postfix
17. newaliases_path = /usr/bin/newaliases.postfix
18. mailq_path = /usr/bin/mailq.postfix
19. manpage_directory = /usr/share/man
20. sample_directory = /usr/share/doc/postfix-2.2.2/samples
21. readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
22.  
23. # network settings
24. inet_interfaces = all
25. mydomain = njoror.squashedfly.eu
26. myhostname = njoror.squashedfly.eu
27. mynetworks = 127.0.0.1, 213.138.113.144
28. mydestination = localhost.$mydomain, localhost
29. relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf
30.  
31. # mail delivery
32. recipient_delimiter = +
33. dovecot_destination_recipient_limit = 1
34.  
35. # mappings
36. alias_maps = hash:/etc/aliases
37. alias_database = hash:/etc/aliases
38. #transport_maps = hash:/etc/postfix/transport
39. #local_recipient_maps =
40.  
41. # virtual setup
42. virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
43. regexp:/etc/sentora/configs/postfix/virtual_regexp
44. virtual_mailbox_base = /var/sentora/vmail
45. virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
46. virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
47. virtual_minimum_uid = 999
48. virtual_uid_maps = static:999
49. virtual_gid_maps = static:8
50. virtual_transport = dovecot
51. dovecot_destination_recipient_limit = 1
52.  
53. # debugging
54. debug_peer_level = 2
55. debugger_command =
56. PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
57. xxgdb $daemon_directory/$process_name $process_id & sleep 5
58.  
59. # authentication
60. smtpd_sasl_auth_enable = yes
61. smtpd_sasl_security_options = noanonymous
62. smtpd_sasl_local_domain = $myhostname
63. broken_sasl_auth_clients = yes
64. smtpd_sasl_type = dovecot
65. smtpd_sasl_path = private/auth
66.  
67. # tls config
68. # smtp_use_tls = no
69. # smtpd_use_tls = no
70. #smtp_tls_note_starttls_offer = yes
71. #smtpd_tls_loglevel = 1
72. #smtpd_tls_received_header = yes
73. #smtpd_tls_session_cache_timeout = 3600s
74. #tls_random_source = dev:/dev/urandom
75. #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
76. # Change mail.example.com.* to your host name
77. #smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
78. #smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
79. # smtpd_tls_CAfile = /etc/pki/tls/root.crt
80.  
81. # rules restrictions
82. smtpd_client_restrictions =
83. smtpd_helo_restrictions = permit_mynetworks,
84. reject_invalid_hostname,
85. permit
86. smtpd_sender_restrictions = permit_sasl_authenticated,
87. permit_mynetworks,
88. reject_unknown_sender_domain,
89. permit
90. smtpd_recipient_restrictions = permit_sasl_authenticated,
91. permit_mynetworks,
92. permit_inet_interfaces,
93. reject_unauth_destination,
94. reject_non_fqdn_sender,
95. reject_non_fqdn_recipient,
96. reject_non_fqdn_hostname,
97. permit_sasl_authenticated,
98. reject_unknown_recipient_domain,
99. reject_unauth_destination,
100. reject_invalid_hostname
101. # uncomment for realtime black list checks. (Warn: will also reject false positive)
102. ,reject_rbl_client zen.spamhaus.org
103. ,reject_rbl_client bl.spamcop.net
104. ,reject_rbl_client dnsbl.sorbs.net
105. #,check_policy_service inet:127.0.0.1:10023
106.  
107. smtpd_helo_required = yes
108. unknown_local_recipient_reject_code = 550
109. disable_vrfy_command = yes
110. smtpd_data_restrictions = reject_unauth_pipelining
111. smtpd_banner = $myhostname ESMTP
112.  
113. message_size_limit = 20480000
114.  
115.  
116. # Things Philip Changed for SSL
117.  
118. # Raise log level as default doesn't give much information
119. smtpd_tls_loglevel = 1
120.  
121. # path to the certificate file, should be root:root and 0444
122. smtpd_tls_cert_file=/etc/letsencrypt/live/njoror.squashedfly.eu/fullchain.pem
123.  
124. # path to the private key file, should be root:root and 0400
125. smtpd_tls_key_file=/etc/letsencrypt/live/njoror.squashedfly.eu/privkey.pem
126.  
127. # Allow use of TLS but make it optional
128. smtpd_use_tls=yes
129.  
130. # Cache sessions for speed improvement
131. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
132. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
133.  
134. # Disable SSLv2/3 as they are vulnerable
135. smtpd_tls_protocols = !SSLv2, !SSLv3
136.  
137. # Insist on stronger ciphers
138. smtpd_tls_ciphers = high
139.  
140. # SASL parameters
141. # Don't forget permit_sasl_authenticated in smtpd_relay_restrictions
142. smtpd_sasl_type = dovecot
143. smtpd_sasl_path = private/auth
144. smtpd_sasl_auth_enable = yes