/etc/postfix/main.cf

1. root@servername:/etc/postfix# cat main.cf
2. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
3.  
4.  
5. # Debian specific: Specifying a file name will cause the first
6. # line of that file to be used as the name. The Debian default
7. # is /etc/mailname.
8. #myorigin = /etc/mailname
9.  
10. compatibility_level=2
11.  
12. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
13. biff = no
14.  
15. # appending .domain is the MUA's job.
16. append_dot_mydomain = no
17.  
18. # Uncomment the next line to generate "delayed mail" warnings
19. #delay_warning_time = 4h
20.  
21. readme_directory = no
22.  
23. # TLS parameters
24. smtpd_tls_cert_file = /etc/letsencrypt/live/servername.de/fullchain.pem
25. smtpd_tls_key_file = /etc/letsencrypt/live/servername.de/privkey.pem
26. smtpd_use_tls = yes
27. smtpd_tls_auth_only = yes
28. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
29. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
30.  
31. tls_ssl_options = NO_COMPRESSION
32. tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
33.  
34. ### outgoing connections ###
35. smtp_tls_security_level = may
36. smtp_tls_cert_file = /etc/letsencrypt/live/servername.de/fullchain.pem
37. smtp_tls_key_file = /etc/letsencrypt/live/servername.de/privkey.pem
38. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
39.  
40.  
41. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
42. # information on enabling SSL in the smtp client.
43.  
44. smtpd_sasl_type = dovecot
45. smtpd_sasl_path = private/auth
46. smtpd_sasl_auth_enable = yes
47. broken_sasl_auth_clients = yes
48.  
49. smtpd_recipient_restrictions =
50. permit_sasl_authenticated,
51. permit_mynetworks,
52. reject_unauth_destination
53.  
54. smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_hostname
55.  
56. smtpd_sasl_security_options = noanonymous
57.  
58. #smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
59.  
60. myhostname = servername.de
61. alias_maps = hash:/etc/aliases
62. alias_database = hash:/etc/aliases
63. myorigin = /etc/mailname
64. #mydestination = $myhostname, servername.de, localhost.de, , localhost
65. mydestination = localhost
66. relayhost =
67. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
68. mailbox_size_limit = 0
69. recipient_delimiter = +
70. inet_interfaces = all
71. inet_protocols = all
72.  
73. #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
74. virtual_transport = lmtp:unix:private/dovecot-lmtp
75.  
76. #Virtual domains, users, and aliases
77. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
78. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
79. virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
80. mysql:/etc/postfix/mysql-virtual-email2email.cf
81. always_bcc = alwaysbcc@localhost
82. recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
83. queue_directory = /var/spool/postfix