daily pastebin goal
55%
SHARE
TWEET

Untitled

a guest May 31st, 2017 94 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # This file was automatically installed on 2017-05-31T12:48:12.921910
  2. inet_interfaces = all
  3. inet_protocols = all
  4. myhostname = modoboa.server.com
  5. myorigin = $myhostname
  6. mydestination =
  7. mynetworks = 127.0.0.0/8
  8. smtpd_banner = $myhostname ESMTP
  9. biff = no
  10. unknown_local_recipient_reject_code = 550
  11. unverified_recipient_reject_code = 550
  12.  
  13. # appending .domain is the MUA's job.
  14. append_dot_mydomain = no
  15.  
  16. readme_directory = no
  17.  
  18. mailbox_size_limit = 0
  19. message_size_limit = 52428800
  20. recipient_delimiter = +
  21.  
  22. alias_maps = hash:/etc/aliases
  23. alias_database = hash:/etc/aliases
  24.  
  25. ## Proxy maps
  26. proxy_read_maps =
  27.         proxy:unix:passwd.byname
  28.         proxy:mysql:/etc/postfix/sql-domains.cf
  29.         proxy:mysql:/etc/postfix/sql-domain-aliases.cf
  30.         proxy:mysql:/etc/postfix/sql-aliases.cf
  31.         proxy:mysql:/etc/postfix/sql-relaydomains.cf
  32.         proxy:mysql:/etc/postfix/sql-relaydomains-transport.cf
  33.         proxy:mysql:/etc/postfix/sql-relaydomain-aliases-transport.cf
  34. #        proxy:mysql:/etc/postfix/sql-autoreplies-transport.cf
  35.         proxy:mysql:/etc/postfix/sql-maintain.cf
  36.         proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
  37.         proxy:mysql:/etc/postfix/sql-sender-login-mailboxes.cf
  38.         proxy:mysql:/etc/postfix/sql-sender-login-aliases.cf
  39.         proxy:mysql:/etc/postfix/sql-sender-login-mailboxes-extra.cf
  40.         proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
  41.  
  42. ## TLS settings
  43. #
  44. smtpd_use_tls = yes
  45. smtpd_tls_auth_only = no
  46. smtpd_tls_key_file = /etc/pki/tls/private/mx4.spam-killer.ch.key
  47. smtpd_tls_cert_file = /etc/pki/tls/certs/mx4.spam-killer.ch.cert
  48. smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
  49. smtpd_tls_loglevel = 1
  50. smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
  51. smtpd_tls_security_level = may
  52. smtpd_tls_received_header = yes
  53.  
  54. # Disallow SSLv2 and SSLv3, only accept secure ciphers
  55. smtpd_tls_protocols = !SSLv2, !SSLv3
  56. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
  57. smtpd_tls_mandatory_ciphers = high
  58. smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
  59. smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
  60.  
  61. # Enable elliptic curve cryptography
  62. smtpd_tls_eecdh_grade = strong
  63.  
  64. # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
  65. smtp_tls_security_level = may
  66. smtp_tls_loglevel = 1
  67. smtp_tls_exclude_ciphers = EXPORT, LOW
  68.  
  69. ## Virtual transport settings
  70. #
  71. #virtual_transport = lmtp:unix:private/dovecot-lmtp
  72.  
  73. virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql-domains.cf
  74. virtual_alias_domains = proxy:mysql:/etc/postfix/sql-domain-aliases.cf
  75. virtual_alias_maps =
  76.         proxy:mysql:/etc/postfix/sql-aliases.cf
  77.  
  78. ## Relay domains
  79. #
  80. relay_domains =
  81.         proxy:mysql:/etc/postfix/sql-relaydomains.cf
  82. transport_maps =
  83.         proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
  84.     proxy:mysql:/etc/postfix/sql-relaydomains-transport.cf
  85. #        proxy:mysql:/etc/postfix/sql-autoreplies-transport.cf
  86.  
  87. ## SASL authentication through Dovecot
  88. #
  89. #smtpd_sasl_type = dovecot
  90. #smtpd_sasl_path = private/auth
  91. #smtpd_sasl_auth_enable = yes
  92. #broken_sasl_auth_clients = yes
  93. #smtpd_sasl_security_options = noanonymous
  94.  
  95. ## SMTP session policies
  96. #
  97.  
  98. # We require HELO to check it later
  99. smtpd_helo_required = yes
  100.  
  101. # We do not let others find out which recipients are valid
  102. disable_vrfy_command = yes
  103.  
  104. # MTA to MTA communication on Port 25. We expect (!) the other party to
  105. # specify messages as required by RFC 821.
  106. strict_rfc821_envelopes = yes
  107.  
  108. # Verify cache setup
  109. #address_verify_map = proxy:btree:$data_directory/verify_cache
  110.  
  111. #proxy_write_maps =
  112. #    $smtp_sasl_auth_cache_name
  113. #    $lmtp_sasl_auth_cache_name
  114. #    $address_verify_map
  115.  
  116. # List of authorized senders
  117. smtpd_sender_login_maps =
  118.         proxy:mysql:/etc/postfix/sql-sender-login-mailboxes.cf
  119.         proxy:mysql:/etc/postfix/sql-sender-login-aliases.cf
  120.         proxy:mysql:/etc/postfix/sql-sender-login-mailboxes-extra.cf
  121.  
  122. # Recipient restriction rules
  123. smtpd_recipient_restrictions =
  124.       permit_mynetworks
  125.       permit_sasl_authenticated
  126.       check_recipient_access
  127.           proxy:mysql:/etc/postfix/sql-maintain.cf
  128.           proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
  129.       reject_unverified_recipient
  130.       reject_unauth_destination
  131.       reject_non_fqdn_sender
  132.       reject_non_fqdn_recipient
  133.       reject_non_fqdn_helo_hostname
  134.  
  135. ## Postcreen settings
  136. #
  137. postscreen_access_list =
  138.        permit_mynetworks
  139. postscreen_blacklist_action = enforce
  140.  
  141. # Use some DNSBL
  142. postscreen_dnsbl_sites =
  143.     zen.spamhaus.org*3
  144.     bl.spameatingmonkey.net*2
  145.     dnsbl.habl.org
  146.     bl.spamcop.net
  147.     dnsbl.sorbs.net
  148. postscreen_dnsbl_threshold = 3
  149. postscreen_dnsbl_action = enforce
  150.  
  151. postscreen_greet_banner = Welcome, please wait...
  152. postscreen_greet_action = enforce
  153.  
  154. postscreen_pipelining_enable = yes
  155. postscreen_pipelining_action = enforce
  156.  
  157. postscreen_non_smtp_command_enable = yes
  158. postscreen_non_smtp_command_action = enforce
  159.  
  160. postscreen_bare_newline_enable = yes
  161. postscreen_bare_newline_action = enforce
  162. smtp_generic_maps = hash:/etc/postfix/generic
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top