hakabe

Main.cf

May 6th, 2017
648
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
  2. biff = no
  3.  
  4. # appending .domain is the MUA's job.
  5. append_dot_mydomain = no
  6.  
  7. # Uncomment the next line to generate "delayed mail" warnings
  8. #delay_warning_time = 4h
  9.  
  10. readme_directory = no
  11.  
  12. # TLS parameters
  13. #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  14. #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
  15. #smtpd_tls_cert_file=/etc/nginx/ssl/myserver_mail.crt
  16. #smtpd_tls_key_file=/etc/nginx/ssl/myserver_mail.key
  17. #smtpd_tls_CAfile =/etc/nginx/ssl/ca.crt
  18. smtp_tls_cert_file=/etc/mail/ssl/certs/certificate.crt
  19. smtp_tls_key_file=/etc/mail/ssl/certs/myserver.com.key
  20. smtpd_tls_CApath=/etc/ssl/certs
  21. smtp_tls_CApath=/etc/ssl/certs
  22. smtp_tls_CAfile=/etc/mail/ssl/certs/myserver.com.ca-bundle
  23.  
  24. smtpd_tls_cert_file=/etc/mail/ssl/certs/certificate.crt
  25. smtpd_tls_key_file=/etc/mail/ssl/certs/myserver.com.key
  26. smtpd_tls_CAfile=/etc/mail/ssl/certs/myserver.com.ca-bundle
  27. smtp_sasl_auth_enable = yes
  28. smtp_sasl_password_maps = static:info@myserver.com:password
  29. smtp_sasl_security_options = noanonymous
  30.  
  31. smtpd_tls_loglevel = 3
  32. smtpd_tls_received_header = yes
  33. smtpd_tls_session_cache_timeout = 3600s
  34. tls_random_source = dev:/dev/urandom
  35. smtp_use_tls=yes
  36. smtpd_use_tls=yes
  37. #smtp_enforce_tls=yes
  38. smtp_tls_security_level=encrypt
  39. header_size_limit = 4096000
  40. # Seriously - for email relaying, just get a $5 Linode and install Ubuntu + iRedmail. Works out of the box and supports relaying,
  41. # webmails etc (Roundcube, SoGo WorkGroup). The mx.mysmtpserver.com:587 is using iRedmail.
  42. relayhost = mx.mysmtpserver.com:587
  43. smtpd_tls_auth_only=yes
  44. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  45. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  46.  
  47. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
  48. # information on enabling SSL in the smtp client.
  49.  
  50.  
  51. smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  52. smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  53. smtpd_tls_dh512_param_file = /etc/ssl/private/dhparams512.pem
  54. smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams1024.pem
  55. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
  56.  
  57. # DKIM
  58. # --------------------------------------
  59. milter_default_action = accept
  60. milter_protocol = 2
  61. smtpd_milters = inet:localhost:8891
  62. non_smtpd_milters = inet:localhost:8891
  63.  
  64. mydomain = myserver.com
  65. myhostname = myserver.com
  66. alias_maps = hash:/etc/aliases
  67. alias_database = hash:/etc/aliases
  68. myorigin = /etc/mailname
  69. ## If here's host destination, it'll bounce all the mails that are not mapped in virtual aliases (like blaa@blaa.com)
  70. mydestination =
  71. # localhost $myhostname, myserver.com, localhost
  72. #relayhost =
  73. mynetworks = 127.0.0.0/8
  74. #[::ffff:127.0.0.0]/104 [::1]/128
  75. mailbox_size_limit = 0
  76. recipient_delimiter = +
  77. inet_interfaces = all
  78. inet_protocols = ipv4
  79. virtual_alias_maps = hash:/etc/postfix/virtual
  80. canonical_maps = hash:/etc/postfix/canonical
RAW Paste Data