Main.cf

1. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
2. biff = no
3.  
4. # appending .domain is the MUA's job.
5. append_dot_mydomain = no
6.  
7. # Uncomment the next line to generate "delayed mail" warnings
8. #delay_warning_time = 4h
9.  
10. readme_directory = no
11.  
12. # TLS parameters
13. #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
14. #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
15. #smtpd_tls_cert_file=/etc/nginx/ssl/myserver_mail.crt
16. #smtpd_tls_key_file=/etc/nginx/ssl/myserver_mail.key
17. #smtpd_tls_CAfile =/etc/nginx/ssl/ca.crt
18. smtp_tls_cert_file=/etc/mail/ssl/certs/certificate.crt
19. smtp_tls_key_file=/etc/mail/ssl/certs/myserver.com.key
20. smtpd_tls_CApath=/etc/ssl/certs
21. smtp_tls_CApath=/etc/ssl/certs
22. smtp_tls_CAfile=/etc/mail/ssl/certs/myserver.com.ca-bundle
23.  
24. smtpd_tls_cert_file=/etc/mail/ssl/certs/certificate.crt
25. smtpd_tls_key_file=/etc/mail/ssl/certs/myserver.com.key
26. smtpd_tls_CAfile=/etc/mail/ssl/certs/myserver.com.ca-bundle
27. smtp_sasl_auth_enable = yes
28. smtp_sasl_password_maps = static:info@myserver.com:password
29. smtp_sasl_security_options = noanonymous
30.  
31. smtpd_tls_loglevel = 3
32. smtpd_tls_received_header = yes
33. smtpd_tls_session_cache_timeout = 3600s
34. tls_random_source = dev:/dev/urandom
35. smtp_use_tls=yes
36. smtpd_use_tls=yes
37. #smtp_enforce_tls=yes
38. smtp_tls_security_level=encrypt
39. header_size_limit = 4096000
40. # Seriously - for email relaying, just get a $5 Linode and install Ubuntu + iRedmail. Works out of the box and supports relaying,
41. # webmails etc (Roundcube, SoGo WorkGroup). The mx.mysmtpserver.com:587 is using iRedmail.
42. relayhost = mx.mysmtpserver.com:587
43. smtpd_tls_auth_only=yes
44. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
45. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
46.  
47. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
48. # information on enabling SSL in the smtp client.
49.  
50.  
51. smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
52. smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
53. smtpd_tls_dh512_param_file = /etc/ssl/private/dhparams512.pem
54. smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams1024.pem
55. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
56.  
57. # DKIM
58. # --------------------------------------
59. milter_default_action = accept
60. milter_protocol = 2
61. smtpd_milters = inet:localhost:8891
62. non_smtpd_milters = inet:localhost:8891
63.  
64. mydomain = myserver.com
65. myhostname = myserver.com
66. alias_maps = hash:/etc/aliases
67. alias_database = hash:/etc/aliases
68. myorigin = /etc/mailname
69. ## If here's host destination, it'll bounce all the mails that are not mapped in virtual aliases (like blaa@blaa.com)
70. mydestination =
71. # localhost $myhostname, myserver.com, localhost
72. #relayhost =
73. mynetworks = 127.0.0.0/8
74. #[::ffff:127.0.0.0]/104 [::1]/128
75. mailbox_size_limit = 0
76. recipient_delimiter = +
77. inet_interfaces = all
78. inet_protocols = ipv4
79. virtual_alias_maps = hash:/etc/postfix/virtual
80. canonical_maps = hash:/etc/postfix/canonical