alias_maps = hash:/etc/mail/aliasesappend_dot_mydomain = nobiff = nobroken

1. alias_maps = hash:/etc/mail/aliases
2. append_dot_mydomain = no
3. biff = no
4. broken_sasl_auth_clients = yes
5. command_directory = /usr/local/sbin
6. compatibility_level = 2
7. daemon_directory = /usr/local/libexec/postfix
8. data_directory = /var/db/postfix
9. disable_vrfy_command = yes
10. dovecot_destination_recipient_limit = 1
11. enable_original_recipient = yes
12. header_checks = regexp:/usr/local/etc/postfix/custom_original_outgoing_header, regexp:/usr/local/etc/postfix/header_checks
13. html_directory = no
14. inet_interfaces = 127.0.0.1, MY.EXTERNAL.IP
15. inet_protocols = ipv4
16. mail_owner = postfix
17. mailbox_size_limit = 0
18. mailq_path = /usr/local/bin/mailq
19. manpage_directory = /usr/local/man
20. maximal_backoff_time = 8000s
21. maximal_queue_lifetime = 7d
22. message_size_limit = 32020096
23. meta_directory = /usr/local/libexec/postfix
24. milter_default_action = accept
25. milter_protocol = 6
26. minimal_backoff_time = 1000s
27. mydestination =
28. myhostname = MY.HOSTNAME.COM
29. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
30. mynetworks_style = host
31. myorigin = $myhostname
32. newaliases_path = /usr/local/bin/newaliases
33. non_smtpd_milters = inet:127.0.0.1:11332, local:opendkim/opendkim.sock
34. queue_directory = /var/spool/postfix
35. readme_directory = no
36. recipient_delimiter = +
37. sample_directory = /usr/local/etc/postfix
38. sendmail_path = /usr/local/sbin/sendmail
39. setgid_group = maildrop
40. shlib_directory = /usr/local/lib/postfix
41. smtp_bind_address = MY.EXTERNAL.IP
42. smtp_helo_timeout = 60s
43. smtp_tls_note_starttls_offer = yes
44. smtp_tls_security_level = may
45. smtpd_banner = $myhostname ESMTP $mail_name
46. smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client rbl.realtimeblacklist.com, reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client xbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
47. smtpd_data_restrictions = reject_unauth_pipelining
48. smtpd_delay_reject = yes
49. smtpd_hard_error_limit = 12
50. smtpd_helo_required = yes
51. smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access hash:/usr/local/etc/postfix/helo_access, permit
52. smtpd_milters = inet:localhost:11332, local:opendkim/opendkim.sock
53. smtpd_recipient_limit = 160
54. smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname, permit
55. smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
56. smtpd_sasl_auth_enable = yes
57. smtpd_sasl_authenticated_header = yes
58. smtpd_sasl_local_domain =
59. smtpd_sasl_path = private/auth
60. smtpd_sasl_security_options = noanonymous
61. smtpd_sasl_type = dovecot
62. smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, check_sender_access pcre:/usr/local/etc/postfix/reject_domains, check_sender_access pcre:/usr/local/etc/postfix/allow_domains, permit
63. smtpd_soft_error_limit = 3
64. smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/MY.HOSTNAME.COM/fullchain.pem
65. smtpd_tls_dh1024_param_file = /etc/dhparam2048.pem
66. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
67. smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/MY.HOSTNAME.COM/privkey.pem
68. smtpd_tls_loglevel = 1
69. smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
70. smtpd_tls_received_header = yes
71. smtpd_tls_security_level = may
72. smtpd_tls_session_cache_database = btree:/usr/local/var/lib/postfix/smtpd_scache
73. smtpd_tls_session_cache_timeout = 3600s
74. tls_high_cipherlist = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
75. tls_random_source = dev:/dev/urandom
76. unknown_local_recipient_reject_code = 450
77. virtual_alias_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/usr/local/etc/postfix/sql/mysql_virtual_alias_domainaliases_maps.cf
78. virtual_gid_maps = static:50000
79. virtual_mailbox_base = /var/vmail
80. virtual_mailbox_domains = mysql:/usr/local/etc/postfix/sql/mysql_virtual_domains_maps.cf
81. virtual_mailbox_maps = mysql:/usr/local/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/usr/local/etc/postfix/sql/mysql_virtual_mailbox_domainaliases_maps.cf
82. virtual_transport = dovecot
83. virtual_uid_maps = static:50000