Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This file was automatically installed on 2022-05-02T14:37:30.062679
- inet_interfaces = all
- inet_protocols = all
- myhostname = mail.tits.com
- myorigin = $myhostname
- mydestination = $myhostname
- mynetworks = 127.0.0.0/8
- smtpd_banner = $myhostname ESMTP
- biff = no
- unknown_local_recipient_reject_code = 550
- unverified_recipient_reject_code = 550
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- readme_directory = no
- mailbox_size_limit = 0
- message_size_limit = 11534336
- recipient_delimiter = +
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- ## Proxy maps
- proxy_read_maps =
- proxy:unix:passwd.byname
- proxy:mysql:/etc/postfix/sql-domains.cf
- proxy:mysql:/etc/postfix/sql-domain-aliases.cf
- proxy:mysql:/etc/postfix/sql-aliases.cf
- proxy:mysql:/etc/postfix/sql-relaydomains.cf
- proxy:mysql:/etc/postfix/sql-maintain.cf
- proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
- proxy:mysql:/etc/postfix/sql-sender-login-map.cf
- proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
- proxy:mysql:/etc/postfix/sql-transport.cf
- ## TLS settings
- #
- smtpd_use_tls = yes
- smtpd_tls_auth_only = no
- smtpd_tls_CApath = /etc/ssl/certs
- cert = sanitized
- smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
- smtpd_tls_loglevel = 1
- smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
- smtpd_tls_security_level = may
- smtpd_tls_received_header = yes
- # Disallow SSLv2 and SSLv3, only accept secure ciphers
- smtpd_tls_protocols = !SSLv2, !SSLv3
- smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
- smtpd_tls_mandatory_ciphers = high
- smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
- smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
- # Enable elliptic curve cryptography
- smtpd_tls_eecdh_grade = strong
- # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
- smtp_tls_CApath = /etc/ssl/certs
- smtp_tls_security_level = may
- smtp_tls_loglevel = 1
- smtp_tls_exclude_ciphers = EXPORT, LOW
- ## Virtual transport settings
- #
- virtual_transport = lmtp:unix:private/dovecot-lmtp
- virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql-domains.cf
- # Define the domain list as hash file or as list in the config file.
- virtual_alias_domains = proxy:mysql:/etc/postfix/sql-domain-aliases.cf
- virtual_alias_maps =
- # Define the domain list as hash file or as list in the config file.
- #virtual_alias_domains = hash:/etc/postfix/virtual_domains
- proxy:mysql:/etc/postfix/sql-aliases.cf
- ## Relay domains
- #
- relay_domains =
- proxy:mysql:/etc/postfix/sql-relaydomains.cf
- transport_maps =
- hash:/etc/postfix/sender_map
- proxy:mysql:/etc/postfix/sql-transport.cf
- proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
- ## SASL authentication through Dovecot
- #
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_auth_enable = yes
- broken_sasl_auth_clients = yes
- smtpd_sasl_security_options = noanonymous
- ## SMTP session policies
- #
- # We require HELO to check it later
- smtpd_helo_required = yes
- # We do not let others find out which recipients are valid
- disable_vrfy_command = yes
- # MTA to MTA communication on Port 25. We expect (!) the other party to
- # specify messages as required by RFC 821.
- strict_rfc821_envelopes = yes
- # Verify cache setup
- address_verify_map = proxy:btree:$data_directory/verify_cache
- proxy_write_maps =
- $smtp_sasl_auth_cache_name
- $lmtp_sasl_auth_cache_name
- $address_verify_map
- # OpenDKIM setup
- smtpd_milters = inet:127.0.0.1:12345
- non_smtpd_milters = inet:127.0.0.1:12345
- milter_default_action = accept
- milter_content_timeout = 30s
- # List of authorized senders
- smtpd_sender_login_maps =
- proxy:mysql:/etc/postfix/sql-sender-login-map.cf
- # Recipient restriction rules
- smtpd_recipient_restrictions =
- check_policy_service inet:127.0.0.1:9999
- permit_mynetworks
- permit_sasl_authenticated
- check_recipient_access
- proxy:mysql:/etc/postfix/sql-maintain.cf
- proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
- reject_unverified_recipient
- reject_unauth_destination
- reject_non_fqdn_sender
- reject_non_fqdn_recipient
- reject_non_fqdn_helo_hostname
- ## Postcreen settings
- #
- postscreen_access_list =
- permit_mynetworks
- cidr:/etc/postfix/postscreen_spf_whitelist.cidr
- postscreen_blacklist_action = enforce
- # Use some DNSBL
- postscreen_dnsbl_sites =
- zen.spamhaus.org*3
- bl.spameatingmonkey.net*2
- bl.spamcop.net
- dnsbl.sorbs.net
- postscreen_dnsbl_threshold = 3
- postscreen_dnsbl_action = enforce
- postscreen_greet_banner = Welcome, please wait...
- postscreen_greet_action = enforce
- #postscreen_pipelining_enable = yes
- #postscreen_pipelining_action = enforce
- #postscreen_non_smtp_command_enable = yes
- #postscreen_non_smtp_command_action = enforce
- #postscreen_bare_newline_enable = yes
- #postscreen_bare_newline_action = enforce
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement