# This file was automatically installed on 2017-05-31T12:48:12.921910inet_inte

1. # This file was automatically installed on 2017-05-31T12:48:12.921910
2. inet_interfaces = all
3. inet_protocols = all
4. myhostname = modoboa.server.com
5. myorigin = $myhostname
6. mydestination =
7. mynetworks = 127.0.0.0/8
8. smtpd_banner = $myhostname ESMTP
9. biff = no
10. unknown_local_recipient_reject_code = 550
11. unverified_recipient_reject_code = 550
12.  
13. # appending .domain is the MUA's job.
14. append_dot_mydomain = no
15.  
16. readme_directory = no
17.  
18. mailbox_size_limit = 0
19. message_size_limit = 52428800
20. recipient_delimiter = +
21.  
22. alias_maps = hash:/etc/aliases
23. alias_database = hash:/etc/aliases
24.  
25. ## Proxy maps
26. proxy_read_maps =
27. proxy:unix:passwd.byname
28. proxy:mysql:/etc/postfix/sql-domains.cf
29. proxy:mysql:/etc/postfix/sql-domain-aliases.cf
30. proxy:mysql:/etc/postfix/sql-aliases.cf
31. proxy:mysql:/etc/postfix/sql-relaydomains.cf
32. proxy:mysql:/etc/postfix/sql-relaydomains-transport.cf
33. proxy:mysql:/etc/postfix/sql-relaydomain-aliases-transport.cf
34. # proxy:mysql:/etc/postfix/sql-autoreplies-transport.cf
35. proxy:mysql:/etc/postfix/sql-maintain.cf
36. proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
37. proxy:mysql:/etc/postfix/sql-sender-login-mailboxes.cf
38. proxy:mysql:/etc/postfix/sql-sender-login-aliases.cf
39. proxy:mysql:/etc/postfix/sql-sender-login-mailboxes-extra.cf
40. proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
41.  
42. ## TLS settings
43. #
44. smtpd_use_tls = yes
45. smtpd_tls_auth_only = no
46. smtpd_tls_key_file = /etc/pki/tls/private/mx4.spam-killer.ch.key
47. smtpd_tls_cert_file = /etc/pki/tls/certs/mx4.spam-killer.ch.cert
48. smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
49. smtpd_tls_loglevel = 1
50. smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
51. smtpd_tls_security_level = may
52. smtpd_tls_received_header = yes
53.  
54. # Disallow SSLv2 and SSLv3, only accept secure ciphers
55. smtpd_tls_protocols = !SSLv2, !SSLv3
56. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
57. smtpd_tls_mandatory_ciphers = high
58. smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
59. smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
60.  
61. # Enable elliptic curve cryptography
62. smtpd_tls_eecdh_grade = strong
63.  
64. # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
65. smtp_tls_security_level = may
66. smtp_tls_loglevel = 1
67. smtp_tls_exclude_ciphers = EXPORT, LOW
68.  
69. ## Virtual transport settings
70. #
71. #virtual_transport = lmtp:unix:private/dovecot-lmtp
72.  
73. virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql-domains.cf
74. virtual_alias_domains = proxy:mysql:/etc/postfix/sql-domain-aliases.cf
75. virtual_alias_maps =
76. proxy:mysql:/etc/postfix/sql-aliases.cf
77.  
78. ## Relay domains
79. #
80. relay_domains =
81. proxy:mysql:/etc/postfix/sql-relaydomains.cf
82. transport_maps =
83. proxy:mysql:/etc/postfix/sql-spliteddomains-transport.cf
84. proxy:mysql:/etc/postfix/sql-relaydomains-transport.cf
85. # proxy:mysql:/etc/postfix/sql-autoreplies-transport.cf
86.  
87. ## SASL authentication through Dovecot
88. #
89. #smtpd_sasl_type = dovecot
90. #smtpd_sasl_path = private/auth
91. #smtpd_sasl_auth_enable = yes
92. #broken_sasl_auth_clients = yes
93. #smtpd_sasl_security_options = noanonymous
94.  
95. ## SMTP session policies
96. #
97.  
98. # We require HELO to check it later
99. smtpd_helo_required = yes
100.  
101. # We do not let others find out which recipients are valid
102. disable_vrfy_command = yes
103.  
104. # MTA to MTA communication on Port 25. We expect (!) the other party to
105. # specify messages as required by RFC 821.
106. strict_rfc821_envelopes = yes
107.  
108. # Verify cache setup
109. #address_verify_map = proxy:btree:$data_directory/verify_cache
110.  
111. #proxy_write_maps =
112. # $smtp_sasl_auth_cache_name
113. # $lmtp_sasl_auth_cache_name
114. # $address_verify_map
115.  
116. # List of authorized senders
117. smtpd_sender_login_maps =
118. proxy:mysql:/etc/postfix/sql-sender-login-mailboxes.cf
119. proxy:mysql:/etc/postfix/sql-sender-login-aliases.cf
120. proxy:mysql:/etc/postfix/sql-sender-login-mailboxes-extra.cf
121.  
122. # Recipient restriction rules
123. smtpd_recipient_restrictions =
124. permit_mynetworks
125. permit_sasl_authenticated
126. check_recipient_access
127. proxy:mysql:/etc/postfix/sql-maintain.cf
128. proxy:mysql:/etc/postfix/sql-relay-recipient-verification.cf
129. reject_unverified_recipient
130. reject_unauth_destination
131. reject_non_fqdn_sender
132. reject_non_fqdn_recipient
133. reject_non_fqdn_helo_hostname
134.  
135. ## Postcreen settings
136. #
137. postscreen_access_list =
138. permit_mynetworks
139. postscreen_blacklist_action = enforce
140.  
141. # Use some DNSBL
142. postscreen_dnsbl_sites =
143. zen.spamhaus.org*3
144. bl.spameatingmonkey.net*2
145. dnsbl.habl.org
146. bl.spamcop.net
147. dnsbl.sorbs.net
148. postscreen_dnsbl_threshold = 3
149. postscreen_dnsbl_action = enforce
150.  
151. postscreen_greet_banner = Welcome, please wait...
152. postscreen_greet_action = enforce
153.  
154. postscreen_pipelining_enable = yes
155. postscreen_pipelining_action = enforce
156.  
157. postscreen_non_smtp_command_enable = yes
158. postscreen_non_smtp_command_action = enforce
159.  
160. postscreen_bare_newline_enable = yes
161. postscreen_bare_newline_action = enforce
162. smtp_generic_maps = hash:/etc/postfix/generic