Mast and Main

1. #
2. # Postfix master process configuration file. For details on the format
3. # of the file, see the master(5) manual page (command: "man 5 master" or
4. # on-line: http://www.postfix.org/master.5.html).
5. #
6. # Do not forget to execute "postfix reload" after editing this file.
7. #
8. # ==========================================================================
9. # service type private unpriv chroot wakeup maxproc command + args
10. # (yes) (yes) (no) (never) (100)
11. # ==========================================================================
12. smtp inet n - y - 1 postscreen
13. smtpd pass - - y - - smtpd
14. dnsblog unix - - y - 0 dnsblog
15. tlsproxy unix - - y - 0 tlsproxy
16. #submission inet n - y - - smtpd
17. # -o syslog_name=postfix/submission
18. # -o smtpd_tls_security_level=encrypt
19. -o smtpd_sasl_auth_enable=yes
20. # -o smtpd_tls_auth_only=yes
21. # -o smtpd_reject_unlisted_recipient=no
22. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
23. # -o smtpd_helo_restrictions=$mua_helo_restrictions
24. # -o smtpd_sender_restrictions=$mua_sender_restrictions
25. # -o smtpd_recipient_restrictions=
26. # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
27. # -o milter_macro_daemon_name=ORIGINATING
28. smtps inet n - y - - smtpd
29. # -o syslog_name=postfix/smtps
30. -o smtpd_tls_wrappermode=yes
31. # -o smtpd_sasl_auth_enable=yes
32. # -o smtpd_reject_unlisted_recipient=no
33. # -o smtpd_client_restrictions=$mua_client_restrictions
34. # -o smtpd_helo_restrictions=$mua_helo_restrictions
35. # -o smtpd_sender_restrictions=$mua_sender_restrictions
36. # -o smtpd_recipient_restrictions=
37. -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
38. # -o milter_macro_daemon_name=ORIGINATING
39. #628 inet n - y - - qmqpd
40. #smtp inet n - - - - smtpd
41. pickup unix n - n 60 1 pickup
42. cleanup unix n - n - 0 cleanup
43. #qmgr unix n - n 300 1 oqmgr
44. qmgr unix n - n 300 1 qmgr
45. tlsmgr unix - - n 1000? 1 tlsmgr
46. rewrite unix - - n - - trivial-rewrite
47. bounce unix - - n - 0 bounce
48. defer unix - - n - 0 bounce
49. trace unix - - n - 0 bounce
50. verify unix - - n - 1 verify
51. flush unix n - n 1000? 0 flush
52. proxymap unix - - n - - proxymap
53. proxywrite unix - - n - 1 proxymap
54. smtp unix - - n - - smtp
55. # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
56. relay unix - - n - - smtp
57. -o syslog_name=postfix/$service_name
58. showq unix n - n - - showq
59. error unix - - n - - error
60. retry unix - - n - - error
61. discard unix - - n - - discard
62. local unix - n n - - local
63. virtual unix - n n - - virtual
64. lmtp unix - - n - - lmtp
65. anvil unix - - n - 1 anvil
66. #
67. # ====================================================================
68. # Interfaces to non-Postfix software. Be sure to examine the manual
69. # pages of the non-Postfix software to find out what options it wants.
70. #
71. # Many of the following services use the Postfix pipe(8) delivery
72. # agent. See the pipe(8) man page for information about ${recipient}
73. # and other message envelope options.
74. # ====================================================================
75. #
76. # maildrop. See the Postfix MAILDROP_README file for details.
77. # Also specify in main.cf: maildrop_destination_recipient_limit=1
78. #
79. scache unix - - n - 1 scache
80. #
81. # ====================================================================
82. #
83. # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
84. #
85. # Specify in cyrus.conf:
86. # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
87. #
88. # Specify in main.cf one or more of the following:
89. # mailbox_transport = lmtp:inet:localhost
90. # virtual_transport = lmtp:inet:localhost
91. #
92. # ====================================================================
93. #
94. # Cyrus 2.1.5 (Amos Gouaux)
95. # Also specify in main.cf: cyrus_destination_recipient_limit=1
96. #
97. #cyrus unix - n n - - pipe
98. # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
99. #
100. # ====================================================================
101. # Old example of delivery via Cyrus.
102. #
103. #old-cyrus unix - n n - - pipe
104. # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
105. #
106. # ====================================================================
107. #
108. # See the Postfix UUCP_README file for configuration details.
109. #
110. maildrop unix - n n - - pipe flags=DRhu
111. user=vmail argv=/usr/bin/maildrop -d ${recipient}
112. #
113. # Other external delivery methods.
114. #
115. uucp unix - n n - - pipe flags=Fqhu
116. user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
117. ifmail unix - n n - - pipe flags=F user=ftn
118. argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
119. bsmtp unix - n n - - pipe flags=Fq.
120. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
121. scalemail-backend unix - n n - 2 pipe flags=R
122. user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
123. ${user} ${extension}
124.  
125. mailman unix - n n - - pipe flags=FR
126. user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
127. ${user}
128. # Submission, port 587, force TLS connection.
129. submission inet n - n - - smtpd
130. -o syslog_name=postfix/submission
131. -o smtpd_tls_security_level=encrypt
132. -o smtpd_sasl_auth_enable=yes
133. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
134. -o content_filter=smtp-amavis:[127.0.0.1]:10026
135.  
136. # Use dovecot's `deliver` program as LDA.
137. dovecot unix - n n - - pipe
138. flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
139.  
140. # mlmmj - mailing list manager
141. # ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u')
142. mlmmj unix - n n - - pipe
143. flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
144.  
145. # Amavisd integration.
146. smtp-amavis unix - - n - 8 smtp
147. -o syslog_name=postfix/amavis
148. -o smtp_data_done_timeout=1200
149. -o smtp_send_xforward_command=yes
150. -o disable_dns_lookups=yes
151. -o max_use=20
152.  
153. # smtp port used by Amavisd to re-inject scanned email back to Postfix
154. 127.0.0.1:10025 inet n - n - - smtpd
155. -o syslog_name=postfix/10025
156. -o smtpd_restriction_classes=
157. -o content_filter=
158. -o mynetworks_style=host
159. -o mynetworks=127.0.0.0/8
160. -o local_recipient_maps=
161. -o relay_recipient_maps=
162. -o strict_rfc821_envelopes=yes
163. -o smtp_tls_security_level=none
164. -o smtpd_tls_security_level=none
165. -o smtpd_restriction_classes=
166. -o smtpd_delay_reject=no
167. -o smtpd_client_restrictions=permit_mynetworks,reject
168. -o smtpd_helo_restrictions=
169. -o smtpd_sender_restrictions=
170. -o smtpd_recipient_restrictions=permit_mynetworks,reject
171. -o smtpd_end_of_data_restrictions=
172. -o smtpd_error_sleep_time=0
173. -o smtpd_soft_error_limit=1001
174. -o smtpd_hard_error_limit=1000
175. -o smtpd_client_connection_count_limit=0
176. -o smtpd_client_connection_rate_limit=0
177. -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
178.  
179. # smtp port used by mlmmj to re-inject scanned email back to Postfix, with
180. # address mapping support
181. 127.0.0.1:10028 inet n - n - - smtpd
182. -o syslog_name=postfix/10028
183. -o content_filter=
184. -o mynetworks_style=host
185. -o mynetworks=127.0.0.0/8
186. -o local_recipient_maps=
187. -o relay_recipient_maps=
188. -o strict_rfc821_envelopes=yes
189. -o smtp_tls_security_level=none
190. -o smtpd_tls_security_level=none
191. -o smtpd_restriction_classes=
192. -o smtpd_delay_reject=no
193. -o smtpd_client_restrictions=permit_mynetworks,reject
194. -o smtpd_helo_restrictions=
195. -o smtpd_sender_restrictions=
196. -o smtpd_recipient_restrictions=permit_mynetworks,reject
197. -o smtpd_end_of_data_restrictions=
198. -o smtpd_error_sleep_time=0
199. -o smtpd_soft_error_limit=1001
200. -o smtpd_hard_error_limit=1000
201. -o smtpd_client_connection_count_limit=0
202. -o smtpd_client_connection_rate_limit=0
203. -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
204.  
205. ---------------------------------------------------------------------------------------------------------------------------------------
206.  
207. # --------------------
208. # INSTALL-TIME CONFIGURATION INFORMATION
209. #
210. # location of the Postfix queue. Default is /var/spool/postfix.
211. queue_directory = /var/spool/postfix
212.  
213. # location of all postXXX commands. Default is /usr/sbin.
214. command_directory = /usr/sbin
215.  
216. # location of all Postfix daemon programs (i.e. programs listed in the
217. # master.cf file). This directory must be owned by root.
218. # Default is /usr/libexec/postfix
219. daemon_directory = /usr/lib/postfix/sbin
220.  
221. # location of Postfix-writable data files (caches, random numbers).
222. # This directory must be owned by the mail_owner account (see below).
223. # Default is /var/lib/postfix.
224. data_directory = /var/lib/postfix
225.  
226. # owner of the Postfix queue and of most Postfix daemon processes.
227. # Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
228. # WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
229. # In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
230. # Default is postfix.
231. mail_owner = postfix
232.  
233. # The following parameters are used when installing a new Postfix version.
234. #
235. # sendmail_path: The full pathname of the Postfix sendmail command.
236. # This is the Sendmail-compatible mail posting interface.
237. #
238. sendmail_path = /usr/sbin/sendmail
239.  
240. # newaliases_path: The full pathname of the Postfix newaliases command.
241. # This is the Sendmail-compatible command to build alias databases.
242. #
243. newaliases_path = /usr/bin/newaliases
244.  
245. # full pathname of the Postfix mailq command. This is the Sendmail-compatible
246. # mail queue listing command.
247. mailq_path = /usr/bin/mailq
248.  
249. # group for mail submission and queue management commands.
250. # This must be a group name with a numerical group ID that is not shared with
251. # other accounts, not even with the Postfix account.
252. setgid_group = postdrop
253.  
254. # external command that is executed when a Postfix daemon program is run with
255. # the -D option.
256. #
257. # Use "command .. & sleep 5" so that the debugger can attach before
258. # the process marches on. If you use an X-based debugger, be sure to
259. # set up your XAUTHORITY environment variable before starting Postfix.
260. #
261. debugger_command =
262. PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
263. ddd $daemon_directory/$process_name $process_id & sleep 5
264.  
265. debug_peer_level = 2
266.  
267. # --------------------
268. # CUSTOM SETTINGS
269. #
270.  
271. # SMTP server response code when recipient or domain not found.
272. unknown_local_recipient_reject_code = 550
273.  
274. # Do not notify local user.
275. biff = no
276.  
277. # Disable the rewriting of "site!user" into "user@site".
278. swap_bangpath = no
279.  
280. # Disable the rewriting of the form "user%domain" to "user@domain".
281. allow_percent_hack = no
282.  
283. # Allow recipient address start with '-'.
284. allow_min_user = no
285.  
286. # Disable the SMTP VRFY command. This stops some techniques used to
287. # harvest email addresses.
288. disable_vrfy_command = yes
289.  
290. # Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
291. inet_protocols = all
292.  
293. # Enable all network interfaces.
294. inet_interfaces = all
295.  
296. #
297. # TLS settings.
298. #
299. # SSL key, certificate, CA
300. #
301. smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
302. smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
303. smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
304. smtpd_tls_CApath = /etc/ssl/certs
305.  
306. #
307. # Disable SSLv2, SSLv3
308. #
309. smtpd_tls_protocols = !SSLv2 !SSLv3
310. smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
311. smtp_tls_protocols = !SSLv2 !SSLv3
312. smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
313. lmtp_tls_protocols = !SSLv2 !SSLv3
314. lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
315.  
316. #
317. # Fix 'The Logjam Attack'.
318. #
319. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
320. smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
321. smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
322.  
323. tls_random_source = dev:/dev/urandom
324.  
325. # Log only a summary message on TLS handshake completion — no logging of client
326. # certificate trust-chain verification errors if client certificate
327. # verification is not required. With Postfix 2.8 and earlier, log the summary
328. # message, peer certificate summary information and unconditionally log
329. # trust-chain verification errors.
330. smtp_tls_loglevel = 1
331. smtpd_tls_loglevel = 1
332.  
333. # Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
334. # not require that clients use TLS encryption.
335. smtpd_tls_security_level = may
336.  
337. # Produce `Received:` message headers that include information about the
338. # protocol and cipher used, as well as the remote SMTP client CommonName and
339. # client certificate issuer CommonName.
340. # This is disabled by default, as the information may be modified in transit
341. # through other mail servers. Only information that was recorded by the final
342. # destination can be trusted.
343. #smtpd_tls_received_header = yes
344.  
345. # Opportunistic TLS, used when Postfix sends email to remote SMTP server.
346. # Use TLS if this is supported by the remote SMTP server, otherwise use
347. # plaintext.
348. # References:
349. # - http://www.postfix.org/TLS_README.html#client_tls_may
350. # - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
351. smtp_tls_security_level = may
352.  
353. # Use the same CA file as smtpd.
354. smtp_tls_CApath = /etc/ssl/certs
355. smtp_tls_CAfile = $smtpd_tls_CAfile
356. smtp_tls_note_starttls_offer = yes
357.  
358. # Enable long, non-repeating, queue IDs (queue file names).
359. # The benefit of non-repeating names is simpler logfile analysis and easier
360. # queue migration (there is no need to run "postsuper" to change queue file
361. # names that don't match their message file inode number).
362. enable_long_queue_ids = yes
363.  
364. # Reject unlisted sender and recipient
365. smtpd_reject_unlisted_recipient = yes
366. smtpd_reject_unlisted_sender = yes
367.  
368. # Header and body checks with PCRE table
369. header_checks = pcre:/etc/postfix/header_checks
370. body_checks = pcre:/etc/postfix/body_checks.pcre
371.  
372. # A mechanism to transform commands from remote SMTP clients.
373. # This is a last-resort tool to work around client commands that break
374. # interoperability with the Postfix SMTP server. Other uses involve fault
375. # injection to test Postfix's handling of invalid commands.
376. # Requires Postfix-2.7+.
377. smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
378.  
379. # HELO restriction
380. smtpd_helo_required = yes
381. smtpd_helo_restrictions =
382. permit_mynetworks
383. permit_sasl_authenticated
384. check_helo_access pcre:/etc/postfix/helo_access.pcre
385. reject_non_fqdn_helo_hostname
386. reject_unknown_helo_hostname
387.  
388. # Sender restrictions
389. smtpd_sender_restrictions =
390. reject_unknown_sender_domain
391. reject_non_fqdn_sender
392. reject_unlisted_sender
393. permit_mynetworks
394. permit_sasl_authenticated
395. check_sender_access pcre:/etc/postfix/sender_access.pcre
396.  
397. # Recipient restrictions
398. smtpd_recipient_restrictions =
399. reject_non_fqdn_recipient
400. reject_unlisted_recipient
401. check_policy_service inet:127.0.0.1:7777
402. permit_mynetworks
403. permit_sasl_authenticated
404. reject_unauth_destination
405.  
406. # END-OF-MESSAGE restrictions
407. smtpd_end_of_data_restrictions =
408. check_policy_service inet:127.0.0.1:7777
409.  
410. # Data restrictions
411. smtpd_data_restrictions = reject_unauth_pipelining
412.  
413. proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
414.  
415. # Avoid duplicate recipient messages. Default is 'yes'.
416. enable_original_recipient = no
417.  
418. # Virtual support.
419. virtual_minimum_uid = 2000
420. virtual_uid_maps = static:2000
421. virtual_gid_maps = static:2000
422. virtual_mailbox_base = /var/vmail
423.  
424. # Do not set virtual_alias_domains.
425. virtual_alias_domains =
426.  
427. #
428. # Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
429. # WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
430. # be forced to submit email through port 587 instead.
431. #
432. #smtpd_sasl_auth_enable = yes
433. #smtpd_sasl_security_options = noanonymous
434. #smtpd_tls_auth_only = yes
435.  
436. # hostname
437. myhostname = HDRedirect-LB6-54290b28133ca5af.elb.us-east-1.amazonaws.com
438. myorigin = /etc/mailname
439. mydomain = takeoffstudios.net
440.  
441. # trusted SMTP clients which are allowed to relay mail through Postfix.
442. #
443. # Note: additional IP addresses/networks listed in mynetworks should be listed
444. # in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
445. # for example:
446. #
447. # MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
448. #
449. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
450.  
451. # Accepted local emails
452. mydestination = takeoffstudios.net, localhost.localdomain, localhost
453.  
454. alias_maps = hash:/etc/postfix/aliases
455. alias_database = hash:/etc/postfix/aliases
456.  
457. # Default message_size_limit.
458. message_size_limit = 15728640
459.  
460. # The set of characters that can separate a user name from its extension
461. # (example: user+foo), or a .forward file name from its extension (example:
462. # .forward+foo).
463. # Postfix 2.11 and later supports multiple characters.
464. recipient_delimiter = +
465.  
466. # The time after which the sender receives a copy of the message headers of
467. # mail that is still queued. Default setting is disabled (0h) by Postfix.
468. #delay_warning_time = 1h
469. compatibility_level = 2
470. #
471. # Lookup virtual mail accounts
472. #
473. transport_maps =
474. proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
475. proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
476. proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
477.  
478. sender_dependent_relayhost_maps =
479. proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
480.  
481. # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
482. smtpd_sender_login_maps =
483. proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
484.  
485. virtual_mailbox_domains =
486. proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
487.  
488. relay_domains =
489. $mydestination
490. proxy:mysql:/etc/postfix/mysql/relay_domains.cf
491.  
492. virtual_mailbox_maps =
493. proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
494.  
495. virtual_alias_maps =
496. proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
497. proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
498. proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
499. proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
500.  
501. sender_bcc_maps =
502. proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
503. proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
504.  
505. recipient_bcc_maps =
506. proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
507. proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
508.  
509. #
510. # Postscreen
511. #
512. postscreen_greet_action = drop
513. postscreen_blacklist_action = drop
514. postscreen_dnsbl_action = drop
515. postscreen_dnsbl_threshold = 2
516.  
517. # Attention:
518. # - zen.spamhaus.org free tire has 3 limits
519. # (https://www.spamhaus.org/organization/dnsblusage/):
520. #
521. # 1) Your use of the Spamhaus DNSBLs is non-commercial*, and
522. # 2) Your email traffic is less than 100,000 SMTP connections per day, and
523. # 3) Your DNSBL query volume is less than 300,000 queries per day.
524. #
525. # - FAQ: "Your DNSBL blocks nothing at all!"
526. # https://www.spamhaus.org/faq/section/DNSBL%20Usage#261
527. #
528. # It's strongly recommended to use a local DNS server for cache.
529. postscreen_dnsbl_sites =
530. zen.spamhaus.org=127.0.0.[2..11]*3
531. b.barracudacentral.org=127.0.0.2*2
532.  
533. postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
534. postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
535.  
536. # Require Postfix-2.11+
537. postscreen_dnsbl_whitelist_threshold = -2
538. #
539. # Dovecot SASL support.
540. #
541. smtpd_sasl_type = dovecot
542. smtpd_sasl_path = private/dovecot-auth
543. virtual_transport = dovecot
544. dovecot_destination_recipient_limit = 1
545.  
546. #
547. # mlmmj - mailing list manager
548. #
549. mlmmj_destination_recipient_limit = 1
550.  
551. #
552. # Amavisd + SpamAssassin + ClamAV
553. #
554. content_filter = smtp-amavis:[127.0.0.1]:10024
555.  
556. # Concurrency per recipient limit.
557. smtp-amavis_destination_recipient_limit = 1
558. relayhost =
559. mailbox_size_limit = 0
560. readme_directory = /usr/share/doc/postfix
561. html_directory = /usr/share/doc/postfix/html