# TLS parameterssmtpd_tls_cert_file = /path/to/my/foldersmtpd_tls_key_file = /

1. # TLS parameters
2. smtpd_tls_cert_file = /path/to/my/folder
3. smtpd_tls_key_file = /path/to/my/folder
4. smtpd_tls_CAfile = /path/to/my/folder
5. smtpd_use_tls=yes
6. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
7. smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
8. smtpd_tls_ciphers = high
9. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
10. smtpd_tls_mandatory_ciphers = high
11. smtpd_tls_auth_only = yes
12.  
13. #######
14. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
15. smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
16. smtp_tls_mandatory_ciphers = high
17. smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
18. smtp_tls_mandatory_ciphers = high
19. smtp_tls_security_level = may
20. smtp_tls_CApath = /path/to/my/folder
21.  
22. #######
23. tls_high_cipherlist = HIGH:!aNULL:!MD5:!ADH:!RC4:!DH
24.  
25. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
26. myhostname = myhostname
27. masquerade_domains = $mydomain
28. alias_maps = hash:/etc/aliases
29. alias_database = hash:/etc/aliases
30. myorigin = /etc/mailname
31. mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
32. relayhost =
33. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
34. mailbox_size_limit = 0
35. recipient_delimiter = +
36. inet_interfaces = all
37. inet_protocols = ipv4
38. home_mailbox = Maildir/
39. mydomain = mydomain.com
40. smtpd_sasl_type = dovecot
41. smtpd_sasl_path = private/auth
42. smtpd_sasl_local_domain =
43. smtpd_sasl_security_options = noanonymous
44. broken_sasl_auth_clients = yes
45. smtpd_sasl_auth_enable = yes
46. smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
47. smtpd_tls_security_level = may
48. smtp_tls_note_starttls_offer = yes
49. smtpd_tls_loglevel = 1
50. smtpd_tls_received_header = yes
51. virtual_alias_domains = $mydomain
52. virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
53. smtpd_helo_required = yes
54. smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unknown_helo_hostname
55. disable_vrfy_command = yes
56. smtpd_delay_reject = yes
57. virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
58. virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
59. virtual_transport = lmtp:unix:private/dovecot-lmtp
60. milter_protocol = 6
61. milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
62. milter_default_action = accept
63. smtpd_milters = inet:127.0.0.1:11332
64. non_smtpd_milters = inet:127.0.0.1:11332
65.  
66. mail_location = maildir:/var/mail/vmail/%d/%n
67. mail_location = mbox:~/mail:INBOX=/var/mail/%u
68. namespace inbox {
69. inbox = yes
70. }
71.  
72. mail_uid = vmail
73. mail_gid = vmail
74. mail_privileged_group = vmail
75.  
76. first_valid_uid = 2222
77. last_valid_uid = 2222
78. mail_plugins = quota
79.  
80. protocol !indexer-worker {
81. }
82.  
83. Aug 20 10:23:21 mx01 postfix/smtpd[19642]: connect from mail-oln040092066066.outbound.protection.outlook.com[40.92.66.66]
84. Aug 20 10:23:21 mx01 postfix/smtpd[19642]: Anonymous TLS connection established from mail-oln040092066066.outbound.protection.outlook.com[40.92.66.66]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
85. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_alias_domains
86. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
87. Aug 20 10:23:21 mx01 postfix/smtpd[19642]: 7302821751: client=mail-oln040092066066.outbound.protection.outlook.com[40.92.66.66]
88. Aug 20 10:23:21 mx01 postfix/cleanup[19649]: 7302821751: message-id=<PR2PR03MB51467D300790BA8A85B1635F93AB0@PR2PR03MB5146.eurprd03.prod.outlook.com>
89. Aug 20 10:23:21 mx01 postfix/qmgr[14704]: 7302821751: from=<email@sender.com>, size=5685, nrcpt=1 (queue active)
90. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_alias_domains
91. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
92. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_alias_domains
93. Aug 20 10:23:21 mx01 postfix/trivial-rewrite[19648]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
94. Aug 20 10:23:21 mx01 postfix/local[19651]: 7302821751: to=<email@sender.com>, relay=local, delay=0.48, delays=0.45/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
95. Aug 20 10:23:21 mx01 postfix/qmgr[14704]: 7302821751: removed
96. Aug 20 10:23:21 mx01 postfix/smtpd[19642]: disconnect from mail-oln040092066066.outbound.protection.outlook.com[40.92.66.66] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7