# postfix config file# uncomment for debugging if neededsoft_bounce=yes

1. # postfix config file
2.  
3. # uncomment for debugging if needed
4. soft_bounce=yes
5.  
6. # postfix main
7. mail_owner = postfix
8. setgid_group = postdrop
9. delay_warning_time = 4
10.  
11. # postfix paths
12. html_directory = no
13. command_directory = /usr/sbin
14. daemon_directory = /usr/lib/postfix
15. queue_directory = /var/spool/postfix
16. sendmail_path = /usr/sbin/sendmail.postfix
17. newaliases_path = /usr/bin/newaliases.postfix
18. mailq_path = /usr/bin/mailq.postfix
19. manpage_directory = /usr/share/man
20. sample_directory = /usr/share/doc/postfix-2.2.2/samples
21. readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
22.  
23. # network settings
24. inet_interfaces = all
25. mydomain = njoror.squashedfly.eu
26. myhostname = njoror.squashedfly.eu
27. mynetworks = 127.0.0.1, 213.138.113.144
28. mydestination = localhost.$mydomain, localhost
29. relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf
30.  
31. # mail delivery
32. recipient_delimiter = +
33.  
34. # mappings
35. alias_maps = hash:/etc/aliases
36. alias_database = hash:/etc/aliases
37. #transport_maps = hash:/etc/postfix/transport
38. #local_recipient_maps =
39.  
40. # virtual setup
41. virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
42. regexp:/etc/sentora/configs/postfix/virtual_regexp
43. virtual_mailbox_base = /var/sentora/vmail
44. virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
45. virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
46. virtual_minimum_uid = 999
47. virtual_uid_maps = static:999
48. virtual_gid_maps = static:8
49. virtual_transport = dovecot
50. dovecot_destination_recipient_limit = 1
51.  
52. # debugging
53. debug_peer_level = 2
54. debugger_command =
55. PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
56. xxgdb $daemon_directory/$process_name $process_id & sleep 5
57.  
58. # authentication
59. smtpd_sasl_auth_enable = yes
60. smtpd_sasl_security_options = noanonymous
61. smtpd_sasl_local_domain = $myhostname
62. broken_sasl_auth_clients = yes
63. smtpd_sasl_type = dovecot
64. smtpd_sasl_path = private/auth
65.  
66. # tls config
67. # smtp_use_tls = no
68. # smtpd_use_tls = no
69. #smtp_tls_note_starttls_offer = yes
70. #smtpd_tls_loglevel = 1
71. #smtpd_tls_received_header = yes
72. #smtpd_tls_session_cache_timeout = 3600s
73. #tls_random_source = dev:/dev/urandom
74. #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
75. # Change mail.example.com.* to your host name
76. #smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
77. #smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
78. # smtpd_tls_CAfile = /etc/pki/tls/root.crt
79.  
80. # rules restrictions
81. smtpd_client_restrictions =
82. smtpd_helo_restrictions = permit_mynetworks,
83. reject_invalid_hostname,
84. permit
85. smtpd_sender_restrictions = permit_sasl_authenticated,
86. permit_mynetworks,
87. reject_unknown_sender_domain,
88. permit
89. smtpd_recipient_restrictions = permit_sasl_authenticated,
90. permit_mynetworks,
91. permit_inet_interfaces,
92. reject_unauth_destination,
93. reject_non_fqdn_sender,
94. reject_non_fqdn_recipient,
95. reject_non_fqdn_hostname,
96. permit_sasl_authenticated,
97. reject_unknown_recipient_domain,
98. reject_unauth_destination,
99. reject_invalid_hostname
100. # uncomment for realtime black list checks. (Warn: will also reject false positive)
101. ,reject_rbl_client zen.spamhaus.org
102. ,reject_rbl_client bl.spamcop.net
103. ,reject_rbl_client dnsbl.sorbs.net
104. #,check_policy_service inet:127.0.0.1:10023
105.  
106. smtpd_helo_required = yes
107. unknown_local_recipient_reject_code = 550
108. disable_vrfy_command = yes
109. smtpd_data_restrictions = reject_unauth_pipelining
110. smtpd_banner = $myhostname ESMTP
111.  
112. message_size_limit = 20480000
113.  
114.  
115. # Things Philip Changed for SSL
116.  
117. # Raise log level as default doesn't give much information
118. smtpd_tls_loglevel = 1
119.  
120. # path to the certificate file, should be root:root and 0444
121. smtpd_tls_cert_file=/etc/letsencrypt/live/njoror.squashedfly.eu/fullchain.pem
122.  
123. # path to the private key file, should be root:root and 0400
124. smtpd_tls_key_file=/etc/letsencrypt/live/njoror.squashedfly.eu/privkey.pem
125.  
126. # Allow use of TLS but make it optional
127. smtpd_use_tls=yes
128.  
129. # Cache sessions for speed improvement
130. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
131. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
132.  
133. # Disable SSLv2/3 as they are vulnerable
134. smtpd_tls_protocols = !SSLv2, !SSLv3
135.  
136. # Insist on stronger ciphers
137. smtpd_tls_ciphers = high
138.  
139. # SASL parameters
140. # Don't forget permit_sasl_authenticated in smtpd_relay_restrictions
141. smtpd_sasl_type = dovecot
142. smtpd_sasl_path = private/auth
143. smtpd_sasl_auth_enable = yes