# See /usr/share/postfix/main.cf.dist for a commented, more complete version

1. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
2.  
3.  
4. # Debian specific: Specifying a file name will cause the first
5. # line of that file to be used as the name. The Debian default
6. # is /etc/mailname.
7. #myorigin = /etc/mailname
8.  
9. smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
10. biff = no
11.  
12. # appending .domain is the MUA's job.
13. append_dot_mydomain = no
14.  
15. # Uncomment the next line to generate "delayed mail" warnings
16. #delay_warning_time = 4h
17.  
18. readme_directory = /usr/share/doc/postfix
19.  
20. # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
21. # fresh installs.
22. compatibility_level = 2
23.  
24. # TLS parameters
25. smtpd_tls_cert_file = /etc/postfix/smtpd.cert
26. smtpd_tls_key_file = /etc/postfix/smtpd.key
27. smtpd_use_tls = yes
28. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
29. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
30.  
31. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
32. # information on enabling SSL in the smtp client.
33.  
34. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
35. myhostname = ***.***.me
36. alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
37. alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
38. myorigin = /etc/mailname
39. mydestination = ***.***.me, localhost, localhost.localdomain
40. relayhost =
41. mynetworks = 127.0.0.0/8 [::1]/128
42. mailbox_size_limit = 0
43. recipient_delimiter = +
44. inet_interfaces = all
45. inet_protocols = all
46. html_directory = /usr/share/doc/postfix/html
47. virtual_alias_domains =
48. virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
49. virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
50. virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
51. virtual_mailbox_base = /var/vmail
52. virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
53. virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
54. sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
55. smtpd_sasl_auth_enable = yes
56. broken_sasl_auth_clients = yes
57. smtpd_sasl_authenticated_header = yes
58. smtpd_restriction_classes = greylisting
59. greylisting = check_policy_service inet:127.0.0.1:10023
60. smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
61. smtpd_tls_security_level = may
62. transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
63. relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
64. relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
65. smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
66. proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
67. smtpd_helo_required = yes
68. smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
69. smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
70. smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
71. smtpd_client_message_rate_limit = 100
72. maildrop_destination_concurrency_limit = 1
73. maildrop_destination_recipient_limit = 1
74. virtual_transport = dovecot
75. header_checks = regexp:/etc/postfix/header_checks
76. mime_header_checks = regexp:/etc/postfix/mime_header_checks
77. nested_header_checks = regexp:/etc/postfix/nested_header_checks
78. body_checks = regexp:/etc/postfix/body_checks
79. owner_request_special = no
80. smtp_tls_security_level = may
81. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
82. smtpd_tls_protocols = !SSLv2,!SSLv3
83. smtp_tls_protocols = !SSLv2,!SSLv3
84. smtpd_tls_exclude_ciphers = RC4, aNULL
85. smtp_tls_exclude_ciphers = RC4, aNULL
86. dovecot_destination_recipient_limit = 1
87. smtpd_sasl_type = dovecot
88. smtpd_sasl_path = private/auth
89. #content_filter = amavis:[127.0.0.1]:10024
90. #receive_override_options = no_address_mappings
91. message_size_limit = 0
92.  
93. #
94. # Postfix master process configuration file. For details on the format
95. # of the file, see the master(5) manual page (command: "man 5 master" or
96. # on-line: http://www.postfix.org/master.5.html).
97. #
98. # Do not forget to execute "postfix reload" after editing this file.
99. #
100. # ==========================================================================
101. # service type private unpriv chroot wakeup maxproc command + args
102. # (yes) (yes) (no) (never) (100)
103. # ==========================================================================
104. smtp inet n - y - - smtpd
105. #smtp inet n - y - 1 postscreen
106. #smtpd pass - - y - - smtpd
107. #dnsblog unix - - y - 0 dnsblog
108. tlsproxy unix - - y - 0 tlsproxy
109. submission inet n - - - - smtpd
110. -o syslog_name=postfix/submission
111. -o smtpd_tls_security_level=encrypt
112. -o smtpd_sasl_auth_enable=yes
113. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
114. # -o smtpd_reject_unlisted_recipient=no
115. # -o smtpd_client_restrictions=$mua_client_restrictions
116. # -o smtpd_helo_restrictions=$mua_helo_restrictions
117. # -o smtpd_sender_restrictions=$mua_sender_restrictions
118. # -o smtpd_recipient_restrictions=
119. # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
120. # -o milter_macro_daemon_name=ORIGINATING
121. smtps inet n - - - - smtpd
122. -o syslog_name=postfix/smtps
123. -o smtpd_tls_wrappermode=yes
124. -o smtpd_sasl_auth_enable=yes
125.  
126. -o smtpd_client_restrictions=permit_sasl_authenticated,reject
127. # -o smtpd_reject_unlisted_recipient=no
128. # -o smtpd_client_restrictions=$mua_client_restrictions
129. # -o smtpd_helo_restrictions=$mua_helo_restrictions
130. # -o smtpd_sender_restrictions=$mua_sender_restrictions
131. # -o smtpd_recipient_restrictions=
132. # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
133. # -o milter_macro_daemon_name=ORIGINATING
134. #628 inet n - y - - qmqpd
135. pickup unix n - y 60 1 pickup
136. cleanup unix n - y - 0 cleanup
137. -o header_checks=pcre:/etc/postfix/header_checks
138. qmgr unix n - n 300 1 qmgr
139. #qmgr unix n - n 300 1 oqmgr
140. tlsmgr unix - - y 1000? 1 tlsmgr
141. rewrite unix - - y - - trivial-rewrite
142. bounce unix - - y - 0 bounce
143. defer unix - - y - 0 bounce
144. trace unix - - y - 0 bounce
145. verify unix - - y - 1 verify
146. flush unix n - y 1000? 0 flush
147. proxymap unix - - n - - proxymap
148. proxywrite unix - - n - 1 proxymap
149. smtp unix - - y - - smtp
150. relay unix - - y - - smtp
151. # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
152. showq unix n - y - - showq
153. error unix - - y - - error
154. retry unix - - y - - error
155. discard unix - - y - - discard
156. local unix - n n - - local
157. virtual unix - n n - - virtual
158. lmtp unix - - y - - lmtp
159. anvil unix - - y - 1 anvil
160. scache unix - - y - 1 scache
161. #
162. # ====================================================================
163. # Interfaces to non-Postfix software. Be sure to examine the manual
164. # pages of the non-Postfix software to find out what options it wants.
165. #
166. # Many of the following services use the Postfix pipe(8) delivery
167. # agent. See the pipe(8) man page for information about ${recipient}
168. # and other message envelope options.
169. # ====================================================================
170. #
171. # maildrop. See the Postfix MAILDROP_README file for details.
172. # Also specify in main.cf: maildrop_destination_recipient_limit=1
173. #
174. maildrop unix - n n - - pipe
175. flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
176. #
177. # ====================================================================
178. #
179. # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
180. #
181. # Specify in cyrus.conf:
182. # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
183. #
184. # Specify in main.cf one or more of the following:
185. # mailbox_transport = lmtp:inet:localhost
186. # virtual_transport = lmtp:inet:localhost
187. #
188. # ====================================================================
189. #
190. # Cyrus 2.1.5 (Amos Gouaux)
191. # Also specify in main.cf: cyrus_destination_recipient_limit=1
192. #
193. #cyrus unix - n n - - pipe
194. # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
195. #
196. # ====================================================================
197. # Old example of delivery via Cyrus.
198. #
199. #old-cyrus unix - n n - - pipe
200. # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
201. #
202. # ====================================================================
203. #
204. # See the Postfix UUCP_README file for configuration details.
205. #
206. uucp unix - n n - - pipe
207. flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
208. #
209. # Other external delivery methods.
210. #
211. ifmail unix - n n - - pipe
212. flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
213. bsmtp unix - n n - - pipe
214. flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
215. scalemail-backend unix - n n - 2 pipe
216. flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
217. mailman unix - n n - - pipe
218. flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
219. ${nexthop} ${user}
220.  
221. dovecot unix - n n - - pipe
222. flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
223.  
224. #amavis unix - - - - 2 smtp
225. # -o smtp_data_done_timeout=1200
226. # -o smtp_send_xforward_command=yes
227. # -o smtp_bind_address=
228.  
229. 127.0.0.1:10025 inet n - n - - smtpd
230. -o content_filter=
231. -o local_recipient_maps=
232. -o relay_recipient_maps=
233. -o smtpd_restriction_classes=
234. -o smtpd_client_restrictions=
235. -o smtpd_helo_restrictions=
236. -o smtpd_sender_restrictions=
237. -o smtpd_recipient_restrictions=permit_mynetworks,reject
238. -o mynetworks=127.0.0.0/8
239. -o strict_rfc821_envelopes=yes
240. -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
241. -o smtp_send_xforward_command=yes
242. -o disable_dns_lookups=yes
243.  
244.  
245. 127.0.0.1:10027 inet n - n - - smtpd
246. -o content_filter=
247. -o local_recipient_maps=
248. -o relay_recipient_maps=
249. -o smtpd_restriction_classes=
250. -o smtpd_client_restrictions=
251. -o smtpd_helo_restrictions=
252. -o smtpd_sender_restrictions=
253. -o smtpd_recipient_restrictions=permit_mynetworks,reject
254. -o mynetworks=127.0.0.0/8
255. -o strict_rfc821_envelopes=yes
256. -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
257. -o smtp_send_xforward_command=yes
258. -o milter_default_action=accept
259. -o milter_macro_daemon_name=ORIGINATING
260. -o disable_dns_lookups=yes