Project

General

Profile

Statistics
| Branch: | Revision:

duckcorp-infra / ansible / roles / dc-postfix / templates / mx2 / main.cf @ 9ab70ad9

History | View | Annotate | Download (4.14 KB)

1
# {{ ansible_managed }}
2

    
3
compatibility_level = 2
4

    
5
## Network options
6
inet_protocols = all
7
inet_interfaces = all
8
myhostname = {{ mail.mx.dns_name }}
9
mydomain = duckcorp.org
10
smtpd_banner = $myhostname ESMTP (No UCE, No Viruses)
11
myorigin = /etc/mailname
12
mynetworks =
13
	127.0.0.0/8
14
	[::1/128]
15
	193.17.192.249
16
	193.200.43.160/27
17
	[2001:67c:1740:a000::]/64
18
	[2001:2c0:cc1e:e700::]/64
19
	193.200.42.177
20
	213.215.11.164
21
	[2001:7a8:1:267::3]
22
	193.200.42.176/28
23
	[2001:67c:1740:9001::]/64
24
	193.200.43.105
25
	[2001:67c:1740:9016::c111:c0d3]
26
	124.41.91.213
27
mydestination =
28
fast_flush_domains = $mydomain
29
relay_domains = ldap:$config_directory/ldap_relay_domains.cf
30

    
31
# Duck: disabled, affects sending to ML and also using a ML address in From (like dc-admins@lists.dc.o)
32
## Masquerading
33
#masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
34
#masquerade_domains = $mydomain
35
#masquerade_exceptions =
36

    
37
## Maps
38
# (alias_maps needed to stop postfix from loading NIS support)
39
alias_maps = hash:/etc/aliases
40

    
41
## Address rewriting
42
canonical_maps = hash:$config_directory/canonical
43
local_header_rewrite_clients = permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated
44

    
45
## Transports
46
transport_maps =
47
	hash:$config_directory/transport
48

    
49
{% include "includes/tls.conf" %}
50

    
51
## Security options
52
authorized_flush_users = /etc/postfix/admin_users
53
authorized_mailq_users = /etc/postfix/admin_users
54
# (you can test any directive by prepending warn_if_reject)
55
# (you can also set "soft_bounce = yes" to to transform permanent rejects into temporary rejects)
56
smtpd_helo_required = yes
57
smtpd_helo_restrictions =
58
	reject_invalid_hostname
59
	permit_mynetworks
60
	check_helo_access hash:$config_directory/helo_overrides
61
	reject_non_fqdn_hostname
62
	reject_unknown_hostname
63
	permit
64
smtpd_client_restrictions =
65
	reject_unauth_pipelining
66
	permit_mynetworks
67
	reject_unknown_client_hostname
68
	permit
69
smtpd_sender_restrictions =
70
	check_sender_access hash:$config_directory/sender_access
71
	permit_sasl_authenticated
72
	reject_unknown_sender_domain
73
	permit_mynetworks
74
	reject_non_fqdn_sender
75
	permit
76
smtpd_recipient_restrictions =
77
	reject_unknown_recipient_domain
78
	permit_mynetworks
79
	permit_sasl_authenticated
80
	reject_non_fqdn_recipient
81
	reject_unauth_destination
82
	reject_unlisted_recipient
83
	permit
84
smtpd_etrn_restrictions =
85
	permit_mynetworks
86
	reject
87
smtpd_data_restrictions =
88
	reject_unauth_pipelining
89
	reject_multi_recipient_bounce
90
smtpd_delay_open_until_valid_rcpt = yes
91
disable_vrfy_command = yes
92
# we should try this
93
#strict_8bitmime = yes
94
strict_rfc821_envelopes = yes
95
# Keep default value for strict_mime_encoding_domain, see issue #493
96
strict_mime_encoding_domain = no
97
biff = no
98
header_checks = pcre:$config_directory/header_checks
99
message_reject_characters = \0
100
smtpd_delay_reject = yes
101
# for TLSA
102
smtp_dns_support_level = dnssec
103
# milters
104
smtpd_milters = unix:/milters/clamav-milter.ctl
105

    
106
## Limits
107
default_process_limit = 50
108
# (necessary for MX2 purpose)
109
# (boost for sceen.net down)
110
maximal_queue_lifetime = 2w
111
mailbox_size_limit = 31457280
112
header_size_limit = 102400
113
message_size_limit = 20971520
114
line_length_limit = 8096
115
smtp_line_length_limit = 990
116
initial_destination_concurrency = 10
117
default_destination_concurrency_limit = 10
118
local_destination_concurrency_limit = 4
119
local_destination_recipient_limit = 1
120
qmqpd_error_delay = 5s
121
qmgr_message_active_limit = 10000
122
qmgr_message_recipient_limit = 10000
123
anvil_rate_time_unit = 60s
124
smtpd_client_connection_rate_limit = 30
125
smtpd_client_message_rate_limit = 100
126
smtpd_client_recipient_rate_limit = 100
127
smtpd_soft_error_limit = 5
128
smtpd_hard_error_limit = 10
129
smtpd_error_sleep_time = 7s
130
smtpd_junk_command_limit = 10
131
smtpd_recipient_limit = 50
132
delay_warning_time = 1h
133
trigger_timeout = 5s
134
max_idle = 30s
135

    
136
## Misc
137
recipient_delimiter = +
138
append_at_myorigin = yes
139
append_dot_mydomain = yes
140
enable_long_queue_ids = yes
141
hash_queue_depth = 2
142
hash_queue_names = incoming,active,deferred,bounce,defer,flush
143

    
144
# TODO: check, added automatically by a package upgrade
145
#       should we use the same as the MX1?
146
smtpd_relay_restrictions = reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unauth_destination reject_unlisted_recipient permit
147