Project

General

Profile

Statistics
| Branch: | Revision:

duckcorp-infra / ansible / roles / dc-postfix / templates / relay / main.cf @ 9ab70ad9

History | View | Annotate | Download (2.69 KB)

1
# {{ ansible_managed }}
2

    
3
compatibility_level = 2
4

    
5
smtpd_banner = $myhostname ESMTP (No UCE, No Viruses)
6

    
7
# Uncomment the next line to generate delayed mail warnings
8
#delay_warning_time = 4h
9

    
10
myhostname = Elwing.hq.duckcorp.org
11
alias_maps = hash:/etc/aliases
12
alias_database = hash:/etc/aliases
13
myorigin = /etc/mailname
14
mydestination =
15
mynetworks =
16
	127.0.0.0/8
17
	192.168.1.0/24
18
	[2001:2c0:cc1e:e700::]/64
19
mailbox_command =
20

    
21
relayhost = smtp.duckcorp.org
22
relay_domains = hash:$config_directory/relay_domains
23

    
24
## Masquerading
25
masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
26
masquerade_domains = $mydomain
27
masquerade_exceptions =
28

    
29
{% include "includes/tls.conf" %}
30

    
31
## Security options
32
authorized_flush_users = /etc/postfix/admin_users
33
authorized_mailq_users = /etc/postfix/admin_users
34
smtpd_helo_required = yes
35
smtpd_helo_restrictions =
36
        permit_mynetworks
37
        permit_sasl_authenticated
38
        reject_invalid_helo_hostname
39
        check_helo_access hash:$config_directory/helo_overrides
40
        reject_non_fqdn_helo_hostname
41
        reject_unknown_helo_hostname
42
        permit
43
smtpd_etrn_restrictions =
44
        permit_mynetworks
45
        reject
46
smtpd_data_restrictions =
47
        reject_unauth_pipelining
48
        reject_multi_recipient_bounce
49
smtpd_authorized_verp_clients = $mynetworks
50
smtpd_delay_open_until_valid_rcpt = yes
51
disable_vrfy_command = yes
52
# we should try this
53
#strict_8bitmime = yes
54
strict_rfc821_envelopes = yes
55
strict_mime_encoding_domain = yes
56
biff = no
57
#header_checks = pcre:$config_directory/header_checks
58
#body_checks = pcre:$config_directory/body_checks
59
message_reject_characters = \0
60
smtpd_delay_reject = yes
61
# for TLSA
62
smtp_dns_support_level = dnssec
63

    
64
## Limits
65
default_process_limit = 50
66
maximal_queue_lifetime = 1w
67
bounce_queue_lifetime = 1d
68
mailbox_size_limit = 31457280
69
header_size_limit = 102400
70
message_size_limit = 20971520
71
line_length_limit = 8096
72
smtp_line_length_limit = 990
73
initial_destination_concurrency = 10
74
default_destination_concurrency_limit = 10
75
local_destination_concurrency_limit = 4
76
local_destination_recipient_limit = 1
77
qmqpd_error_delay = 5s
78
qmgr_message_active_limit = 10000
79
qmgr_message_recipient_limit = 10000
80
anvil_rate_time_unit = 60s
81
smtpd_client_connection_rate_limit = 30
82
smtpd_client_message_rate_limit = 100
83
smtpd_client_recipient_rate_limit = 100
84
smtpd_soft_error_limit = 5
85
smtpd_hard_error_limit = 10
86
smtpd_error_sleep_time = 7s
87
smtpd_junk_command_limit = 10
88
smtpd_recipient_limit = 30
89
delay_warning_time = 1h
90
trigger_timeout = 5s
91
max_idle = 30s
92

    
93
## Misc
94
recipient_delimiter = +
95
append_at_myorigin = yes
96
append_dot_mydomain = yes
97
enable_long_queue_ids = yes
98
#hash_queue_depth = 2
99
#hash_queue_names = incoming,active,deferred,bounce,defer,flush
100