Files
@ d276d914cc27
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/templates/main.cf.j2 - annotation
d276d914cc27
3.4 KiB
text/plain
MAR-218: Updated release notes (just a small rewrite).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c 7ab6518de03b 359b1396b2c0 d8ba2419467c 359b1396b2c0 7ab6518de03b 359b1396b2c0 7ab6518de03b 359b1396b2c0 d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c 7ab6518de03b d8ba2419467c d8ba2419467c 359b1396b2c0 d8ba2419467c d8ba2419467c 359b1396b2c0 d8ba2419467c d8ba2419467c 359b1396b2c0 776dde4d751e 776dde4d751e 776dde4d751e 776dde4d751e d8ba2419467c d8ba2419467c 776dde4d751e 359b1396b2c0 7ab6518de03b d8ba2419467c d8ba2419467c 7ab6518de03b d8ba2419467c d8ba2419467c 359b1396b2c0 359b1396b2c0 7ab6518de03b 359b1396b2c0 359b1396b2c0 7ab6518de03b 359b1396b2c0 d8ba2419467c d8ba2419467c 359b1396b2c0 d8ba2419467c d8ba2419467c d8ba2419467c 359b1396b2c0 359b1396b2c0 7ab6518de03b 359b1396b2c0 359b1396b2c0 d8ba2419467c d8ba2419467c 359b1396b2c0 d8ba2419467c d8ba2419467c 9727c5e3ac7c 9727c5e3ac7c 9727c5e3ac7c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c d8ba2419467c | # See /usr/share/postfix/main.cf.dist for a commented, more complete
# version.
# General settings
# ================
# Internet hostname of this mail system.
myhostname = {{ inventory_hostname }}
# Under Debian, when a file name is specified, the first line of the
# file be used as the SMTP server name.
myorigin = /etc/mailname
# Text shown to connecting clients as part of SMTP greeting.
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
# Listen on all network interfaces and all protocols.
inet_interfaces = all
inet_protocols = all
# Fall-back to using native lookups (/etc/hosts etc) if DNS lookup
# fails. Useful for local overrides of mail servers.
smtp_host_lookup = dns, native
# Recipient delimeter for separating user name from its extension.
recipient_delimiter = +
# Explicitly set maximum allowed mail size that should be accepted.
message_size_limit = {{ mail_message_size_limit }}
# Disable output of Postfix README file paths when invoking postconf.
readme_directory = no
# Use whitelist/blacklist instead of allowlist/denylist in log
# entries.
respectful_logging = no
# Compatibility level for default values. For more details, see:
# https://www.postfix.org/COMPATIBILITY_README.html
compatibility_level = 3.6
# Local mailbox delivery
# ======================
# List of domains for local transport deliveries.
mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost
# Alias maps for local deliveries (to system accounts).
alias_maps = hash:/etc/aliases
# Alias database that gets updated when invoking "newaliases" command.
alias_database = hash:/etc/aliases
# Disable size limits for local user mailboxes.
mailbox_size_limit = 0
# Disable use of biff service for new mail notifications to local
# users (improves performance).
biff = no
# External command for local mail deliveries.
mailbox_command = procmail -a "$EXTENSION"
# Remote mailbox delivery
# =======================
# List of trusted networks allowed to relay mail through this system.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# Allow relaying only from trusted networks. Do not relay mails for
# domains for which the mail server is not responsible.
smtpd_relay_restrictions = permit_mynetworks
reject_unauth_destination
# Static relay host to use for outgoing mails from this server.
relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}
# TLS configuration
# =================
# Allow connecting SMTP clients to use TLS when connecting to the
# host, but do not enforce it.
smtpd_tls_security_level = may
# Use locally-issued self-signed certificates for TLS.
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# Use custom, generated DH parameters for increased security.
smtpd_tls_dh1024_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem
smtpd_tls_dh512_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem
{% if smtp_relay_host %}
# Force TLS certificate validation when connecting to relay host using
# the dedicated CA certificate truststore.
smtp_tls_security_level=verify
smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem
{% endif %}
# Enable TLS session cache database for SMTP client. Helps with
# performance and bandwidth usage.
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|