Changeset - d8ba2419467c
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 2 months ago 2024-02-29 18:24:41
branko@majic.rs
MAR-192: Reformatted mail_forwader Postfix configuration file:

- Improve commenting, and align it with the mail_server role
configuration file in terms of layout.
- Set the compatibility level.
1 file changed with 71 insertions and 49 deletions:
roles/mail_forwarder/templates/main.cf.j2
71
49
0 comments (0 inline, 0 general)
roles/mail_forwarder/templates/main.cf.j2
Show inline comments
 
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
# See /usr/share/postfix/main.cf.dist for a commented, more complete
 
# version.
 

			




	
	
	
		
 

			




	
	
	
		
 
# General settings

			




	
	
	
		
 
# ================

			




	
	
	
		
 

			




	
	
	
		
 
# Internet hostname of this mail system.

			




	
	
	
		
 
myhostname = {{ inventory_hostname }}

			




	
	
	
		
 

			




	
	
	
		
 
# Under Debian, when a file name is specified, the first line of the

			




	
	
	
		
 
# file be used as the SMTP server's name.

			




	
	
	
		
 
# file be used as the SMTP server name.

			




	
	
	
		
 
myorigin = /etc/mailname

			




	
	
	
		
 

			




	
	
	
		
 
# Text shown to connecting clients as part of SMTP greeting.

			




	
	
	
		
 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

			




	
	
	
		
 

			




	
	
	
		
 
# Disable the use of local biff service for new mail notifications to

			




	
	
	
		
 
# local users.

			




	
	
	
		
 
biff = no

			




	
	
	
		
 
# Listen on all network interfaces and all protocols.

			




	
	
	
		
 
inet_interfaces = all

			




	
	
	
		
 
inet_protocols = all

			




	
	
	
		
 

			




	
	
	
		
 
# Fall-back to using native lookups (/etc/hosts etc) if DNS lookup

			




	
	
	
		
 
# fails. Useful for local overrides of mail servers.

			




	
	
	
		
 
smtp_host_lookup = dns, native

			




	
	
	
		
 

			




	
	
	
		
 
# Do not append server's domain to locally sent mail. This is up to

			




	
	
	
		
 
# sending MUAs to take care of.

			




	
	
	
		
 
append_dot_mydomain = no

			




	
	
	
		
 

			




	
	
	
		
 
# Disable output of Postfix README file paths when invoking postconf.

			




	
	
	
		
 
readme_directory = no

			




	
	
	
		
 

			




	
	
	
		
 
# Enable opportunistic TLS. Announce to connecting clients it is

			




	
	
	
		
 
# enabled, but do not enforce it.

			




	
	
	
		
 
smtpd_use_tls=yes

			




	
	
	
		
 
# Recipient delimeter for separating user name from its extension.

			




	
	
	
		
 
recipient_delimiter = +

			




	
	
	
		
 

			




	
	
	
		
 
# Use locally-issued self-signed certificates for TLS.

			




	
	
	
		
 
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

			




	
	
	
		
 
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

			




	
	
	
		
 
# Explicitly set maximum allowed mail size that should be accepted.

			




	
	
	
		
 
message_size_limit = {{ mail_message_size_limit }}

			




	
	
	
		
 

			




	
	
	
		
 
# Use custom, generated DH parameters for increased security.

			




	
	
	
		
 
smtpd_tls_dh1024_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem

			




	
	
	
		
 
smtpd_tls_dh512_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem

			




	
	
	
		
 
# Disable output of Postfix README file paths when invoking postconf.

			




	
	
	
		
 
readme_directory = no

			




	
	
	
		
 

			




	
	
	
		
 
# Enable TLS session cache database for SMTP client. Helps with

			




	
	
	
		
 
# performance and bandwidth usage.

			




	
	
	
		
 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

			




	
	
	
		
 
# Compatibility level for default values. For more details, see:

			




	
	
	
		
 
#     https://www.postfix.org/COMPATIBILITY_README.html

			




	
	
	
		
 
compatibility_level = 2

			




	
	
	
		
 

			




	
	
	
		
 
{% if smtp_relay_host %}

			




	
	
	
		
 
# Force full TLS certificate validation for SMTP client when it

			




	
	
	
		
 
# connect to relay host.

			




	
	
	
		
 
smtp_tls_security_level=verify

			




	
	
	
		
 
smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem

			




	
	
	
		
 
{% endif %}

			




	
	
	
		
 

			




	
	
	
		
 
# Static relay host to use for outgoing mails from this server.

			




	
	
	
		
 
relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}

			




	
	
	
		
 
# Local mailbox delivery

			




	
	
	
		
 
# ======================

			




	
	
	
		
 

			




	
	
	
		
 
# Internet hostname of this mail system.

			




	
	
	
		
 
myhostname = {{ inventory_hostname }}

			




	
	
	
		
 
# List of domains for local transport deliveries.

			




	
	
	
		
 
mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost

			




	
	
	
		
 

			




	
	
	
		
 
# Alias maps for local deliveries (to system accounts).

			




	
	
	
		
 
alias_maps = hash:/etc/aliases

			




	
	
		
 
@@ -53,32 +53,54 @@ alias_maps = hash:/etc/aliases

			




	
	
	
		
 
# Alias database that gets updated when invoking "newaliases" command.

			




	
	
	
		
 
alias_database = hash:/etc/aliases

			




	
	
	
		
 

			




	
	
	
		
 
# List of domains for local transport deliveries.

			




	
	
	
		
 
mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost

			




	
	
	
		
 
# Disable size limits for local user mailboxes.

			




	
	
	
		
 
mailbox_size_limit = 0

			




	
	
	
		
 

			




	
	
	
		
 
# List of trusted networks allowed to relay mail through this system.x

			




	
	
	
		
 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

			




	
	
	
		
 
# Disable use of biff service for new mail notifications to local

			




	
	
	
		
 
# users (improves performance).

			




	
	
	
		
 
biff = no

			




	
	
	
		
 

			




	
	
	
		
 
# External command for local mail deliveries.

			




	
	
	
		
 
mailbox_command = procmail -a "$EXTENSION"

			




	
	
	
		
 

			




	
	
	
		
 
# Disable size limits for local user mailboxes.

			




	
	
	
		
 
mailbox_size_limit = 0

			




	
	
	
		
 

			




	
	
	
		
 
# Recipient delimeter for separating user name from its extension.

			




	
	
	
		
 
recipient_delimiter = +

			




	
	
	
		
 
# Remote mailbox delivery

			




	
	
	
		
 
# =======================

			




	
	
	
		
 

			




	
	
	
		
 
# Listen on all network interfaces and all protocols.

			




	
	
	
		
 
inet_interfaces = all

			




	
	
	
		
 
inet_protocols = all

			




	
	
	
		
 

			




	
	
	
		
 
# Fall-back to using native lookups (/etc/hosts etc) if DNS lookup

			




	
	
	
		
 
# fails. Useful for local overrides of mail servers.

			




	
	
	
		
 
smtp_host_lookup = dns, native

			




	
	
	
		
 

			




	
	
	
		
 
# Explicitly set maximum allowed mail size that should be accepted.

			




	
	
	
		
 
message_size_limit = {{ mail_message_size_limit }}

			




	
	
	
		
 
# List of trusted networks allowed to relay mail through this system.

			




	
	
	
		
 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

			




	
	
	
		
 

			




	
	
	
		
 
# Allow relaying only from trusted networks. Do not relay mails for

			




	
	
	
		
 
# domains for which the mail server is not responsible.

			




	
	
	
		
 
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination

			




	
	
	
		
 
smtpd_relay_restrictions = permit_mynetworks

			




	
	
	
		
 
  reject_unauth_destination

			




	
	
	
		
 

			




	
	
	
		
 
# Static relay host to use for outgoing mails from this server.

			




	
	
	
		
 
relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
# TLS configuration

			




	
	
	
		
 
# =================

			




	
	
	
		
 

			




	
	
	
		
 
# Allow connecting SMTP clients to use TLS when connecting to the

			




	
	
	
		
 
# host, but do not enforce it.

			




	
	
	
		
 
smtpd_tls_security_level = may

			




	
	
	
		
 

			




	
	
	
		
 
# Use locally-issued self-signed certificates for TLS.

			




	
	
	
		
 
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

			




	
	
	
		
 
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

			




	
	
	
		
 

			




	
	
	
		
 
# Use custom, generated DH parameters for increased security.

			




	
	
	
		
 
smtpd_tls_dh1024_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem

			




	
	
	
		
 
smtpd_tls_dh512_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem

			




	
	
	
		
 

			




	
	
	
		
 
{% if smtp_relay_host %}

			




	
	
	
		
 
# Force TLS certificate validation when connecting to relay host using

			




	
	
	
		
 
# the dedicated CA certificate truststore.

			




	
	
	
		
 
smtp_tls_security_level=verify

			




	
	
	
		
 
smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem

			




	
	
	
		
 
{% endif %}

			




	
	
	
		
 

			




	
	
	
		
 
# Enable TLS session cache database for SMTP client. Helps with

			




	
	
	
		
 
# performance and bandwidth usage.

			




	
	
	
		
 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.