Files
@ befde126d803
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/templates/main.cf.j2
befde126d803
3.4 KiB
text/plain
MAR-218: Updated project requirements for Python virtual environment:
- Switch to using Python 3.11 as the basis.
- Pin Ansible and test framework to latest available/supported
versions.
- Drop the workarounds used for older package versions.
- Group the requirements according to their use within the project.
- Switch to using Python 3.11 as the basis.
- Pin Ansible and test framework to latest available/supported
versions.
- Drop the workarounds used for older package versions.
- Group the requirements according to their use within the project.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | # See /usr/share/postfix/main.cf.dist for a commented, more complete
# version.
# General settings
# ================
# Internet hostname of this mail system.
myhostname = {{ inventory_hostname }}
# Under Debian, when a file name is specified, the first line of the
# file be used as the SMTP server name.
myorigin = /etc/mailname
# Text shown to connecting clients as part of SMTP greeting.
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
# Listen on all network interfaces and all protocols.
inet_interfaces = all
inet_protocols = all
# Fall-back to using native lookups (/etc/hosts etc) if DNS lookup
# fails. Useful for local overrides of mail servers.
smtp_host_lookup = dns, native
# Recipient delimeter for separating user name from its extension.
recipient_delimiter = +
# Explicitly set maximum allowed mail size that should be accepted.
message_size_limit = {{ mail_message_size_limit }}
# Disable output of Postfix README file paths when invoking postconf.
readme_directory = no
# Use whitelist/blacklist instead of allowlist/denylist in log
# entries.
respectful_logging = no
# Compatibility level for default values. For more details, see:
# https://www.postfix.org/COMPATIBILITY_README.html
compatibility_level = 3.6
# Local mailbox delivery
# ======================
# List of domains for local transport deliveries.
mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost
# Alias maps for local deliveries (to system accounts).
alias_maps = hash:/etc/aliases
# Alias database that gets updated when invoking "newaliases" command.
alias_database = hash:/etc/aliases
# Disable size limits for local user mailboxes.
mailbox_size_limit = 0
# Disable use of biff service for new mail notifications to local
# users (improves performance).
biff = no
# External command for local mail deliveries.
mailbox_command = procmail -a "$EXTENSION"
# Remote mailbox delivery
# =======================
# List of trusted networks allowed to relay mail through this system.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# Allow relaying only from trusted networks. Do not relay mails for
# domains for which the mail server is not responsible.
smtpd_relay_restrictions = permit_mynetworks
reject_unauth_destination
# Static relay host to use for outgoing mails from this server.
relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}
# TLS configuration
# =================
# Allow connecting SMTP clients to use TLS when connecting to the
# host, but do not enforce it.
smtpd_tls_security_level = may
# Use locally-issued self-signed certificates for TLS.
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# Use custom, generated DH parameters for increased security.
smtpd_tls_dh1024_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem
smtpd_tls_dh512_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem
{% if smtp_relay_host %}
# Force TLS certificate validation when connecting to relay host using
# the dedicated CA certificate truststore.
smtp_tls_security_level=verify
smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem
{% endif %}
# Enable TLS session cache database for SMTP client. Helps with
# performance and bandwidth usage.
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|