# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls=yes #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = {{ inventory_hostname }} alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128{% for network in smtp_allow_relay_from %} {{ network }}{% endfor %} mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all # LDAP directory look-ups for domains, mailboxes and aliases. virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-alias-maps.cf # Delivery of mails via Dovecot LDA for virtual domains. virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # SMTP authentication configured, but disabled by default (for server-to-server # communication). Users should connect via submission port instead to be able to # authenticate. smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = no # TLS configuration. smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem smtpd_tls_key_file = /etc/ssl/private/{{ ansible_fqdn }}_smtp.key smtpd_tls_dh1024_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem smtpd_tls_dh512_param_file = /etc/ssl/private/{{ inventory_hostname }}_smtp.dh.pem smtpd_use_tls=yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_security_level = may # Allow relaying only from trusted networks. Do not relay mails for # domains for which the mail server is not responsible. smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination # Look-up for list of SASL login names that are allowed to send mails # using the passed-in sender address. Allow sending from both original # mailbox name _and_ associated aliases. smtpd_sender_login_maps = ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf, ldap:/etc/postfix/ldap-virtual-alias-maps.cf # Reject delivery of mails for domains for which the local server is # not responsible, as well as any mails coming from addresses in one # of the configured RBL's. smtpd_recipient_restrictions = permit_mynetworks {% for rbl in smtp_rbl %} reject_rbl_client {{ rbl }} {% endfor %} smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl non_smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl # Deliver undeliverable bounces to domain's postmaster. Helps with application # misconfigurations. notify_classes = resource, software, 2bounce # Fall-back to using native lookups (/etc/hosts etc) if DNS lookup fails. Useful # for local overrides of mail servers. smtp_host_lookup = dns, native # Explicitly set maximum allowed mail size that should be accepted. message_size_limit = {{ mail_message_size_limit }} {{ mail_server_smtp_additional_configuration }}