]>
Commit | Line | Data |
---|---|---|
f609bf7f DM |
1 | # auto-generated by proxmox |
2 | ||
3 | compatibility_level = 2 | |
4 | command_directory = /usr/sbin | |
5 | daemon_directory = /usr/lib/postfix/sbin | |
6 | data_directory = /var/lib/postfix | |
7 | ||
8 | # appending .domain is the MUA's job. | |
9 | append_dot_mydomain = yes | |
10 | ||
8609f465 | 11 | smtpd_banner = $myhostname [% pmg.mail.banner %] |
f609bf7f DM |
12 | biff = no |
13 | ||
14 | [% IF pmg.mail.dwarning %] | |
15 | delay_warning_time = [% pmg.mail.dwarning %]h | |
16 | [% END %] | |
17 | ||
18 | best_mx_transport = local | |
19 | message_size_limit = [% pmg.mail.maxsize %] | |
20 | mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %] | |
21 | ||
22 | mydomain = [% dns.domain %] | |
23 | myhostname = [% dns.hostname %].[% dns.domain %] | |
24 | ||
25 | parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps | |
26 | ||
27 | alias_maps = hash:/etc/aliases | |
28 | alias_database = hash:/etc/aliases | |
29 | mydestination = localhost, $myhostname | |
30 | mynetworks = [% postfix.mynetworks %] | |
31 | ||
8af15c8e | 32 | relay_domains = hash:/etc/pmg/domains |
f609bf7f | 33 | |
cd533938 | 34 | transport_maps = hash:/etc/pmg/transport |
f609bf7f DM |
35 | |
36 | [% IF pmg.mail.relay %] | |
10d97956 JZ |
37 | [% IF pmg.mail.relayprotocol == 'lmtp' %] |
38 | relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %] | |
39 | [% ELSE %] | |
f609bf7f | 40 | [% IF pmg.mail.relaynomx %] |
10d97956 | 41 | relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %] |
f609bf7f | 42 | [% ELSE %] |
10d97956 JZ |
43 | relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %] |
44 | [% END %] | |
f609bf7f DM |
45 | [% END %] |
46 | [% END %] | |
47 | ||
48 | [% IF pmg.mail.smarthost %] | |
68b96293 | 49 | default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %] |
f609bf7f DM |
50 | [% END %] |
51 | ||
97baee70 | 52 | [% IF pmg.mail.before_queue_filtering -%] |
479028df | 53 | smtpd_proxy_timeout = [% pmg.mail.item('filter-timeout') %]s |
97baee70 | 54 | [% ELSE %] |
f609bf7f | 55 | content_filter=scan:127.0.0.1:10024 |
479028df | 56 | lmtp_data_done_timeout = [% pmg.mail.item('filter-timeout') %]s |
01f83cda | 57 | [%- END %] |
f609bf7f DM |
58 | |
59 | mail_name = Proxmox | |
60 | ||
61 | [% IF pmg.mail.helotests %] | |
62 | smtpd_helo_required = yes | |
63 | smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname | |
64 | [% ELSE %] | |
65 | smtpd_helo_restrictions = | |
66 | [% END %] | |
67 | ||
68 | postscreen_access_list = | |
8609f465 WB |
69 | permit_mynetworks, |
70 | cidr:/etc/postfix/postscreen_access | |
f609bf7f | 71 | |
20125a71 DM |
72 | [% IF postfix.dnsbl_sites %] |
73 | postscreen_dnsbl_sites = [% postfix.dnsbl_sites %] | |
11247512 | 74 | postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %] |
f609bf7f DM |
75 | [% END %] |
76 | ||
77 | postscreen_dnsbl_action = enforce | |
78 | postscreen_greet_action = enforce | |
f609bf7f | 79 | |
8609f465 | 80 | smtpd_sender_restrictions = |
f609bf7f | 81 | permit_mynetworks |
8609f465 WB |
82 | reject_non_fqdn_sender |
83 | check_client_access cidr:/etc/postfix/clientaccess | |
84 | check_sender_access regexp:/etc/postfix/senderaccess | |
fbb8db63 | 85 | check_sender_access hash:/etc/pmg/tls_inbound_domains |
8609f465 | 86 | check_recipient_access regexp:/etc/postfix/rcptaccess |
f609bf7f DM |
87 | [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %] |
88 | [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %] | |
89 | ||
8609f465 WB |
90 | smtpd_recipient_restrictions = |
91 | permit_mynetworks | |
92 | reject_unauth_destination | |
93 | reject_non_fqdn_recipient | |
94 | check_recipient_access regexp:/etc/postfix/rcptaccess | |
f609bf7f DM |
95 | [%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %] |
96 | [%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %] | |
97 | [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %] | |
98 | [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %] | |
99 | [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %] | |
100 | ||
101 | [% IF pmg.mail.verifyreceivers %] | |
102 | unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %] | |
103 | [% END %] | |
104 | ||
77e44f91 SI |
105 | smtpd_data_restrictions = reject_unauth_pipelining |
106 | ||
3ecbbbd0 | 107 | smtpd_forbid_bare_newline = normalize |
4f3c6d95 SI |
108 | smtpd_forbid_bare_newline_exclusions = |
109 | $mynetworks, | |
110 | cidr:/etc/postfix/clientaccess | |
111 | ||
f609bf7f DM |
112 | smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %] |
113 | smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %] | |
114 | smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %] | |
115 | ||
116 | [% IF pmg.mail.tls %] | |
117 | smtp_tls_security_level = may | |
959aaeba | 118 | smtp_tls_policy_maps = hash:/etc/pmg/tls_policy |
f609bf7f DM |
119 | smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt |
120 | smtpd_tls_security_level = may | |
3278b571 | 121 | smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem |
f609bf7f | 122 | smtpd_tls_key_file = $smtpd_tls_cert_file |
c6ac6ed9 SI |
123 | |
124 | lmtp_tls_security_level = $smtp_tls_security_level | |
125 | lmtp_tls_policy_maps = $smtp_tls_policy_maps | |
126 | lmtp_tls_CAfile = $smtp_tls_CAfile | |
f609bf7f DM |
127 | [% IF pmg.mail.tlslog %] |
128 | smtpd_tls_loglevel = 1 | |
129 | smtp_tls_loglevel = 1 | |
c6ac6ed9 | 130 | lmtp_tls_loglevel = $smtp_tls_loglevel |
f609bf7f DM |
131 | [% END %] |
132 | [% IF pmg.mail.tlsheader %] | |
133 | smtpd_tls_received_header = yes | |
134 | [% END %] | |
135 | [% END %] | |
136 | ||
137 | smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache | |
138 | smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache | |
c6ac6ed9 | 139 | lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache |
f609bf7f | 140 | |
a3573ecf DM |
141 | [% IF pmg.mail.hide_received %] |
142 | unverified_recipient_reject_reason = Recipient address lookup failed | |
143 | [% END %] | |
144 | ||
ceb383cb SI |
145 | [% IF ! pmg.mail.smtputf8 %] |
146 | smtputf8_enable = no | |
147 | [% END %] | |
148 | ||
f609bf7f DM |
149 | |
150 | default_destination_concurrency_limit = 40 | |
151 | lmtp_destination_concurrency_limit = 20 | |
152 | relay_destination_concurrency_limit = 20 | |
153 | smtp_destination_concurrency_limit = 20 | |
154 | virtual_destination_concurrency_limit = 20 | |
155 | ||
156 | recipient_delimiter = + |