[pmg-api.git] / src / templates / main.cf.in

# auto-generated by proxmox

compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner = $myhostname [% pmg.mail.banner %]
biff = no

[% IF pmg.mail.dwarning %]
delay_warning_time = [% pmg.mail.dwarning %]h
[% END %]

best_mx_transport = local
message_size_limit = [% pmg.mail.maxsize %]
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]

mydomain = [% dns.domain %]
myhostname = [% dns.hostname %].[% dns.domain %]

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = [% postfix.mynetworks %]

relay_domains = hash:/etc/pmg/domains

transport_maps = hash:/etc/pmg/transport

[% IF pmg.mail.relay %]
[% IF pmg.mail.relayprotocol == 'lmtp' %]
relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% ELSE %]
[% IF pmg.mail.relaynomx %]
relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
[% ELSE %]
relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% END %]
[% END %]
[% END %]

[% IF pmg.mail.smarthost %]
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
[% END %]

[% IF pmg.mail.before_queue_filtering -%]
smtpd_proxy_timeout = [% pmg.mail.item('filter-timeout') %]s
[% ELSE %]
content_filter=scan:127.0.0.1:10024
lmtp_data_done_timeout = [% pmg.mail.item('filter-timeout') %]s
[%- END %]

mail_name = Proxmox

[% IF pmg.mail.helotests %]
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
[% ELSE %]
smtpd_helo_restrictions =
[% END %]

postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access

[% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]

postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_sender_access     regexp:/etc/postfix/senderaccess
        check_sender_access     hash:/etc/pmg/tls_inbound_domains
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]

[% IF pmg.mail.verifyreceivers %]
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
[% END %]

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions =
        $mynetworks,
        cidr:/etc/postfix/clientaccess

smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]

[% IF pmg.mail.tls %]
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

lmtp_tls_security_level = $smtp_tls_security_level
lmtp_tls_policy_maps = $smtp_tls_policy_maps
lmtp_tls_CAfile = $smtp_tls_CAfile
[% IF pmg.mail.tlslog %]
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
lmtp_tls_loglevel = $smtp_tls_loglevel
[% END %]
[% IF pmg.mail.tlsheader %]
smtpd_tls_received_header = yes
[% END %]
[% END %]

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache

[% IF pmg.mail.hide_received %]
unverified_recipient_reject_reason = Recipient address lookup failed
[% END %]

[% IF ! pmg.mail.smtputf8 %]
smtputf8_enable = no
[% END %]


default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20

recipient_delimiter = +
Commit	Line	Data
f609bf7f DM	1	# auto-generated by proxmox
	2
	3	compatibility_level = 2
	4	command_directory = /usr/sbin
	5	daemon_directory = /usr/lib/postfix/sbin
	6	data_directory = /var/lib/postfix
	7
	8	# appending .domain is the MUA's job.
	9	append_dot_mydomain = yes
	10
8609f465	11	smtpd_banner = $myhostname [% pmg.mail.banner %]
f609bf7f DM	12	biff = no
	13
	14	[% IF pmg.mail.dwarning %]
	15	delay_warning_time = [% pmg.mail.dwarning %]h
	16	[% END %]
	17
	18	best_mx_transport = local
	19	message_size_limit = [% pmg.mail.maxsize %]
	20	mailbox_size_limit = [% ((pmg.mail.maxsize2 > 51200000) ? pmg.mail.maxsize2 : 51200000) %]
	21
	22	mydomain = [% dns.domain %]
	23	myhostname = [% dns.hostname %].[% dns.domain %]
	24
	25	parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
	26
	27	alias_maps = hash:/etc/aliases
	28	alias_database = hash:/etc/aliases
	29	mydestination = localhost, $myhostname
	30	mynetworks = [% postfix.mynetworks %]
	31
8af15c8e	32	relay_domains = hash:/etc/pmg/domains
f609bf7f	33
cd533938	34	transport_maps = hash:/etc/pmg/transport
f609bf7f DM	35
f609bf7f DM	36	[% IF pmg.mail.relay %]
10d97956 JZ	37	[% IF pmg.mail.relayprotocol == 'lmtp' %]
	38	relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
	39	[% ELSE %]
f609bf7f	40	[% IF pmg.mail.relaynomx %]
10d97956	41	relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
f609bf7f	42	[% ELSE %]
10d97956 JZ	43	relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
10d97956 JZ	44	[% END %]
f609bf7f DM	45	[% END %]
	46	[% END %]
	47
	48	[% IF pmg.mail.smarthost %]
68b96293	49	default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
f609bf7f DM	50	[% END %]
f609bf7f DM	51
97baee70	52	[% IF pmg.mail.before_queue_filtering -%]
479028df	53	smtpd_proxy_timeout = [% pmg.mail.item('filter-timeout') %]s
97baee70	54	[% ELSE %]
f609bf7f	55	content_filter=scan:127.0.0.1:10024
479028df	56	lmtp_data_done_timeout = [% pmg.mail.item('filter-timeout') %]s
01f83cda	57	[%- END %]
f609bf7f DM	58
	59	mail_name = Proxmox
	60
	61	[% IF pmg.mail.helotests %]
	62	smtpd_helo_required = yes
	63	smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
	64	[% ELSE %]
	65	smtpd_helo_restrictions =
	66	[% END %]
	67
	68	postscreen_access_list =
8609f465 WB	69	permit_mynetworks,
8609f465 WB	70	cidr:/etc/postfix/postscreen_access
f609bf7f	71
20125a71 DM	72	[% IF postfix.dnsbl_sites %]
20125a71 DM	73	postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
11247512	74	postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
f609bf7f DM	75	[% END %]
	76
	77	postscreen_dnsbl_action = enforce
	78	postscreen_greet_action = enforce
f609bf7f	79
8609f465	80	smtpd_sender_restrictions =
f609bf7f	81	permit_mynetworks
8609f465 WB	82	reject_non_fqdn_sender
	83	check_client_access cidr:/etc/postfix/clientaccess
	84	check_sender_access regexp:/etc/postfix/senderaccess
fbb8db63	85	check_sender_access hash:/etc/pmg/tls_inbound_domains
8609f465	86	check_recipient_access regexp:/etc/postfix/rcptaccess
f609bf7f DM	87	[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
	88	[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]
	89
8609f465 WB	90	smtpd_recipient_restrictions =
	91	permit_mynetworks
	92	reject_unauth_destination
	93	reject_non_fqdn_recipient
	94	check_recipient_access regexp:/etc/postfix/rcptaccess
f609bf7f DM	95	[%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
	96	[%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
	97	[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
	98	[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
	99	[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
	100
	101	[% IF pmg.mail.verifyreceivers %]
	102	unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
	103	[% END %]
	104
77e44f91 SI	105	smtpd_data_restrictions = reject_unauth_pipelining
77e44f91 SI	106
3ecbbbd0	107	smtpd_forbid_bare_newline = normalize
4f3c6d95 SI	108	smtpd_forbid_bare_newline_exclusions =
	109	$mynetworks,
	110	cidr:/etc/postfix/clientaccess
	111
f609bf7f DM	112	smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
	113	smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
	114	smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]
	115
	116	[% IF pmg.mail.tls %]
	117	smtp_tls_security_level = may
959aaeba	118	smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
f609bf7f DM	119	smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
f609bf7f DM	120	smtpd_tls_security_level = may
3278b571	121	smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
f609bf7f	122	smtpd_tls_key_file = $smtpd_tls_cert_file
c6ac6ed9 SI	123
	124	lmtp_tls_security_level = $smtp_tls_security_level
	125	lmtp_tls_policy_maps = $smtp_tls_policy_maps
	126	lmtp_tls_CAfile = $smtp_tls_CAfile
f609bf7f DM	127	[% IF pmg.mail.tlslog %]
	128	smtpd_tls_loglevel = 1
	129	smtp_tls_loglevel = 1
c6ac6ed9	130	lmtp_tls_loglevel = $smtp_tls_loglevel
f609bf7f DM	131	[% END %]
	132	[% IF pmg.mail.tlsheader %]
	133	smtpd_tls_received_header = yes
	134	[% END %]
	135	[% END %]
	136
	137	smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
	138	smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
c6ac6ed9	139	lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache
f609bf7f	140
a3573ecf DM	141	[% IF pmg.mail.hide_received %]
	142	unverified_recipient_reject_reason = Recipient address lookup failed
	143	[% END %]
	144
ceb383cb SI	145	[% IF ! pmg.mail.smtputf8 %]
	146	smtputf8_enable = no
	147	[% END %]
	148
f609bf7f DM	149
	150	default_destination_concurrency_limit = 40
	151	lmtp_destination_concurrency_limit = 20
	152	relay_destination_concurrency_limit = 20
	153	smtp_destination_concurrency_limit = 20
	154	virtual_destination_concurrency_limit = 20
	155
	156	recipient_delimiter = +