1 # auto-generated by proxmox
3 compatibility_level = 2
4 command_directory = /usr/sbin
5 daemon_directory = /usr/lib/postfix/sbin
6 data_directory = /var/lib/postfix
8 # appending .domain is the MUA's job.
9 append_dot_mydomain = yes
11 smtpd_banner = $myhostname [% pmg.mail.banner %]
14 [% IF pmg.mail.dwarning %]
15 delay_warning_time = [% pmg.mail.dwarning %]h
18 best_mx_transport = local
19 message_size_limit = [% pmg.mail.maxsize %]
20 mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]
22 mydomain = [% dns.domain %]
23 myhostname = [% dns.hostname %].[% dns.domain %]
25 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
27 alias_maps = hash:/etc/aliases
28 alias_database = hash:/etc/aliases
29 mydestination = localhost, $myhostname
30 mynetworks = [% postfix.mynetworks %]
32 relay_domains = hash:/etc/pmg/domains
34 transport_maps = hash:/etc/pmg/transport
36 [% IF pmg.mail.relay %]
37 [% IF pmg.mail.relaynomx %]
38 relay_transport = smtp:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
40 relay_transport = smtp:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
44 [% IF pmg.mail.smarthost %]
45 default_transport = smtp:[% pmg.mail.smarthost %]
48 content_filter=scan:127.0.0.1:10024
52 [% IF pmg.mail.helotests %]
53 smtpd_helo_required = yes
54 smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
56 smtpd_helo_restrictions =
59 postscreen_access_list =
61 cidr:/etc/postfix/postscreen_access
63 [% IF postfix.dnsbl_sites %]
64 postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
67 postscreen_dnsbl_action = enforce
68 postscreen_greet_action = enforce
70 smtpd_sender_restrictions =
72 reject_non_fqdn_sender
73 check_client_access cidr:/etc/postfix/clientaccess
74 check_sender_access regexp:/etc/postfix/senderaccess
75 check_recipient_access regexp:/etc/postfix/rcptaccess
76 [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
77 [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]
79 smtpd_recipient_restrictions =
81 reject_unauth_destination
82 reject_non_fqdn_recipient
83 check_recipient_access regexp:/etc/postfix/rcptaccess
84 [%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
85 [%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
86 [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
87 [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
88 [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
90 [% IF pmg.mail.verifyreceivers %]
91 unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
94 smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
95 smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
96 smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]
99 smtp_tls_security_level = may
100 smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
101 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
102 smtpd_tls_security_level = may
103 smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
104 smtpd_tls_key_file = $smtpd_tls_cert_file
105 [% IF pmg.mail.tlslog %]
106 smtpd_tls_loglevel = 1
107 smtp_tls_loglevel = 1
109 [% IF pmg.mail.tlsheader %]
110 smtpd_tls_received_header = yes
114 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
115 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
118 default_destination_concurrency_limit = 40
119 lmtp_destination_concurrency_limit = 20
120 relay_destination_concurrency_limit = 20
121 smtp_destination_concurrency_limit = 20
122 virtual_destination_concurrency_limit = 20
124 recipient_delimiter = +