[pmg-api.git] / src / templates / main.cf.in

# auto-generated by proxmox

compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner = $myhostname [% pmg.mail.banner %]
biff = no

[% IF pmg.mail.dwarning %]
delay_warning_time = [% pmg.mail.dwarning %]h
[% END %]

best_mx_transport = local
message_size_limit = [% pmg.mail.maxsize %]
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]

mydomain = [% dns.domain %]
myhostname = [% dns.hostname %].[% dns.domain %]

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = [% postfix.mynetworks %]

relay_domains = hash:/etc/pmg/domains

transport_maps = hash:/etc/pmg/transport

[% IF pmg.mail.relay %]
[% IF pmg.mail.relayprotocol == 'lmtp' %]
relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% ELSE %]
[% IF pmg.mail.relaynomx %]
relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
[% ELSE %]
relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% END %]
[% END %]
[% END %]

[% IF pmg.mail.smarthost %]
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
[% END %]

[% IF ! pmg.mail.before_queue_filtering -%]
content_filter=scan:127.0.0.1:10024
[%- END %]

mail_name = Proxmox

[% IF pmg.mail.helotests %]
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
[% ELSE %]
smtpd_helo_restrictions =
[% END %]

postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access

[% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]

postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_sender_access     regexp:/etc/postfix/senderaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]

[% IF pmg.mail.verifyreceivers %]
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
[% END %]

smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]

[% IF pmg.mail.tls %]
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
[% IF pmg.mail.tlslog %]
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
[% END %]
[% IF pmg.mail.tlsheader %]
smtpd_tls_received_header = yes
[% END %]
[% END %]

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache

[% IF pmg.mail.hide_received %]
unverified_recipient_reject_reason = Recipient address lookup failed
[% END %]


default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20

recipient_delimiter = +
Commit	Line	Data
f609bf7f DM	1	# auto-generated by proxmox
	2
	3	compatibility_level = 2
	4	command_directory = /usr/sbin
	5	daemon_directory = /usr/lib/postfix/sbin
	6	data_directory = /var/lib/postfix
	7
	8	# appending .domain is the MUA's job.
	9	append_dot_mydomain = yes
	10
8609f465	11	smtpd_banner = $myhostname [% pmg.mail.banner %]
f609bf7f DM	12	biff = no
	13
	14	[% IF pmg.mail.dwarning %]
	15	delay_warning_time = [% pmg.mail.dwarning %]h
	16	[% END %]
	17
	18	best_mx_transport = local
	19	message_size_limit = [% pmg.mail.maxsize %]
	20	mailbox_size_limit = [% ((pmg.mail.maxsize2 > 51200000) ? pmg.mail.maxsize2 : 51200000) %]
	21
	22	mydomain = [% dns.domain %]
	23	myhostname = [% dns.hostname %].[% dns.domain %]
	24
	25	parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
	26
	27	alias_maps = hash:/etc/aliases
	28	alias_database = hash:/etc/aliases
	29	mydestination = localhost, $myhostname
	30	mynetworks = [% postfix.mynetworks %]
	31
8af15c8e	32	relay_domains = hash:/etc/pmg/domains
f609bf7f	33
cd533938	34	transport_maps = hash:/etc/pmg/transport
f609bf7f DM	35
f609bf7f DM	36	[% IF pmg.mail.relay %]
10d97956 JZ	37	[% IF pmg.mail.relayprotocol == 'lmtp' %]
	38	relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
	39	[% ELSE %]
f609bf7f	40	[% IF pmg.mail.relaynomx %]
10d97956	41	relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
f609bf7f	42	[% ELSE %]
10d97956 JZ	43	relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
10d97956 JZ	44	[% END %]
f609bf7f DM	45	[% END %]
	46	[% END %]
	47
	48	[% IF pmg.mail.smarthost %]
68b96293	49	default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
f609bf7f DM	50	[% END %]
f609bf7f DM	51
01f83cda	52	[% IF ! pmg.mail.before_queue_filtering -%]
f609bf7f	53	content_filter=scan:127.0.0.1:10024
01f83cda	54	[%- END %]
f609bf7f DM	55
	56	mail_name = Proxmox
	57
	58	[% IF pmg.mail.helotests %]
	59	smtpd_helo_required = yes
	60	smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
	61	[% ELSE %]
	62	smtpd_helo_restrictions =
	63	[% END %]
	64
	65	postscreen_access_list =
8609f465 WB	66	permit_mynetworks,
8609f465 WB	67	cidr:/etc/postfix/postscreen_access
f609bf7f	68
20125a71 DM	69	[% IF postfix.dnsbl_sites %]
20125a71 DM	70	postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
11247512	71	postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
f609bf7f DM	72	[% END %]
	73
	74	postscreen_dnsbl_action = enforce
	75	postscreen_greet_action = enforce
f609bf7f	76
8609f465	77	smtpd_sender_restrictions =
f609bf7f	78	permit_mynetworks
8609f465 WB	79	reject_non_fqdn_sender
	80	check_client_access cidr:/etc/postfix/clientaccess
	81	check_sender_access regexp:/etc/postfix/senderaccess
	82	check_recipient_access regexp:/etc/postfix/rcptaccess
f609bf7f DM	83	[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
	84	[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]
	85
8609f465 WB	86	smtpd_recipient_restrictions =
	87	permit_mynetworks
	88	reject_unauth_destination
	89	reject_non_fqdn_recipient
	90	check_recipient_access regexp:/etc/postfix/rcptaccess
f609bf7f DM	91	[%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
	92	[%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
	93	[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
	94	[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
	95	[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
	96
	97	[% IF pmg.mail.verifyreceivers %]
	98	unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
	99	[% END %]
	100
	101	smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
	102	smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
	103	smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]
	104
	105	[% IF pmg.mail.tls %]
	106	smtp_tls_security_level = may
959aaeba	107	smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
f609bf7f DM	108	smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
f609bf7f DM	109	smtpd_tls_security_level = may
3278b571	110	smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
f609bf7f DM	111	smtpd_tls_key_file = $smtpd_tls_cert_file
	112	[% IF pmg.mail.tlslog %]
	113	smtpd_tls_loglevel = 1
	114	smtp_tls_loglevel = 1
	115	[% END %]
	116	[% IF pmg.mail.tlsheader %]
	117	smtpd_tls_received_header = yes
	118	[% END %]
	119	[% END %]
	120
	121	smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
	122	smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
	123
a3573ecf DM	124	[% IF pmg.mail.hide_received %]
	125	unverified_recipient_reject_reason = Recipient address lookup failed
	126	[% END %]
	127
f609bf7f DM	128
	129	default_destination_concurrency_limit = 40
	130	lmtp_destination_concurrency_limit = 20
	131	relay_destination_concurrency_limit = 20
	132	smtp_destination_concurrency_limit = 20
	133	virtual_destination_concurrency_limit = 20
	134
	135	recipient_delimiter = +