]>
Commit | Line | Data |
---|---|---|
f609bf7f DM |
1 | # auto-generated by proxmox |
2 | ||
3 | compatibility_level = 2 | |
4 | command_directory = /usr/sbin | |
5 | daemon_directory = /usr/lib/postfix/sbin | |
6 | data_directory = /var/lib/postfix | |
7 | ||
8 | # appending .domain is the MUA's job. | |
9 | append_dot_mydomain = yes | |
10 | ||
8609f465 | 11 | smtpd_banner = $myhostname [% pmg.mail.banner %] |
f609bf7f DM |
12 | biff = no |
13 | ||
14 | [% IF pmg.mail.dwarning %] | |
15 | delay_warning_time = [% pmg.mail.dwarning %]h | |
16 | [% END %] | |
17 | ||
18 | best_mx_transport = local | |
19 | message_size_limit = [% pmg.mail.maxsize %] | |
20 | mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %] | |
21 | ||
22 | mydomain = [% dns.domain %] | |
23 | myhostname = [% dns.hostname %].[% dns.domain %] | |
24 | ||
25 | parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps | |
26 | ||
27 | alias_maps = hash:/etc/aliases | |
28 | alias_database = hash:/etc/aliases | |
29 | mydestination = localhost, $myhostname | |
30 | mynetworks = [% postfix.mynetworks %] | |
31 | ||
8af15c8e | 32 | relay_domains = hash:/etc/pmg/domains |
f609bf7f | 33 | |
cd533938 | 34 | transport_maps = hash:/etc/pmg/transport |
f609bf7f DM |
35 | |
36 | [% IF pmg.mail.relay %] | |
10d97956 JZ |
37 | [% IF pmg.mail.relayprotocol == 'lmtp' %] |
38 | relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %] | |
39 | [% ELSE %] | |
f609bf7f | 40 | [% IF pmg.mail.relaynomx %] |
10d97956 | 41 | relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %] |
f609bf7f | 42 | [% ELSE %] |
10d97956 JZ |
43 | relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %] |
44 | [% END %] | |
f609bf7f DM |
45 | [% END %] |
46 | [% END %] | |
47 | ||
48 | [% IF pmg.mail.smarthost %] | |
68b96293 | 49 | default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %] |
f609bf7f DM |
50 | [% END %] |
51 | ||
01f83cda | 52 | [% IF ! pmg.mail.before_queue_filtering -%] |
f609bf7f | 53 | content_filter=scan:127.0.0.1:10024 |
01f83cda | 54 | [%- END %] |
f609bf7f DM |
55 | |
56 | mail_name = Proxmox | |
57 | ||
58 | [% IF pmg.mail.helotests %] | |
59 | smtpd_helo_required = yes | |
60 | smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname | |
61 | [% ELSE %] | |
62 | smtpd_helo_restrictions = | |
63 | [% END %] | |
64 | ||
65 | postscreen_access_list = | |
8609f465 WB |
66 | permit_mynetworks, |
67 | cidr:/etc/postfix/postscreen_access | |
f609bf7f | 68 | |
20125a71 DM |
69 | [% IF postfix.dnsbl_sites %] |
70 | postscreen_dnsbl_sites = [% postfix.dnsbl_sites %] | |
11247512 | 71 | postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %] |
f609bf7f DM |
72 | [% END %] |
73 | ||
74 | postscreen_dnsbl_action = enforce | |
75 | postscreen_greet_action = enforce | |
f609bf7f | 76 | |
8609f465 | 77 | smtpd_sender_restrictions = |
f609bf7f | 78 | permit_mynetworks |
8609f465 WB |
79 | reject_non_fqdn_sender |
80 | check_client_access cidr:/etc/postfix/clientaccess | |
81 | check_sender_access regexp:/etc/postfix/senderaccess | |
82 | check_recipient_access regexp:/etc/postfix/rcptaccess | |
f609bf7f DM |
83 | [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %] |
84 | [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %] | |
85 | ||
8609f465 WB |
86 | smtpd_recipient_restrictions = |
87 | permit_mynetworks | |
88 | reject_unauth_destination | |
89 | reject_non_fqdn_recipient | |
90 | check_recipient_access regexp:/etc/postfix/rcptaccess | |
f609bf7f DM |
91 | [%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %] |
92 | [%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %] | |
93 | [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %] | |
94 | [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %] | |
95 | [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %] | |
96 | ||
97 | [% IF pmg.mail.verifyreceivers %] | |
98 | unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %] | |
99 | [% END %] | |
100 | ||
101 | smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %] | |
102 | smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %] | |
103 | smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %] | |
104 | ||
105 | [% IF pmg.mail.tls %] | |
106 | smtp_tls_security_level = may | |
959aaeba | 107 | smtp_tls_policy_maps = hash:/etc/pmg/tls_policy |
f609bf7f DM |
108 | smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt |
109 | smtpd_tls_security_level = may | |
3278b571 | 110 | smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem |
f609bf7f DM |
111 | smtpd_tls_key_file = $smtpd_tls_cert_file |
112 | [% IF pmg.mail.tlslog %] | |
113 | smtpd_tls_loglevel = 1 | |
114 | smtp_tls_loglevel = 1 | |
115 | [% END %] | |
116 | [% IF pmg.mail.tlsheader %] | |
117 | smtpd_tls_received_header = yes | |
118 | [% END %] | |
119 | [% END %] | |
120 | ||
121 | smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache | |
122 | smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache | |
123 | ||
a3573ecf DM |
124 | [% IF pmg.mail.hide_received %] |
125 | unverified_recipient_reject_reason = Recipient address lookup failed | |
126 | [% END %] | |
127 | ||
f609bf7f DM |
128 | |
129 | default_destination_concurrency_limit = 40 | |
130 | lmtp_destination_concurrency_limit = 20 | |
131 | relay_destination_concurrency_limit = 20 | |
132 | smtp_destination_concurrency_limit = 20 | |
133 | virtual_destination_concurrency_limit = 20 | |
134 | ||
135 | recipient_delimiter = + |