]> git.proxmox.com Git - pmg-api.git/blob - src/templates/main.cf.in
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add tls options for lmtp to main.cf template
[pmg-api.git] / src / templates / main.cf.in
1 # auto-generated by proxmox
2
3 compatibility_level = 2
4 command_directory = /usr/sbin
5 daemon_directory = /usr/lib/postfix/sbin
6 data_directory = /var/lib/postfix
7
8 # appending .domain is the MUA's job.
9 append_dot_mydomain = yes
10
11 smtpd_banner = $myhostname [% pmg.mail.banner %]
12 biff = no
13
14 [% IF pmg.mail.dwarning %]
15 delay_warning_time = [% pmg.mail.dwarning %]h
16 [% END %]
17
18 best_mx_transport = local
19 message_size_limit = [% pmg.mail.maxsize %]
20 mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]
21
22 mydomain = [% dns.domain %]
23 myhostname = [% dns.hostname %].[% dns.domain %]
24
25 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
26
27 alias_maps = hash:/etc/aliases
28 alias_database = hash:/etc/aliases
29 mydestination = localhost, $myhostname
30 mynetworks = [% postfix.mynetworks %]
31
32 relay_domains = hash:/etc/pmg/domains
33
34 transport_maps = hash:/etc/pmg/transport
35
36 [% IF pmg.mail.relay %]
37 [% IF pmg.mail.relayprotocol == 'lmtp' %]
38 relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
39 [% ELSE %]
40 [% IF pmg.mail.relaynomx %]
41 relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
42 [% ELSE %]
43 relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
44 [% END %]
45 [% END %]
46 [% END %]
47
48 [% IF pmg.mail.smarthost %]
49 default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
50 [% END %]
51
52 [% IF ! pmg.mail.before_queue_filtering -%]
53 content_filter=scan:127.0.0.1:10024
54 [%- END %]
55
56 mail_name = Proxmox
57
58 [% IF pmg.mail.helotests %]
59 smtpd_helo_required = yes
60 smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
61 [% ELSE %]
62 smtpd_helo_restrictions =
63 [% END %]
64
65 postscreen_access_list =
66 permit_mynetworks,
67 cidr:/etc/postfix/postscreen_access
68
69 [% IF postfix.dnsbl_sites %]
70 postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
71 postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
72 [% END %]
73
74 postscreen_dnsbl_action = enforce
75 postscreen_greet_action = enforce
76
77 smtpd_sender_restrictions =
78 permit_mynetworks
79 reject_non_fqdn_sender
80 check_client_access cidr:/etc/postfix/clientaccess
81 check_sender_access regexp:/etc/postfix/senderaccess
82 check_recipient_access regexp:/etc/postfix/rcptaccess
83 [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
84 [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]
85
86 smtpd_recipient_restrictions =
87 permit_mynetworks
88 reject_unauth_destination
89 reject_non_fqdn_recipient
90 check_recipient_access regexp:/etc/postfix/rcptaccess
91 [%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
92 [%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
93 [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
94 [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
95 [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
96
97 [% IF pmg.mail.verifyreceivers %]
98 unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
99 [% END %]
100
101 smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
102 smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
103 smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]
104
105 [% IF pmg.mail.tls %]
106 smtp_tls_security_level = may
107 smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
108 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
109 smtpd_tls_security_level = may
110 smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
111 smtpd_tls_key_file = $smtpd_tls_cert_file
112
113 lmtp_tls_security_level = $smtp_tls_security_level
114 lmtp_tls_policy_maps = $smtp_tls_policy_maps
115 lmtp_tls_CAfile = $smtp_tls_CAfile
116 [% IF pmg.mail.tlslog %]
117 smtpd_tls_loglevel = 1
118 smtp_tls_loglevel = 1
119 lmtp_tls_loglevel = $smtp_tls_loglevel
120 [% END %]
121 [% IF pmg.mail.tlsheader %]
122 smtpd_tls_received_header = yes
123 [% END %]
124 [% END %]
125
126 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
127 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
128 lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache
129
130 [% IF pmg.mail.hide_received %]
131 unverified_recipient_reject_reason = Recipient address lookup failed
132 [% END %]
133
134
135 default_destination_concurrency_limit = 40
136 lmtp_destination_concurrency_limit = 20
137 relay_destination_concurrency_limit = 20
138 smtp_destination_concurrency_limit = 20
139 virtual_destination_concurrency_limit = 20
140
141 recipient_delimiter = +
PMG API