# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = /etc/mailname ### Gerneral settings #smtpd_banner = ESMTP $mail_name (Ubuntu) # Hide the OS giving more security smtpd_banner = ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/my-cert.pem smtpd_tls_key_file=/etc/ssl/private/my-key.key smtpd_tls_CAfile=/etc/ssl/sub.class1.server.ca.pem smtpd_use_tls=yes #smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom tls_random_prng_update_period = 3600s # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. ### System settings myhostname = smtp.meine-maildomain.de alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = hostname.mydomain.de, smtp.mydomain.de, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html ## Outgoing mail settings smtp_bind_address = 190.180.170.61 smtp_helo_name = smtp1.meine-maildomain.de transport_maps = hash:/etc/postfix/transport ## Incoming mail settings smtpd_reject_unlisted_sender = yes smtpd_helo_required = yes message_size_limit = 102400000 ## Auth SASL settings smtpd_sasl_auth_enable = yes smtpd_sasl_type = cyrus smtpd_sasl_path = smtpd broken_sasl_auth_clients = yes smtp_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sender_login_maps = hash:/etc/postfix/sender_logins smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/access_recipient-rfc, reject_invalid_helo_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, #reject_rbl_client zen.spamhaus.org, #reject_rbl_client ix.dnsbl.manitu.net, reject_unauth_destination, permit smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts # For other mail use amavis filtering on port 10024 (skips DKIM signing) check_sender_access regexp:/etc/postfix/tag_as_foreign.re ## Anvil anvil_status_update_time = 1m anvil_rate_time_unit = 10s smtpd_client_event_limit_exceptions = 127.0.0.1 smtpd_client_connection_rate_limit = 5 smtpd_client_connection_count_limit = 15 #smtpd_client_message_rate_limit = 10