Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

155 lines
7.2 KiB

#
# Postfix master process configuration file. Each logical line
# describes how a Postfix daemon program should be run.
#
# A logical line starts with non-whitespace, non-comment text.
# Empty lines and whitespace-only lines are ignored, as are comment
# lines whose first non-whitespace character is a `#'.
# A line that starts with whitespace continues a logical line.
#
# The fields that make up each line are described below. A "-" field
# value requests that a default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next field). With INET transports, a service is specified as
# host:port. The host part (and colon) may be omitted. Either host
# or port may be given in symbolic form or in numeric form. Examples
# for the SMTP server: localhost:smtp receives mail via the loopback
# interface only; 10025 receives mail on port 10025.
#
# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
# sockets, "fifo" for named pipes.
#
# Private: whether or not access is restricted to the mail system.
# Default is private service. Internet (inet) sockets can't be private.
#
# Unprivileged: whether the service runs with root privileges or as
# the owner of the Postfix system (the owner name is controlled by the
# mail_owner configuration variable in the main.cf file). Only the
# pipe, virtual and local delivery daemons require privileges.
#
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
# The proxymap server can run chrooted, but doing so defeats most of
# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time
# field requests that wake up events be sent only to services that
# are actually being used. Specify 0 for no wakeup. Presently, only
# the pickup, queue manager and flush daemons need a wakeup timer.
#
# Max procs: the maximum number of processes that may execute this
# service simultaneously. Default is to use a globally configurable
# limit (the default_process_limit configuration parameter in main.cf).
# Specify 0 for no process count limit.
#
# Command + args: the command to be executed. The command name is
# relative to the Postfix program directory (pathname is controlled by
# the daemon_directory configuration variable). Adding one or more
# -v options turns on verbose logging for that service; adding a -D
# option enables symbolic debugging (see the debugger_command variable
# in the main.cf configuration file). See individual command man pages
# for specific command-line options, if any.
#
# In order to use the "uucp" message transport below, set up entries
# in the transport table.
#
# In order to use the "cyrus" message transport below, configure it
# in main.cf as the mailbox_transport.
#
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
[% IF ! pmg.mail.before_queue_filtering -%]
scan unix - - n - [% pmg.mail.max_filters %] lmtp
-o lmtp_send_xforward_command=yes
-o lmtp_connection_cache_on_demand=no
-o disable_dns_lookups=yes
[% END -%]
[% pmg.mail.int_port %] inet n - - - [% pmg.mail.max_smtpd_out %] smtpd
[% IF pmg.mail.before_queue_filtering -%]
-o smtpd_proxy_filter=127.0.0.1:10023
-o smtpd_proxy_options=speed_adjust
-o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
[%- ELSE -%]
-o content_filter=scan:127.0.0.1:10023
[%- END %]
-o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_milters={{ pmg_smtpd_milters_int | join(',') }}
[% pmg.mail.ext_port %] inet n - - - 1 postscreen
smtpd pass - - - - [% pmg.mail.max_smtpd_in %] smtpd
[% IF pmg.mail.before_queue_filtering -%]
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_proxy_options=speed_adjust
-o smtpd_client_connection_count_limit=[% pmg.mail.conn_count_limit div 5 %]
[%- ELSE -%]
-o content_filter=scan:127.0.0.1:10024
[%- END %]
-o receive_override_options=no_address_mappings
-o smtpd_discard_ehlo_keywords=silent-discard,dsn
-o mynetworks=127.0.0.0/8,[% postfix.int_ip %]
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_tls_security_level=none
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o message_size_limit=[% (pmg.mail.maxsize*2) %]
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
-o message_size_limit=[% (pmg.mail.maxsize*2) %]
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
verify unix - - - - 1 verify
trace unix - - n - 0 bounce
tlsmgr unix - - - 1000? 1 tlsmgr
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
discard unix - - - - - discard
retry unix - - - - - error
dnsblog unix - - - - 0 dnsblog
tlsproxy unix - - - - 0 tlsproxy