You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 lines
4.2 KiB
135 lines
4.2 KiB
5 years ago
|
# auto-generated by proxmox
|
||
|
|
|
||
|
|
compatibility_level = 2
|
||
|
|
command_directory = /usr/sbin
|
||
|
|
daemon_directory = /usr/lib/postfix/sbin
|
||
|
|
data_directory = /var/lib/postfix
|
||
|
|
|
||
|
|
# appending .domain is the MUA's job.
|
||
|
|
append_dot_mydomain = yes
|
||
|
|
|
||
|
|
smtpd_banner = $myhostname [% pmg.mail.banner %]
|
||
|
|
biff = no
|
||
|
|
|
||
|
|
[% IF pmg.mail.dwarning %]
|
||
|
|
delay_warning_time = [% pmg.mail.dwarning %]h
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
best_mx_transport = local
|
||
|
|
message_size_limit = [% pmg.mail.maxsize %]
|
||
|
|
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]
|
||
|
|
|
||
|
|
mydomain = [% dns.domain %]
|
||
|
|
myhostname = [% dns.hostname %].[% dns.domain %]
|
||
|
|
|
||
|
|
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
|
||
|
|
|
||
|
|
alias_maps = hash:/etc/aliases
|
||
|
|
alias_database = hash:/etc/aliases
|
||
|
|
mydestination = localhost, $myhostname
|
||
|
|
mynetworks = [% postfix.mynetworks %]
|
||
|
|
|
||
|
|
relay_domains = hash:/etc/pmg/domains
|
||
|
|
|
||
|
|
transport_maps = hash:/etc/pmg/transport
|
||
|
|
|
||
|
|
[% IF pmg.mail.relay %]
|
||
|
|
[% IF pmg.mail.relaynomx %]
|
||
|
|
relay_transport = smtp:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
|
||
|
|
[% ELSE %]
|
||
|
|
relay_transport = smtp:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
|
||
|
|
[% END %]
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
[% IF pmg.mail.smarthost %]
|
||
|
|
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
content_filter=scan:127.0.0.1:10024
|
||
|
|
|
||
|
|
mail_name = Proxmox
|
||
|
|
|
||
|
|
[% IF pmg.mail.helotests %]
|
||
|
|
smtpd_helo_required = yes
|
||
|
|
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
|
||
|
|
[% ELSE %]
|
||
|
|
smtpd_helo_restrictions =
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
postscreen_access_list =
|
||
|
|
permit_mynetworks,
|
||
|
|
cidr:/etc/postfix/postscreen_access
|
||
|
|
|
||
|
|
[% IF postfix.dnsbl_sites %]
|
||
|
|
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
|
||
|
|
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
postscreen_dnsbl_action = enforce
|
||
|
|
postscreen_greet_action = enforce
|
||
|
|
|
||
|
|
smtpd_sender_restrictions =
|
||
|
|
permit_mynetworks
|
||
|
|
reject_non_fqdn_sender
|
||
|
|
check_client_access cidr:/etc/postfix/clientaccess
|
||
|
|
check_sender_access regexp:/etc/postfix/senderaccess
|
||
|
|
check_recipient_access regexp:/etc/postfix/rcptaccess
|
||
|
|
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
|
||
|
|
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]
|
||
|
|
|
||
|
|
smtpd_recipient_restrictions =
|
||
|
|
permit_mynetworks
|
||
|
|
reject_unauth_destination
|
||
|
|
reject_non_fqdn_recipient
|
||
|
|
check_recipient_access regexp:/etc/postfix/rcptaccess
|
||
|
|
[%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %]
|
||
|
|
[%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %]
|
||
|
|
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
|
||
|
|
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
|
||
|
|
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
|
||
|
|
|
||
|
|
[% IF pmg.mail.verifyreceivers %]
|
||
|
|
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
|
||
|
|
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
|
||
|
|
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]
|
||
|
|
|
||
|
|
[% IF pmg.mail.tls %]
|
||
|
|
smtp_tls_security_level = may
|
||
|
|
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
|
||
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||
|
|
smtpd_tls_security_level = may
|
||
|
|
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
|
||
|
|
smtpd_tls_key_file = $smtpd_tls_cert_file
|
||
|
|
[% IF pmg.mail.tlslog %]
|
||
|
|
smtpd_tls_loglevel = 1
|
||
|
|
smtp_tls_loglevel = 1
|
||
|
|
[% END %]
|
||
|
|
[% IF pmg.mail.tlsheader %]
|
||
|
|
smtpd_tls_received_header = yes
|
||
|
|
[% END %]
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
|
||
|
|
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
|
||
|
|
|
||
|
|
[% IF pmg.mail.hide_received %]
|
||
|
|
unverified_recipient_reject_reason = Recipient address lookup failed
|
||
|
|
[% END %]
|
||
|
|
|
||
|
|
|
||
|
|
default_destination_concurrency_limit = 40
|
||
|
|
lmtp_destination_concurrency_limit = 20
|
||
|
|
relay_destination_concurrency_limit = 20
|
||
|
|
smtp_destination_concurrency_limit = 20
|
||
|
|
virtual_destination_concurrency_limit = 20
|
||
|
|
|
||
|
|
recipient_delimiter = +
|
||
|
|
|
||
|
|
# Throttle client errors
|
||
|
|
smtpd_soft_error_limit = 3
|
||
|
|
smtpd_hard_error_limit = 6
|
||
|
|
smtpd_error_sleep_time = 8s
|