# auto-generated by proxmox compatibility_level = 2 command_directory = /usr/sbin daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix # appending .domain is the MUA's job. append_dot_mydomain = yes smtpd_banner = $myhostname [% pmg.mail.banner %] biff = no [% IF pmg.mail.dwarning %] delay_warning_time = [% pmg.mail.dwarning %]h [% END %] best_mx_transport = local message_size_limit = [% pmg.mail.maxsize %] mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %] mydomain = [% dns.domain %] myhostname = [% dns.hostname %].[% dns.domain %] parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost, $myhostname mynetworks = [% postfix.mynetworks %] relay_domains = hash:/etc/pmg/domains transport_maps = hash:/etc/pmg/transport [% IF pmg.mail.relay %] [% IF pmg.mail.relaynomx %] relay_transport = smtp:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %] [% ELSE %] relay_transport = smtp:[% pmg.mail.relay %]:[% pmg.mail.relayport %] [% END %] [% END %] [% IF pmg.mail.smarthost %] default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %] [% END %] content_filter=scan:127.0.0.1:10024 mail_name = Proxmox [% IF pmg.mail.helotests %] smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname [% ELSE %] smtpd_helo_restrictions = [% END %] postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access [% IF postfix.dnsbl_sites %] postscreen_dnsbl_sites = [% postfix.dnsbl_sites %] postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %] [% END %] postscreen_dnsbl_action = enforce postscreen_greet_action = enforce smtpd_sender_restrictions = permit_mynetworks reject_non_fqdn_sender check_client_access cidr:/etc/postfix/clientaccess check_sender_access regexp:/etc/postfix/senderaccess check_recipient_access regexp:/etc/postfix/rcptaccess [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %] [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %] smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient check_recipient_access regexp:/etc/postfix/rcptaccess [%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %] [%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %] [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %] [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %] [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %] [% IF pmg.mail.verifyreceivers %] unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %] [% END %] smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %] smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %] smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %] [% IF pmg.mail.tls %] smtp_tls_security_level = may smtp_tls_policy_maps = hash:/etc/pmg/tls_policy smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem smtpd_tls_key_file = $smtpd_tls_cert_file [% IF pmg.mail.tlslog %] smtpd_tls_loglevel = 1 smtp_tls_loglevel = 1 [% END %] [% IF pmg.mail.tlsheader %] smtpd_tls_received_header = yes [% END %] [% END %] smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache [% IF pmg.mail.hide_received %] unverified_recipient_reject_reason = Recipient address lookup failed [% END %] default_destination_concurrency_limit = 40 lmtp_destination_concurrency_limit = 20 relay_destination_concurrency_limit = 20 smtp_destination_concurrency_limit = 20 virtual_destination_concurrency_limit = 20 recipient_delimiter = + # Throttle client errors smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 6 smtpd_error_sleep_time = 8s