Add postfix configuration for mailion

2024-07-03 12:26:12 +03:00
parent ea8c4275c7
commit a994c37069
1 changed files with 159 additions and 0 deletions
--- a/postfix/mailion/main.cf
+++ b/postfix/mailion/main.cf
@@ -0,0 +1,159 @@
+### Ansible managed
+
+### Network settings
+
+inet_interfaces = all
+inet_protocols = ipv4
+
+### Domain settings
+
+mydestination = $myhostname
+mydomain = app.avroid.tech
+myhostname = mx-app.avroid.tech
+myorigin = $mydomain
+mynetworks = 127.0.0.0/8
+    10.0.0.3/32
+    172.17.0.0/16
+
+### Transport settings
+
+virtual_transport = lmtp:172.17.0.1:8000
+
+### ALIAS settings
+
+
+### Virtual ALIAS settings
+
+virtual_alias_expansion_limit = 1000
+virtual_alias_maps = ldap:/etc/postfix/ldap_woof_groups.cf
+
+### Virtual MAILBOX settings
+
+virtual_mailbox_domains = ldap:/etc/postfix/ldap_woof_domains.cf
+virtual_mailbox_maps = ldap:/etc/postfix/ldap_woof_aliases.cf
+
+### TLS settings
+
+tls_random_source = dev:/dev/urandom
+
+## Server-side TLS
+smtpd_tls_chain_files = /etc/pki/tls/private/server.nopass.key
+    /etc/pki/tls/certs/server.crt
+    /etc/pki/tls/certs/ca.pem
+smtpd_tls_loglevel = 0
+smtpd_tls_received_header = no
+smtpd_tls_security_level = may
+smtpd_tls_session_cache_timeout = 3600s
+
+## Client-side TLS
+smtp_tls_chain_files = /etc/pki/tls/private/server.nopass.key
+    /etc/pki/tls/certs/server.crt
+    /etc/pki/tls/certs/ca.pem
+smtp_tls_loglevel = 0
+smtp_tls_note_starttls_offer = yes
+smtp_tls_security_level = may
+
+### smtpd settings
+
+smtp_helo_name = app.avroid.tech
+smtpd_delay_reject = yes
+smtpd_helo_required = yes
+smtpd_banner = SMTP server is ready. What now?
+
+### Sender LOGIN maps
+
+smtpd_sender_login_maps = ldap:/etc/postfix/ldap_woof_emails.cf
+
+### Restrictions
+
+smtpd_sasl_auth_enable=yes
+smtpd_sasl_path=inet:172.17.0.1:61001
+smtpd_sasl_type=dovecot
+smtpd_sasl_security_options=noanonymous
+smtpd_tls_auth_only=yes
+smtpd_client_restrictions = permit_mynetworks
+smtpd_helo_restrictions =
+    permit_mynetworks
+    permit_sasl_authenticated
+    reject_non_fqdn_sender
+    reject_invalid_helo_hostname
+    reject_non_fqdn_helo_hostname
+    reject_unknown_helo_hostname
+smtpd_sender_restrictions =
+    reject_non_fqdn_sender
+    reject_unlisted_sender
+    permit_mynetworks
+    permit_sasl_authenticated
+    reject_unknown_sender_domain
+    reject_sender_login_mismatch
+    reject_unknown_reverse_client_hostname
+smtpd_recipient_restrictions = check_policy_service inet:172.17.0.1:3304
+    permit_mynetworks
+    permit_sasl_authenticated
+    reject_non_fqdn_recipient
+    reject_unknown_client_hostname
+    reject_unauth_pipelining
+    reject_unknown_recipient_domain
+    reject_unlisted_recipient
+
+### Limits
+
+anvil_rate_time_unit = 10s
+anvil_status_update_time = 600s
+bounce_size_limit = 10000
+default_process_limit = 100
+line_length_limit = 4096
+lmtp_destination_concurrency_limit = 50
+max_use = 600
+message_size_limit = 31457280
+smtpd_client_connection_count_limit = 50
+smtpd_client_message_rate_limit = 100
+smtpd_hard_error_limit = 100
+maximal_backoff_time = 15m
+maximal_queue_lifetime = 6h
+minimal_backoff_time = 10m
+queue_run_delay = 5m
+
+### Delivery status replacing
+
+default_delivery_status_filter = regexp:/etc/postfix/delivery_status_filter
+
+### Milter settings
+
+smtpd_milters = inet:172.17.0.1:11332, inet:172.17.0.1:3312
+
+non_smtpd_milters = $smtpd_milters
+milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
+milter_default_action = accept
+milter_protocol = 6
+
+
+### Parameters
+allow_percent_hack = no
+biff = no
+bounce_queue_lifetime = 1d
+command_directory = /usr/sbin
+compatibility_level = 3.6
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+debug_peer_level = 2
+debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
+disable_vrfy_command = yes
+html_directory = no
+local_recipient_maps =
+mail_owner = postfix
+maillog_file = /dev/stdout
+mailq_path = /usr/bin/mailq.postfix
+manpage_directory = /usr/share/man
+newaliases_path = /usr/bin/newaliases.postfix
+queue_directory = /var/spool/postfix
+readme_directory = no
+sample_directory = no
+sendmail_path = /usr/sbin/sendmail.postfix
+setgid_group = postdrop
+soft_bounce = no
+strict_rfc821_envelopes = no
+unknown_local_recipient_reject_code = 550
+always_add_missing_headers = yes
+smtputf8_autodetect_classes = all
+smtputf8_enable = yes