### Ansible managed ### Network settings inet_interfaces = all inet_protocols = ipv4 ### Domain settings mydestination = $myhostname mydomain = app.avroid.tech myhostname = mx-app.avroid.tech myorigin = $mydomain mynetworks = 127.0.0.0/8 10.0.0.3/32 10.4.0.102/32 172.17.0.0/16 ### Transport settings virtual_transport = lmtp:172.17.0.1:8000 ### ALIAS settings ### Virtual ALIAS settings virtual_alias_expansion_limit = 1000 virtual_alias_maps = ldap:/etc/postfix/ldap_woof_groups.cf ### Virtual MAILBOX settings virtual_mailbox_domains = ldap:/etc/postfix/ldap_woof_domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap_woof_aliases.cf ### TLS settings tls_random_source = dev:/dev/urandom ## Server-side TLS smtpd_tls_chain_files = /etc/pki/tls/private/server.nopass.key /etc/pki/tls/certs/server.crt /etc/pki/tls/certs/ca.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = no smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s ## Client-side TLS smtp_tls_chain_files = /etc/pki/tls/private/server.nopass.key /etc/pki/tls/certs/server.crt /etc/pki/tls/certs/ca.pem smtp_tls_loglevel = 0 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may ### smtpd settings smtp_helo_name = app.avroid.tech smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_banner = SMTP server is ready. What now? ### Sender LOGIN maps smtpd_sender_login_maps = ldap:/etc/postfix/ldap_woof_emails.cf ### Restrictions smtpd_sasl_auth_enable=yes smtpd_sasl_path=inet:172.17.0.1:61001 smtpd_sasl_type=dovecot smtpd_sasl_security_options=noanonymous smtpd_tls_auth_only=yes smtpd_client_restrictions = permit_mynetworks smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_sender reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_sender_login_mismatch reject_unknown_reverse_client_hostname smtpd_recipient_restrictions = check_policy_service inet:172.17.0.1:3304 permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unknown_client_hostname reject_unauth_pipelining reject_unknown_recipient_domain reject_unlisted_recipient ### Limits anvil_rate_time_unit = 10s anvil_status_update_time = 600s bounce_size_limit = 10000 default_process_limit = 100 line_length_limit = 4096 lmtp_destination_concurrency_limit = 50 max_use = 600 message_size_limit = 31457280 smtpd_client_connection_count_limit = 50 smtpd_client_message_rate_limit = 100 smtpd_hard_error_limit = 100 maximal_backoff_time = 15m maximal_queue_lifetime = 6h minimal_backoff_time = 10m queue_run_delay = 5m ### Delivery status replacing default_delivery_status_filter = regexp:/etc/postfix/delivery_status_filter ### Milter settings smtpd_milters = inet:172.17.0.1:11332, inet:172.17.0.1:3312 non_smtpd_milters = $smtpd_milters milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept milter_protocol = 6 ### Parameters allow_percent_hack = no biff = no bounce_queue_lifetime = 1d command_directory = /usr/sbin compatibility_level = 3.6 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes html_directory = no local_recipient_maps = mail_owner = postfix maillog_file = /dev/stdout mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = no sample_directory = no sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop soft_bounce = no strict_rfc821_envelopes = no unknown_local_recipient_reject_code = 550 always_add_missing_headers = yes smtputf8_autodetect_classes = all smtputf8_enable = yes