Avroid/service-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83356877f26cd0c5ee507172ef65bfc3a41cb648
service-configs/postfix/mailion/main.cf
Boris Shestov 83356877f2 Обновить postfix/mailion/main.cf 
Add squadus to mynetworks
2024-07-08 13:32:10 +03:00

161 lines
4.0 KiB
CFEngine3
Raw Blame History

### Ansible managed
### Network settings
inet_interfaces = all
inet_protocols = ipv4
### Domain settings
mydestination = $myhostname
mydomain = app.avroid.tech
myhostname = mx-app.avroid.tech
myorigin = $mydomain
mynetworks = 127.0.0.0/8
10.0.0.3/32
10.4.0.102/32
172.17.0.0/16
### Transport settings
virtual_transport = lmtp:172.17.0.1:8000
### ALIAS settings
### Virtual ALIAS settings
virtual_alias_expansion_limit = 1000
virtual_alias_maps = ldap:/etc/postfix/ldap_woof_groups.cf
### Virtual MAILBOX settings
virtual_mailbox_domains = ldap:/etc/postfix/ldap_woof_domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_woof_aliases.cf
### TLS settings
tls_random_source = dev:/dev/urandom
## Server-side TLS
smtpd_tls_chain_files = /etc/pki/tls/private/server.nopass.key
/etc/pki/tls/certs/server.crt
/etc/pki/tls/certs/ca.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
## Client-side TLS
smtp_tls_chain_files = /etc/pki/tls/private/server.nopass.key
/etc/pki/tls/certs/server.crt
/etc/pki/tls/certs/ca.pem
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
### smtpd settings
smtp_helo_name = app.avroid.tech
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_banner = SMTP server is ready. What now?
### Sender LOGIN maps
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_woof_emails.cf
### Restrictions
smtpd_sasl_auth_enable=yes
smtpd_sasl_path=inet:172.17.0.1:61001
smtpd_sasl_type=dovecot
smtpd_sasl_security_options=noanonymous
smtpd_tls_auth_only=yes
smtpd_client_restrictions = permit_mynetworks
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_sender
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unlisted_sender
permit_mynetworks
permit_sasl_authenticated
reject_unknown_sender_domain
reject_sender_login_mismatch
reject_unknown_reverse_client_hostname
smtpd_recipient_restrictions = check_policy_service inet:172.17.0.1:3304
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_recipient
reject_unknown_client_hostname
reject_unauth_pipelining
reject_unknown_recipient_domain
reject_unlisted_recipient
### Limits
anvil_rate_time_unit = 10s
anvil_status_update_time = 600s
bounce_size_limit = 10000
default_process_limit = 100
line_length_limit = 4096
lmtp_destination_concurrency_limit = 50
max_use = 600
message_size_limit = 31457280
smtpd_client_connection_count_limit = 50
smtpd_client_message_rate_limit = 100
smtpd_hard_error_limit = 100
maximal_backoff_time = 15m
maximal_queue_lifetime = 6h
minimal_backoff_time = 10m
queue_run_delay = 5m
### Delivery status replacing
default_delivery_status_filter = regexp:/etc/postfix/delivery_status_filter
### Milter settings
smtpd_milters = inet:172.17.0.1:11332, inet:172.17.0.1:3312
non_smtpd_milters = $smtpd_milters
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
milter_protocol = 6
### Parameters
allow_percent_hack = no
biff = no
bounce_queue_lifetime = 1d
command_directory = /usr/sbin
compatibility_level = 3.6
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
local_recipient_maps =
mail_owner = postfix
maillog_file = /dev/stdout
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = no
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
soft_bounce = no
strict_rfc821_envelopes = no
unknown_local_recipient_reject_code = 550
always_add_missing_headers = yes
smtputf8_autodetect_classes = all
smtputf8_enable = yes
Reference in New Issue View Git Blame Copy Permalink