Edit file File name : main.cf Content :# generated by Ansible role ndn_postfix ########################################################### ### Basic info about where this machine sits in the network. # WHOAMI, FQDN myhostname = vps42285.dreamhostps.com # IPs to bind to inet_interfaces = all # Use IPv4 only for now. IPv6 is a spearate project. inet_protocols = ipv4 # Send all mail through a specified mail server, don't send directly to recipient. relayhost = smtp_sasl_auth_enable = no smtp_sasl_password_maps = hash:/etc/postfix/sasl_password_maps # Send all deferred mail to a separate server to retry delivery. smtp_fallback_relay = ########################################################### ### Local executable & filesystem settings. bounce_template_file = /etc/postfix/bounce.cf tls_random_source = dev:/dev/urandom # Use longer message IDs, so they get reused less often. enable_long_queue_ids = yes ########################################################### ### Settings used for local email delivery to local users # Allow user+tag@domain.tld recipient_delimiter = + propagate_unmatched_extensions = # delivery via maildir (versus mbox) home_mailbox = Maildir/ # make sure home_dir exists (in case of nfs funkiness!) require_home_directory = yes # Allowed filenames to control forwarding to ex procmail. forward_path = $home/.forward, $home/.forward.postfix ########################################################### ### Settings that affect what emails are accepted for users here. # List of our BFFs, trusted networks allowed to send mail out or relay mail through here # without facing the spanish inquisition. mynetworks = localhost $inet_interfaces # Destination is myhostname = vps42285.dreamhostps.com mydestination = $myhostname = vps42285.dreamhostps.com # What destination domains this system will relay mail for (and generally treat the same as if the recipient was local). relay_domains = # Which recipient address/domain to deliver locally. local_recipient_maps = $alias_maps, unix:passwd.byname # Email alias info used for local delivery. alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases virtual_maps = hash:/etc/postfix/virtusertable virtual_alias_maps = ########################################################### ### Performance settings fast_flush_domains = $myhostname = vps42285.dreamhostps.com # Do not delay accepting new mail, regardless of the message arrival rate. in_flow_delay = 0 # Max number of parallel deliveries to the same destination. default_destination_concurrency_limit = 50 # Max number of parallel deliveries to the same local recipient. local_destination_concurrency_limit = 2 # Max number of parallel deliveries when done via SMTP (ex remote server) smtp_destination_concurrency_limit = 100 # Max size of Maildir files (implemented via ulimit -f, so it's the size of ANY file postfix/procmail touches) mailbox_size_limit = 153600000 # Timeout for incoming SMTP connections, in seconds. smtpd_timeout = 30 # Pause after errors, and limit the number of errors a remote client can make # before they're disconnected. smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 # Don't retry sending bounce / nondelivery notifications, once is enough. bounce_queue_lifetime = 0 # Retry sending regular emails for this long before giving up maximal_queue_lifetime = 3d # Min & max amount to delay between delivery reattempts. minimal_backoff_time = 1m maximal_backoff_time = 5m # How often to scan the deferred queue for emails due to be reattempted. queue_run_delay = 1m ########################################################### ### Settings to block possible spam or abuse. # 40MB limit for total email size message_size_limit = 40960000 # Don't apply header checks to quoted / attached message headers. nested_header_checks = # Disable unused feature that can be abused. allow_percent_hack = no # Disable the SMTP VRFY command to prevent harvesting target addys to spam. disable_vrfy_command = yes # Don't advertise the dsn in the EHLO response smtpd_discard_ehlo_keywords = silent-discard, dsn # Require a HELO/EHLO before a MAIL transaction. smtpd_helo_required = yes # Domain matches only itself, not a subdomain. parent_domain_matches_subdomains = # security through obscurity, don't mention OS info or postfix version smtpd_banner = $myhostname = vps42285.dreamhostps.com # Max number of simultaneous connections from a single client. smtpd_client_connection_count_limit = 10 # Max connection attempts from a single client per minute. smtpd_client_connection_rate_limit = 600 ########################################################### ### Encryption # Record info about any encryption used for incoming mail in the message headers. smtpd_tls_received_header = yes # TLS on outward bound connections smtp_tls_security_level = may smtp_tls_ciphers = medium smtp_tls_mandatory_ciphers = $smtp_tls_ciphers smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1 smtp_tls_mandatory_protocols = $smtpd_tls_protocols # TLS caching for outward connections smtp_tls_session_cache_database = btree:${data_directory}/smtpd_scache # Root CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt ########################################################### ### Access restrictions applied to various stages of SMTP conversations. # Each set or class of restrictions are applied in order. The first matching # permit or reject is used. # # http://www.postfix.org/SMTPD_ACCESS_README.html#lists # Restrictions applied to the HELO/EHLO hostname sent by the client. These # should generally not be used where SASL is permitted, because human users # often have their systems setup with terrible hostname info. # Permit only applies to this set of restrictions, the other restriction sets # may still reject. # Translation: # * permit our BFFs # * reject if the hostname is malformed # * reject if the hostname is not in FQDN or address literal form (required by RFC) # * reject if the hostname has no DNS A or MX record # * permit anything that got this far smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname permit # Restrictions on the recipient, and general relay access. # TODO at some future point: implement custom smtpd_relay_restrictions for all general relay access restrictions, leaving smtpd_recipient_restrictions just for anti-spam type restrictions. # Translation: # * reject if the client jumps the gun with SMTP commands # * reject if the message does not have a FQDN for the sender & recipient # * if user info is stored in mysql, check for any recipient access info there # * if ratelimiting is used here, check_policy_service uses policyd to rejent # if sending too fast # * permit our BFFs # * permit if there was a successful SASL login # * permit if the recipient is a domain this server delivers or relays for # * reject by default smtpd_recipient_restrictions = reject_unauth_pipelining reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated permit_auth_destination reject ########################################################### ### Settings for authenticated sending by mail users. http://www.postfix.org/SASL_README.html # Allow SASL? If this is false, no other SASL settings matter. smtpd_sasl_auth_enable = no # Must authenticate as a real user, no anonymous users smtpd_sasl_security_options = noanonymous # Record SASL info used in the message headers. smtpd_sasl_authenticated_header = yes # Use Dovecot to authenticate (postfix cannot do that part itself) smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # Allow repeat AUTH statement in format old/broken clients can understand broken_sasl_auth_clients = yes ########################################################### ### Misc # What sorts of messages to notify the postmaster about notify_classes = Save