-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.cf
94 lines (74 loc) · 3.13 KB
/
main.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# main.cf (part of voipgrid/swiftdrop) holds postfix configuration.
# This postfix is an adapted version from 3.1.12-0+deb9u1 that came with
# debian/stretch.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
# NOTE: configured through entrypoint
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Disable SSL compression and renegotiation (against DoS attacks).
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
# NOTE: configured through entrypoint
myhostname = b8e48a7a9942
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
# Set up postfix like a email gateway/firewall.
# http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
# But use the swiftdrop instead of the relay transport to deliver for
# the known recipients.
# Disable local delivery.
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
parent_domain_matches_subdomains =
debug_peer_list smtpd_access_maps
# There are two valid operations:
# - domains + addresses that we accept inside the smtpd_proxy_filter, where
# they are uploaded to swift (relay_domains, relay_recipient_maps,
# transport_maps)
# - domains + addresses that are passed along by smtpd_proxy_filter so
# postfix can handle them anyway (virtual_alias_maps)
transport_maps = hash:/etc/postfix/transport
# When accepting incoming message, we may want to allow larger images
# 50MB instead of the default 10MB
message_size_limit = 52428800
# NOTE: This is configured through the entrypoint
relay_domains =
# We use the same map as the transport to check if the recipient should
# be accepted so we don't act as an open relay for $relay_domains.
# (Only the lookup 'key' in transport_maps is used, the value is ignored.)
relay_recipient_maps = hash:/etc/postfix/transport
# Forwards
virtual_alias_maps = hash:/etc/postfix/virtual
# Double bounces (also configured through the entrypoint)
2bounce_notice_recipient = postmaster
# Programmatically appended config below this line: