# smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_banner = $myhostname ESMTP biff = no # Bounce notifies double_bounce_sender = MAILER-DAEMON #notify_classes = bounce,policy,protocol,resource,software #notify_classes = bounce,resource,software notify_classes = resource,software bounce_notice_recipient = postmaster@example.net #2bounce_notice_recipient = postmaster@example.net #delay_notice_recipient = postmaster error_notice_recipient = postmaster@example.net # Set to "yes" when testing something soft_bounce = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings # Use is discouraged, people get enough mail already. #delay_warning_time = 4h myhostname = mailstore.example.net # ldapified (done) alias_maps = hash:/etc/aliases, hash:/etc/postfix/cgate_lists # ldapified myorigin = /etc/mailname # ldapified mydestination = mailstore.example.net, localhost, ldap:/etc/postfix/mydestination.cf # Local recipients local_recipient_maps = ldap:/etc/postfix/local_recipient_maps.cf $alias_maps $virtual_alias_maps relayhost = fw.example.net mynetworks = 127.0.0.0/8 # Local Delivery Over LMTP lmtp_sasl_auth_enable=yes lmtp_sasl_password_maps=hash:/etc/postfix/lmtp_passwd lmtp_sasl_security_options = noanonymous lmtp_destination_concurrency_limit = 180 lmtp_destination_recipient_limit = 100 mailbox_transport = lmtp:localhost mailbox_size_limit = 0 message_size_limit = 20000000 recipient_delimiter = + # ldapified virtual_alias_domains = ldap:/etc/postfix/virtual_alias_domains.cf virtual_alias_maps = ldap:/etc/postfix/mailforwards.cf ldap:/etc/postfix/virtual_alias_maps.cf ldap:/etc/postfix/ldap-user-aliases.cf smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes maximal_queue_lifetime = 5d local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 10 # SMTP auth - spaeter # TLS fuer smtp transport: smtpd_tls_cert_file = /etc/ldap/openldap/mailstore.example.net.cert smtpd_tls_key_file = /etc/ldap/openldap/mailstore.example.net.key smtpd_tls_CAfile = /etc/postfix/ca-cert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_use_tls = yes smtpd_enforce_tls = no smtpd_tls_ask_ccert = no smtpd_tls_req_ccert = no smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem smtpd_starttls_timeout = 120s smtp_tls_CApath = /etc/postfix/certs smtp_tls_CAfile = /etc/postfix/ca-cert.pem smtp_use_tls = yes smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/random tls_daemon_random_source = dev:/dev/random smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit_sasl_authenticated, permit_mynetworks, # check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, # check_helo_access hash:/etc/postfix/helo_checks, permit smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender