ansible/roles/postfix/templates/main.cf.j2

# {{ ansible_managed }}
# See /usr/share/postfix/main.cf.dist for a full commented version
# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights
# More generally, see the Postfix documentation at http://www.postfix.org

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# Send mail as user@{{ myorigin }}
myorigin = {{ myorigin }}

myhostname = {{ myhostname }}

mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }}

# Specify the trusted networks
mynetworks = 127.0.0.0/8 {{ local_network }}

# This host does not relay mail from untrusted networks
relay_domains =

# Allow plus delimiter
recipient_delimiter = +

# Re2o Generated files
alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
alias_maps = $alias_database
local_recipient_maps = $alias_maps unix:passwd.byname
virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual

# Tell Postfix to deliver emails to Dovecot through LMTP
virtual_transport = lmtp:unix:private/dovecot-lmtp

# TLS for reception
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }} 
smtpd_tls_key_file = {{ certbot.cert_path_privkey }} 
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes

# TLS for sending
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1 
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_CApath = /etc/ssl/certs/

# Caching TLS sessions
smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache
Add (initial) postfix role 2021-01-14 12:15:48 +01:00			`# {{ ansible_managed }}`
			`# See /usr/share/postfix/main.cf.dist for a full commented version`
			`# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights`
			`# More generally, see the Postfix documentation at http://www.postfix.org`

			`smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)`
			`biff = no`

			`# appending .domain is the MUA's job.`
			`append_dot_mydomain = no`

			`# Uncomment the next line to generate "delayed mail" warnings`
			`#delay_warning_time = 4h`

			`readme_directory = no`

			`# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on`
			`# fresh installs.`
			`compatibility_level = 2`

			`# Send mail as user@{{ myorigin }}`
			`myorigin = {{ myorigin }}`

			`myhostname = {{ myhostname }}`

			`mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }}`

			`# Specify the trusted networks`
			`mynetworks = 127.0.0.0/8 {{ local_network }}`

			`# This host does not relay mail from untrusted networks`
			`relay_domains =`

			`# Allow plus delimiter`
			`recipient_delimiter = +`
Postfix conf add certs and other security related modifications 2021-02-04 23:18:23 +01:00
			`# Re2o Generated files`
			`alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases`
			`alias_maps = $alias_database`
			`local_recipient_maps = $alias_maps unix:passwd.byname`
			`virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual`
			`relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual`

			`# Tell Postfix to deliver emails to Dovecot through LMTP`
			`virtual_transport = lmtp:unix:private/dovecot-lmtp`

			`# TLS for reception`
			`smtpd_use_tls = yes`
			`smtpd_tls_security_level = may`
			`smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }}`
			`smtpd_tls_key_file = {{ certbot.cert_path_privkey }}`
			`smtpd_tls_loglevel = 0`
			`smtpd_tls_received_header = yes`

			`# TLS for sending`
			`smtp_use_tls = yes`
			`smtp_tls_security_level = may`
			`smtp_tls_loglevel = 1`
			`smtp_tls_cert_file =`
			`smtp_tls_key_file =`
			`smtp_tls_CApath = /etc/ssl/certs/`

			`# Caching TLS sessions`
			`smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache`
			`smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache`