ansible/roles/postfix/templates/main.cf.j2

74 lines
2.1 KiB
Text
Raw Normal View History

2023-12-17 17:30:28 +01:00
{{ ansible_managed | comment }}
myhostname = {{ postfix__hostname }}
smtpd_banner = $myhostname ESMTP
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
#delay_warning_time = 4h
compatibility_level = 3.6
virtual_alias_maps = texthash:/etc/postfix/virtual
virtual_mailbox_domains = {{ postfix__virtual_mailbox_domains | join(" ") }}
virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sender_login_maps = $virtual_mailbox_maps, $virtual_alias_maps
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
alias_maps =
# TODO peut-être
#smtpd_helo_required = yes
#strict_rfc821_envelopes = yes
# TLS parameters
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
# M2M
smtpd_client_restrictions = permit
smtpd_helo_restrictions = permit
smtpd_recipient_restrictions =
reject_unverified_recipient,
permit
smtpd_relay_restrictions =
reject_unauth_destination,
permit
smtpd_sender_restrictions = permit
# MUA
mua_client_restrictions =
permit_sasl_authenticated,
reject
mua_helo_restrictions = permit
# TODO match envelope
mua_recipient_restrictions =
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject
mua_reject_unlisted_sender = yes
mua_reject_unlisted_recipient = no
mua_relay_restrictions = permit
mua_sasl_local_domain = {{ postfix__sasl_local_domain }}
mua_sender_restrictions = permit
# TODO mails depuis *@infra.auro.re + localhost
#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
#mailbox_size_limit = 0
recipient_delimiter = {{ postfix__recipient_delimiter }}
inet_interfaces = all
inet_protocols = all
default_destination_rate_delay = {{ postfix__destination_rate_delay }}
smtp_destination_concurrency_limit = {{ postfix__destination_concurrency_limit }}
smtp_destination_recipient_limit = {{ postfix__destination_recipient_limit }}