74 lines
2.1 KiB
Text
74 lines
2.1 KiB
Text
|
{{ ansible_managed | comment }}
|
||
|
|
||
|
myhostname = {{ postfix__hostname }}
|
||
|
smtpd_banner = $myhostname ESMTP
|
||
|
biff = no
|
||
|
|
||
|
# appending .domain is the MUA's job.
|
||
|
append_dot_mydomain = no
|
||
|
|
||
|
#delay_warning_time = 4h
|
||
|
|
||
|
compatibility_level = 3.6
|
||
|
|
||
|
virtual_alias_maps = texthash:/etc/postfix/virtual
|
||
|
virtual_mailbox_domains = {{ postfix__virtual_mailbox_domains | join(" ") }}
|
||
|
virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
|
||
|
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||
|
|
||
|
smtpd_sender_login_maps = $virtual_mailbox_maps, $virtual_alias_maps
|
||
|
|
||
|
#smtpd_sasl_type = dovecot
|
||
|
#smtpd_sasl_path = private/auth
|
||
|
|
||
|
alias_maps =
|
||
|
|
||
|
# TODO peut-être
|
||
|
#smtpd_helo_required = yes
|
||
|
#strict_rfc821_envelopes = yes
|
||
|
|
||
|
# TLS parameters
|
||
|
smtp_tls_CApath = /etc/ssl/certs
|
||
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||
|
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||
|
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
|
||
|
smtpd_tls_security_level = may
|
||
|
|
||
|
# M2M
|
||
|
smtpd_client_restrictions = permit
|
||
|
smtpd_helo_restrictions = permit
|
||
|
smtpd_recipient_restrictions =
|
||
|
reject_unverified_recipient,
|
||
|
permit
|
||
|
smtpd_relay_restrictions =
|
||
|
reject_unauth_destination,
|
||
|
permit
|
||
|
smtpd_sender_restrictions = permit
|
||
|
|
||
|
# MUA
|
||
|
mua_client_restrictions =
|
||
|
permit_sasl_authenticated,
|
||
|
reject
|
||
|
mua_helo_restrictions = permit
|
||
|
# TODO match envelope
|
||
|
mua_recipient_restrictions =
|
||
|
reject_authenticated_sender_login_mismatch,
|
||
|
permit_sasl_authenticated,
|
||
|
reject
|
||
|
mua_reject_unlisted_sender = yes
|
||
|
mua_reject_unlisted_recipient = no
|
||
|
mua_relay_restrictions = permit
|
||
|
mua_sasl_local_domain = {{ postfix__sasl_local_domain }}
|
||
|
mua_sender_restrictions = permit
|
||
|
# TODO mails depuis *@infra.auro.re + localhost
|
||
|
|
||
|
#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||
|
#mailbox_size_limit = 0
|
||
|
recipient_delimiter = {{ postfix__recipient_delimiter }}
|
||
|
inet_interfaces = all
|
||
|
inet_protocols = all
|
||
|
|
||
|
default_destination_rate_delay = {{ postfix__destination_rate_delay }}
|
||
|
smtp_destination_concurrency_limit = {{ postfix__destination_concurrency_limit }}
|
||
|
smtp_destination_recipient_limit = {{ postfix__destination_recipient_limit }}
|