# {{ ansible_managed }}
# See /usr/share/postfix/main.cf.dist for a full commented version
# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights
# More generally, see the Postfix documentation at http://www.postfix.org

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# Send mail as user@{{ myorigin }}
myorigin = {{ myorigin }}

myhostname = {{ myhostname }}

mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }}

# Specify the trusted networks
mynetworks = 127.0.0.0/8 {{ local_network }}

# This host does not relay mail from untrusted networks
relay_domains =

# Allow plus delimiter
recipient_delimiter = +

# Re2o Generated files
alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
alias_maps = $alias_database
local_recipient_maps = $alias_maps unix:passwd.byname
virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual

# Tell Postfix to deliver emails to Dovecot through LMTP
virtual_transport = lmtp:unix:private/dovecot-lmtp

# TLS for reception
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {{ cert.path_fullchain }} 
smtpd_tls_key_file = {{ cert.path_privkey }} 
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes

# TLS for sending
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1 
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_CApath = /etc/ssl/certs/

# Caching TLS sessions
smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache