mirror of
https://github.com/DanWin/mail-hosting.git
synced 2024-11-21 23:20:25 +00:00
87 lines
4.2 KiB
CFEngine3
87 lines
4.2 KiB
CFEngine3
# general configuration options
|
|
smtpd_banner = danwin1210.de ESMTP $mail_name (Debian/GNU)
|
|
biff = no
|
|
append_dot_mydomain = no
|
|
delay_warning_time = 10h
|
|
myhostname = danwin1210.de
|
|
alias_maps =
|
|
alias_database =
|
|
myorigin = danwin1210.de
|
|
mydestination =
|
|
mynetworks = 127.0.0.0/8 192.168.178.0/24 10.9.0.0/24
|
|
recipient_delimiter = +
|
|
inet_interfaces = all
|
|
inet_protocols = all
|
|
ignore_mx_lookup_error = yes
|
|
always_add_missing_headers = yes
|
|
message_drop_headers = bcc content-length resent-bcc return-path x-mailer x-originating-ip user-agent x-received x-sender-ip x-client-ip x-client-hostname
|
|
notify_classes = 2bounce data delay resource software
|
|
message_size_limit = 52428800
|
|
backwards_bounce_logfile_compatibility = no
|
|
show_user_unknown_table_name = no
|
|
virtual_transport = lmtp:unix:/private/dovecot-lmtp
|
|
compatibility_level = 3.6
|
|
smtputf8_autodetect_classes = all
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
|
|
smtpd_tls_ciphers = HIGH
|
|
smtpd_tls_mandatory_ciphers = HIGH
|
|
smtp_tls_ciphers = HIGH
|
|
smtp_tls_mandatory_ciphers = HIGH
|
|
tls_eecdh_auto_curves = X448 X25519 secp521r1 secp384r1 prime256v1
|
|
smtpd_tls_protocols = TLSv1.2 TLSv1.3
|
|
smtp_tls_protocols = TLSv1.2 TLSv1.3
|
|
smtpd_tls_exclude_ciphers = aNULL MD5 SHA CAMELLIA RSA AES+SHA256 AES+SHA384
|
|
smtpd_tls_mandatory_exclude_ciphers = aNULL MD5 SHA CAMELLIA RSA AES+SHA256 AES+SHA384
|
|
smtp_tls_exclude_ciphers = aNULL MD5 SHA CAMELLIA AES+SHA256 AES+SHA384
|
|
smtp_tls_mandatory_exclude_ciphers = aNULL MD5 SHA CAMELLIA AES+SHA256 AES+SHA384
|
|
tls_preempt_cipherlist = yes
|
|
smtpd_tls_security_level = may
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
smtp_tls_security_level = may
|
|
smtp_tls_CApath = /etc/ssl/certs
|
|
smtp_dns_support_level = dnssec
|
|
tls_ssl_options = NO_RENEGOTIATION
|
|
smtp_tls_chain_files = /etc/postfix/danwin1210-mail.chain
|
|
smtpd_tls_received_header = yes
|
|
|
|
#lookup maps for domains and email addresses
|
|
relay_domains =
|
|
canonical_maps = inline:{{@mail2tor.onion=@mail2tor.com}, {@torbox3uiot6wchz.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}, {@torbox.onion=@torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion}}
|
|
sender_canonical_maps = inline:{{@localhost=@danwin1210.de}, {@danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion=@danwin1210.de}}
|
|
transport_maps = inline:{{.onion=smtp}, {mail2tor.com=relay:[xc7tgk2c5onxni2wsy76jslfsitxjbbptejnqhw6gy2ft7khpevhc7ad.onion]:25}, {blackhost.xyz=relay:[blackhost7pws76u6vohksdahnm6adf7riukgcmahrwt43wv2drvyxid.onion]:25}} proxy:mysql:/etc/postfix/sql/mysql_transport_maps.cf inline:{*=relay:[10.9.0.1]:1025}
|
|
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
|
|
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
|
|
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
|
|
|
|
#sasl authentication and restrictions
|
|
smtpd_sasl_auth_enable = yes
|
|
smtpd_sasl_security_options = noanonymous
|
|
smtpd_sasl_local_domain = danwin1210.de
|
|
smtpd_sasl_type = dovecot
|
|
smtpd_sasl_path = private/auth
|
|
smtpd_client_restrictions = reject_unauth_pipelining
|
|
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:12340, permit_sasl_authenticated, check_recipient_access proxy:mysql:/etc/postfix/sql/mysql_tls_policy_in.cf
|
|
smtpd_sender_restrictions = reject_sender_login_mismatch, check_sender_access inline:{{<> = REJECT}}, permit_sasl_authenticated
|
|
smtpd_relay_restrictions = permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination
|
|
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_auth_maps.cf
|
|
|
|
# anti-spam settings
|
|
smtpd_milters = inet:127.0.0.1:11332
|
|
non_smtpd_milters = inet:127.0.0.1:11332
|
|
milter_default_action = tempfail
|
|
milter_protocol = 6
|
|
header_checks = regexp:/etc/postfix/header_checks
|
|
disable_vrfy_command = yes
|
|
smtpd_discard_ehlo_keywords = silent-discard, dsn
|
|
smtpd_delay_reject = yes
|
|
smtpd_helo_required = yes
|
|
strict_rfc821_envelopes = yes
|
|
default_destination_concurrency_limit = 2
|
|
smtpd_recipient_limit = 5
|
|
smtp_pix_workarounds = delay_dotcrlf
|
|
smtpd_forbid_bare_newline = yes
|
|
smtpd_forbid_unauth_pipelining = yes
|