postfix_main.cf.in 2.14 KB
Newer Older
1 2 3
# http://www.postfix.org/STANDARD_CONFIGURATION_README.html
# http://www.postfix.org/postconf.5.html
queue_directory = {{ queue_directory }}
4 5
command_directory = {{ bin_directory }}
daemon_directory = {{ usr_directory }}/libexec/postfix
6 7
data_directory = {{ data_directory }}
mail_owner = {{ mail_owner }}
8 9 10
alias_maps = {{ aliases }}
alias_database = {{ aliases }}
mail_spool_directory = {{ spool_directory }}
11 12 13 14 15 16 17 18 19
sendmail_path =
newaliases_path =
mailq_path =
setgid_group = {{ setgid_group }}
html_directory =
manpage_directory =
sample_directory =
readme_directory =
inet_interfaces = {{ inet_interfaces }}
20 21
smtp_bind_address = 0.0.0.0
smtp_bind_address6 = ::
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

# Compared to default:
# - remove X-related variables, irrelevant for slapos, to be concise
# - add SASL_CONF_PATH to have per-partition cyrus-sasl configuration
import_environment =
  MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ LANG=C
  SASL_CONF_PATH

# Mandatory sasl auth over TLS
# XXX: no man-in-the-middle protection
smtpd_tls_cert_file = {{ cert }}
smtpd_tls_key_file = {{ key }}
smtpd_tls_dh512_param_file = {{ dh_512 }}
{#
  Note: 1024 vs. 2048 is not a typo, but what is actually recommended in
  postfix documentation
-#}
smtpd_tls_dh1024_param_file = {{ dh_2048 }}

smtpd_tls_security_level = encrypt
smtpd_sasl_auth_enable = yes
# Reject as many bogus cases as soon as possible, so errors are visible to ERP5
# developper rather than relying on bounces.
smtpd_recipient_restrictions =
  reject_non_fqdn_recipient
  reject_unknown_recipient_domain
  permit_sasl_authenticated
  reject
50 51 52 53
# Do not allow mynetworks to send mails, only authenticated clients.
smtpd_relay_restrictions =
  permit_sasl_authenticated
  defer_unauth_destination
54

55 56 57 58
# We do not pass mail address in command lines, so accept those starting with
# a dash.
allow_min_user = yes

59 60 61
# Disable local delivery
local_transport = error

62 63
smtpd_milters ={{ '\n  '.join(milter_list) }}

64 65 66 67 68 69 70 71
{% if relayhost -%}
relayhost = {{ relayhost }}
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:{{ data_directory }}/smtp_scache
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = {{ sasl_passwd }}
smtp_sasl_tls_security_options = noanonymous
{%- endif %}