ansible-role-dbmail/templates/main.cf.j2

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/maps/ecco_body_check.map
broken_sasl_auth_clients = yes
compatibility_level = 2
header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain
myhostname = {{ mail_server_fqdn }}
mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}

myorigin = /etc/mailname
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_recipient_maps =
smtpd_banner = $myhostname ESMTP $mail_name
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes
smtp_sasl_auth_enable = no
#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000

# For dbmail
virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}
Initial commit with previous code 2022-10-11 09:18:54 +02:00			`alias_database = hash:/etc/aliases`
			`alias_maps = hash:/etc/aliases`
			`append_dot_mydomain = no`
			`biff = no`
			`body_checks = regexp:/etc/postfix/maps/ecco_body_check.map`
			`broken_sasl_auth_clients = yes`
			`compatibility_level = 2`
add extension to map 2023-01-29 16:27:44 +01:00			`header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map`
Initial commit with previous code 2022-10-11 09:18:54 +02:00			`html_directory = /usr/share/doc/postfix/html`
			`inet_interfaces = all`
			`inet_protocols = all`
			`mailbox_size_limit = 0`
			`mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain`
			`myhostname = {{ mail_server_fqdn }}`
			`mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}`

			`myorigin = /etc/mailname`
			`policy-spf_time_limit = 3600s`
			`proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps`
			`readme_directory = /usr/share/doc/postfix`
			`recipient_delimiter = +`
			`relay_recipient_maps =`
			`smtpd_banner = $myhostname ESMTP $mail_name`
			`# Block clients that speak too early.`
			`smtpd_data_restrictions = reject_unauth_pipelining`
			`# Don't talk to mail systems that don't know their own hostname.`
			`smtpd_helo_restrictions = reject_unknown_helo_hostname`
			`smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf`
			`smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination`
			`smtpd_sasl_auth_enable = yes`
			`smtpd_sasl_authenticated_header = yes`
			`smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem`
			`smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem`
			`smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA`
			`smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem`
			`smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache`
			`smtpd_use_tls = yes`
			`# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes`
			`smtp_sasl_auth_enable = no`
			`#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp`
			`smtp_sasl_security_options = noanonymous`
			`smtp_sasl_type = cyrus`
			`smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache`
			`smtp_use_tls = yes`
			`transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf`
			`virtual_alias_domains =`
			`virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf`
			`virtual_gid_maps = static:5000`
			`virtual_mailbox_base = /home/vmail`
			`virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf`
			`virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf`
			`virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf`
			`virtual_uid_maps = static:5000`

			`# For dbmail`
add extension to map 2023-01-29 16:27:44 +01:00			`virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}`