alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/maps/ecco_body_check.map
broken_sasl_auth_clients = yes
compatibility_level = 2
header_checks = regexp:/etc/postfix/maps/whitelist_senders.map regexp:/etc/postfix/maps/ecco_header_check.map regexp:/etc/postfix/maps/ecco_header_check_manual.map regexp:/etc/postfix/maps/spam_filter_header_check.map
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = {{ mail_server_fqdn }}; localhost; localhost.localdomain
myhostname = {{ mail_server_fqdn }}
mynetworks = 127.0.0.0/8 /etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}

myorigin = /etc/mailname
policy-spf_time_limit = 3600s
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_recipient_maps =
smtpd_banner = $myhostname ESMTP $mail_name
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
# If this is a backupmx or satellite then smtp_sasl_auth_enable = yes
smtp_sasl_auth_enable = no
#smtp_sasl_password_maps = hash:/etc/postfix/claves_smtp
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000

# For dbmail
virtual_transport = dbmail-lmtp:127.0.0.1:{{ dbmail_configuration['LMTP']['port'] }}