Mercurial > code > home > repos > infra

view mail/main.cf.j2 @ 332:d4893670f888 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
WIP: use watchdog reboot timer on pi
author drewp@bigasterisk.com
date Thu, 27 Feb 2025 11:09:29 -0800
parents 5b88b38f2471
children
line wrap: on
line source

# written by pyinfra

compatibility_level = 3

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html

inet_interfaces = all

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/self1-ca.crt
smtpd_tls_key_file=/etc/ssl/certs/self1-ca.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_relay_before_recipient_restrictions = yes
smtp_address_preference = ipv4

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

relayhost = {{ 'prime.bigasterisk.com' if host.name != 'prime' else '' }}

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

{% if host.name == 'prime' %}
myhostname = bigasterisk.com
mydestination = /etc/postfix/mydestination
{% else %}
myhostname = {{ host.name }}.bigasterisk.com
# must relay, even if you think you're the destination name is correct
mydestination = 
{% endif %}

relay_domains = $mydestination
mynetworks_style = subnet
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.1.0.0/16 10.3.0.0/16 10.5.0.0/24 192.168.0.3/32 [fc7b:54e8:69a9:e165:86c8:9d42:6cc5:b2a1]/128 [fcc8:29d:5660:ec63:754f:37af:de4a:a9df]/128

# allow realuser+fakepart@bigasterisk.com
recipient_delimiter = +

{% if host.name == 'prime' %}
# mail can only deliver on prime
mailbox_size_limit = 0
home_mailbox = Maildir/
biff = no
message_size_limit = 50000000
#mailbox_command = procmail -a "$EXTENSION"
{% endif %}


# http://www.spamcop.net/fom-serve/cache/349.html
# upgraded, per http://www.wrightthisway.com/Articles/000062.html

smtpd_recipient_restrictions =
    permit_mynetworks, 
    permit_sasl_authenticated,
#    check_client_access  /etc/passwd somehow?
    reject_invalid_hostname, 
    reject_non_fqdn_sender, 
    reject_non_fqdn_recipient, 
    reject_unknown_sender_domain, 
    reject_unknown_recipient_domain, 
    reject_unauth_pipelining, 
    permit_tls_clientcerts,
    reject_unauth_destination, 
    check_sender_access hash:/etc/postfix/sender_access,
    reject_rbl_client bl.spamcop.net,
    permit
    
smtpd_tls_ask_ccert = yes

# no dovecot
smtpd_sasl_type = cyrus
cyrus_sasl_config_path = /etc/postfix/sasl/

# yes dovecot
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes

queue_directory = /var/spool/postfix

# Postfix is the final destination for the specified list
{% if host.name == 'prime' %}
virtual_alias_domains = adkinslawgroup.com iveseenyoubefore.com fantasyfamegame.com maxradi.us whopickedthis.com quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com photo.bigasterisk.com whatsplayingnext.com williamperttula.com 

# Optional lookup tables that alias specific mail addresses or domains to other local or remote addresses
virtual_alias_maps = hash:/etc/postfix/virtual
{% endif %}

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept