# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUAs job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache tls_random_source = dev:/dev/urandom tls_random_bytes = 32 tls_random_reseed_period = 3600s # home_mailbox = Maildir/ smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_use_tls = yes smtpd_tls_received_header = yes smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium #smtpd_tls_auth_only = yes # smtp_tls_cert_file=/etc/postfix/ssl/smtpd.pem smtp_tls_key_file=$smtp_tls_cert_file smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtp_use_tls = yes # # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = example.org alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname #mydestination = example.org, www.example.org, example.cc, www.example.cc, myserverhostname, localhost.localdomain, localhost mydestination = relayhost = smtp-server.example.com # This was commented out as it gives a "unused parameter" warning on Precise - works on Hardy #relay_domain = $mydestination mynetworks_style = subnet #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all owner_request_special = no message_size_limit = 32768000 # # Virtual Mailbox Domain Settings virtual_alias_maps = mysql:/etc/postfix/mysql/alias_maps.cf, mysql:/etc/postfix/mysql/alias_alias_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql/domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql/mailbox_maps.cf, mysql:/etc/postfix/mysql/mailbox_alias_maps.cf virtual_mailbox_limit = 51200000 virtual_minimum_uid = 5000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_transport = virtual # Additional for quota support # This was commented out as it gives a "unused parameter" warning on Precise - works on Hardy #virtual_create_maildirsize = yes #virtual_mailbox_extended = yes #virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mailbox_limit_maps.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Sorry, the your maildir has overdrawn your diskspace quota, please free up some of spaces of your mailbox try again. #virtual_overquota_bounce = yes # # Spam reduction parameters. May be aggresive for some, but seems to work well. access_map_reject_code = 554 invalid_hostname_reject_code = 554 maps_rbl_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 plaintext_reject_code = 554 reject_code = 554 relay_domains_reject_code = 554 unknown_local_recipient_reject_code = 550 unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 # default_process_limit = 20 smtpd_client_connection_count_limit = 10 # Value of 60 should translate to 1 per second limit smtpd_client_connection_rate_limit = 60 smtpd_client_message_rate_limit = 60 smtpd_client_new_tls_session_rate_limit = 60 # smtpd_helo_required = yes smtpd_delay_reject = yes address_verify_map = btree:${data_directory}/verify_cache smtpd_reject_unlisted_sender=yes # smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/white_lists, permit_sasl_authenticated, permit_mynetworks, # permit_tls_clientcerts, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_sender, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, check_client_access hash:/etc/postfix/white_lists, permit smtpd_data_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_pipelining, permit # Added for trying to send email from PDA smtpd_client_restrictions = permit_sasl_authenticated smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/check_helo_access, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, permit #