Mercurial > repos > other > Puppet

data_directory = /var/lib/postfix
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @mailserver %>
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
relay_domains =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases


debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
policy_time_limit = 3600
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 0
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_protocols = !SSLv2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_key_file = /etc/pki/custom/<%= @mailserver %>.key
smtpd_tls_cert_file = /etc/pki/custom/<%= @mailserver %>.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtp_tls_ciphers = export
smtp_tls_exclude_ciphers = aNULL, MD5
smtp_tls_protocols = !SSLv2
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_mandatory_protocols = !SSLv2
tls_preempt_cipherlist = yes
smtpd_tls_eecdh_grade = strong
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:505
virtual_gid_maps = static:505
virtual_alias_maps = hash:/etc/postfix/valias
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
smtpd_helo_required = yes
smtpd_helo_restrictions  = permit_mynetworks, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_whitelist, reject_rhsbl_helo zen.spamhaus.org, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/valias-blacklist, check_recipient_access regexp:/etc/postfix/valias-blacklist-regex, reject_rbl_client zen.spamhaus.org, check_policy_service unix:private/policy
smtpd_data_restrictions = reject_unauth_pipelining
transport_maps = hash:/etc/postfix/transport
message_size_limit = 15000000
header_checks = regexp:/etc/postfix/header_checks
body_checks  = regexp:/etc/postfix/body_checks

# The following may not be used by all versions of Postfix
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1
postscreen_dnsbl_action = enforce

postscreen_greet_banner = Establishing connection...
postscreen_greet_action = enforce

postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce

postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce

postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access_private.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = enforce

content_filter = smtp-amavis:[127.0.0.1]:10024
author	IBBoard <dev@ibboard.co.uk>
date	Wed, 26 Oct 2016 19:40:37 +0100
parents	db809398167a
children	9af4b04c2667