Mercurial > repos > other > Puppet

view modules/postfix/templates/main.cf.erb @ 180:83885499c093 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Strip some headers on outbound emails Necessary because GMail app on Android using an account on our server adds half of the MS Outlook headers, but not the others and this causes SpamAssassin to flag as spam
author IBBoard <dev@ibboard.co.uk>
date Sun, 05 Aug 2018 10:40:51 +0100
parents 048bc4d6af43
children ac164022ffb8
line wrap: on
line source

data_directory = /var/lib/postfix
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @mailserver %>
myorigin = $mydomain
inet_interfaces = all
inet_protocols = <%= @protocols %>
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
relay_domains = 
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
  
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
policy_time_limit = 3600
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 0
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_protocols = !SSLv2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_key_file = /etc/pki/custom/<%= @mailserver %>.key
smtpd_tls_cert_file = /etc/pki/custom/<%= @mailserver %>.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtp_tls_ciphers = export
smtp_tls_exclude_ciphers = aNULL, MD5
smtp_tls_protocols = !SSLv2
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, MD5
smtp_tls_mandatory_protocols = !SSLv2
tls_preempt_cipherlist = yes
smtpd_tls_eecdh_grade = strong
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:505
virtual_gid_maps = static:505
virtual_alias_maps = hash:/etc/postfix/valias
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
smtpd_helo_required = yes
smtpd_helo_restrictions  = permit_mynetworks, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_whitelist, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/valias-blacklist, check_recipient_access regexp:/etc/postfix/valias-blacklist-regex, check_policy_service unix:private/policy
smtpd_data_restrictions = reject_unauth_pipelining
transport_maps = hash:/etc/postfix/transport
message_size_limit = 15000000
header_checks = regexp:/etc/postfix/header_checks
body_checks  = regexp:/etc/postfix/body_checks
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks

# The following may not be used by all versions of Postfix
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1
postscreen_dnsbl_action = enforce

postscreen_greet_banner = Establishing connection...
postscreen_greet_action = enforce

postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce

postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce

postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access_private.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = enforce

content_filter = smtp-amavis:[127.0.0.1]:10024