# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
-daemon_directory = /usr/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
-mydestination = $myhostname, dehnert.arctic.org, localhost, dehnerts.com, www.dehnerts.com, mail.dehnerts.com, copan.dehnerts.com, mail.dehnert.arctic.org, copan.dehnert.arctic.org, borobudur.dehnert.arctic.org, borobudur.dehnerts.com, gwynedd.dehnert.arctic.org, gwynedd.dehnerts.com, olinda.dehnerts.com, olinda.dehnert.arctic.org, olinda.mit.edu
+mydestination = $myhostname, dehnert.arctic.org, localhost, localhost.localdomain, localhost.dehnerts.com, localdomain.localdomain, dehnerts.com, www.dehnerts.com, mail.dehnerts.com, copan.dehnerts.com, mail.dehnert.arctic.org, copan.dehnert.arctic.org, borobudur.dehnert.arctic.org, borobudur.dehnerts.com, gwynedd.dehnert.arctic.org, gwynedd.dehnerts.com, olinda.dehnerts.com, olinda.dehnert.arctic.org, olinda.mit.edu
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
-unknown_local_recipient_reject_code = 450
+#unknown_local_recipient_reject_code = 450
+unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# (the value on the table right-hand side is not used).
#
# Added by Alex Dehnert
-mynetworks = 66.92.29.156/32, 66.92.29.144/32, 127.0.0.1/32, 18.111.8.18/32, 18.208.0.0/24
+mynetworks = 66.92.29.156/32, 66.92.29.144/32, 127.0.0.1/32, 18.111.8.18/32, [::1]/128
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
-smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt
+smtpd_tls_cert_file=/etc/ssl/local-certs/postfix.crt
smtpd_tls_key_file=/etc/ssl/private/postfix.key
-smtpd_use_tls = no
+smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# Milter configuration
+# Based on https://www.linode.com/docs/guides/configure-spf-and-dkim-in-postfix-on-debian-9/#testing-postfix-dkim-on-debian-9-with-a-gmail-test
+# http://www.opendkim.org/opendkim-README
+# http://www.postfix.org/MILTER_README.html
+# OpenDKIM
+milter_default_action = accept
+# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2
+milter_protocol = 6
+smtpd_milters = unix:opendkim/opendkim.sock
+non_smtpd_milters = $smtpd_milters
+
+# Alex Dehnert, 2017-11-01
+# Based on https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail
+
+#sender_dependent_default_transport_maps = hash:/etc/mail/sender-transport
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
mailbox_command = /usr/lib/dovecot/deliver
#mailbox_command = /some/where/procmail -a "$EXTENSION"
+# Bump mailbox size limit to 512MB since cache files were maxing out
+# See https://wiki.dovecot.org/LDA/Postfix
+mailbox_size_limit = 512000000
+
+# Max message size 40MB
+message_size_limit = 41943040
+
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# 2005-01-19
owner_request_special = no
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject_unauth_destination
projects / sysconfig / postfix.git / blobdiff