X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=main.cf;h=bba2fed424ff4410e50723cc5910bae32ce9b84f;hb=1e88f4e82197f80a6b0f512b2d372d4faa504896;hp=28737b0e38de7ce1b4d40c6ff3c74c891220d303;hpb=a5cec222bd876d4d381333bd515f2dead7e177c7;p=sysconfig%2Fpostfix.git diff --git a/main.cf b/main.cf index 28737b0..bba2fed 100644 --- a/main.cf +++ b/main.cf @@ -38,7 +38,6 @@ command_directory = /usr/sbin # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # -daemon_directory = /usr/lib/postfix # QUEUE AND PROCESS OWNERSHIP # @@ -150,7 +149,7 @@ myorigin = $mydomain # # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". # -mydestination = $myhostname, dehnert.arctic.org, localhost, dehnerts.com, www.dehnerts.com, mail.dehnerts.com, copan.dehnerts.com, mail.dehnert.arctic.org, copan.dehnert.arctic.org, borobudur.dehnert.arctic.org, borobudur.dehnerts.com, gwynedd.dehnert.arctic.org, gwynedd.dehnerts.com, olinda.dehnerts.com, olinda.dehnert.arctic.org, olinda.mit.edu +mydestination = $myhostname, dehnert.arctic.org, localhost, localhost.localdomain, localhost.dehnerts.com, localdomain.localdomain, dehnerts.com, www.dehnerts.com, mail.dehnerts.com, copan.dehnerts.com, mail.dehnert.arctic.org, copan.dehnert.arctic.org, borobudur.dehnert.arctic.org, borobudur.dehnerts.com, gwynedd.dehnert.arctic.org, gwynedd.dehnerts.com, olinda.dehnerts.com, olinda.dehnert.arctic.org, olinda.mit.edu #mydestination = $myhostname, localhost.$mydomain, localhost #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, @@ -213,7 +212,8 @@ local_recipient_maps = unix:passwd.byname $alias_maps # with 450 (try again later) until you are certain that your # local_recipient_maps settings are OK. # -unknown_local_recipient_reject_code = 450 +#unknown_local_recipient_reject_code = 450 +unknown_local_recipient_reject_code = 550 # TRUST AND RELAY CONTROL @@ -257,7 +257,7 @@ unknown_local_recipient_reject_code = 450 # (the value on the table right-hand side is not used). # # Added by Alex Dehnert -mynetworks = 66.92.29.156/32, 66.92.29.144/32, 127.0.0.1/32, 18.111.8.18/32, 18.208.0.0/24 +mynetworks = 66.92.29.156/32, 66.92.29.144/32, 127.0.0.1/32, 18.111.8.18/32, [::1]/128 #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table @@ -272,12 +272,28 @@ smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth -smtpd_tls_cert_file=/etc/ssl/certs/postfix.crt +smtpd_tls_cert_file=/etc/ssl/local-certs/postfix.crt smtpd_tls_key_file=/etc/ssl/private/postfix.key -smtpd_use_tls = no +smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# Milter configuration +# Based on https://www.linode.com/docs/guides/configure-spf-and-dkim-in-postfix-on-debian-9/#testing-postfix-dkim-on-debian-9-with-a-gmail-test +# http://www.opendkim.org/opendkim-README +# http://www.postfix.org/MILTER_README.html +# OpenDKIM +milter_default_action = accept +# Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 +milter_protocol = 6 +smtpd_milters = unix:opendkim/opendkim.sock +non_smtpd_milters = $smtpd_milters + +# Alex Dehnert, 2017-11-01 +# Based on https://serverfault.com/questions/663979/virtual-alias-domains-how-to-use-different-ip-addresses-when-forwarding-mail + +#sender_dependent_default_transport_maps = hash:/etc/mail/sender-transport # The relay_domains parameter restricts what destinations this system will # relay mail to. See the smtpd_recipient_restrictions description in @@ -475,6 +491,13 @@ home_mailbox = .maildir/ mailbox_command = /usr/lib/dovecot/deliver #mailbox_command = /some/where/procmail -a "$EXTENSION" +# Bump mailbox size limit to 512MB since cache files were maxing out +# See https://wiki.dovecot.org/LDA/Postfix +mailbox_size_limit = 512000000 + +# Max message size 40MB +message_size_limit = 41943040 + # The mailbox_transport specifies the optional transport in master.cf # to use after processing aliases and .forward files. This parameter # has precedence over the mailbox_command, fallback_transport and @@ -689,3 +712,4 @@ home_mailbox = .maildir/ # 2005-01-19 owner_request_special = no +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject_unauth_destination