-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.cf
60 lines (56 loc) · 2.07 KB
/
main.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
myhostname = {{ domain }}
mydomain = {{ domain }}
mydestination = $myhostname, localhost
mynetworks = 127.0.0.0/8 {{ additional_net }}
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
inet_interfaces = 127.0.0.1, {{ additional_ip }}
default_transport = smtp
# only use ipv4, because ipv6 fails under some circumstances
inet_protocols = ipv4
smtp_address_preference = ipv4
# recipient_delimiter = +
mailbox_size_limit = 0
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
append_dot_mydomain = no
readme_directory = no
# use Maildir type spool directories
mail_spool_directory = /var/mail/
# connect postfix with opendkim milter
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345
# TLS Incoming
smtpd_use_tls=yes
# enforce the server cipher preference
tls_preempt_cipherlist = yes
smtpd_tls_cert_file=/app/etc/server.cert.pem
smtpd_tls_key_file=/app/etc/server.key.pem
# smtpd_tls_dh1024_param_file = /app/etc/dhparam.pem
# smtpd_tls_dh1024_param_file is missleading name, takes >= 1024bit dhparam file
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# enable ECDH
smtpd_tls_eecdh_grade = strong
smtpd_tls_security_level=may
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL
# enable TLS logging to see the ciphers for inbound connections
smtpd_tls_loglevel = 1
# TLS Outgoing
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = medium
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL
# enable TLS logging to see the ciphers for outbound connections
smtp_tls_loglevel = 1