jketreno/ketr.services
1
0
Fork 0
Code Issues Activity
ketr.services/mail/etc/postfix/main.cf
James Ketrenos 798b228424 Almost working 
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
2023-10-10 18:14:54 -07:00

156 lines
5.6 KiB
CFEngine3
Raw Blame History

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myhostname = ketrenos.com
#myhostname = static-50-126-85-202.cor02.bvtn.or.ptr.ziplyfiber.com
#myhostname = mail.ketrenos.com
# Logging
maillog_file = /var/log/postfix.log
smtpd_banner = $myhostname ESMTP $mail_name
# Enable unverified_sender_verify
# 2022-05-26
unverified_sender_defer_code = 250
biff = no
# 2020-09-16 set max size to 50M as more and more
# messages are exceeding 32M
#
# 2021-05-16 set max size to 200M (2^28) as we are seeing Infuccient
# system storage bounces.
message_size_limit = 0
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
#debug_peer_list = 127.0.0.1
# NOTE:
# `smtpd` prefix is for receiving connections. `smtp` is for outbound
# connections
# TLS parameters
#smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.ketrenos.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.ketrenos.com/privkey.pem
# Trying to fix insufficient space
smtpd_proxy_timeout = 240s
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
#Disable Poodle
smtp_tls_security_level = may
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
# Force TLS for outgoing server connection
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_CApath = /etc/ssl/certs/
smtpd_tls_CApath = /etc/ssl/certs/
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# Changes to SSL Ciphers
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
# If this is used, facebook stops being able to deliver to us :(
#tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ketrenos.com, kiaoramassage.com, sketchitect.com, localhost, email.ketrenos.net, ketrenos.net
relayhost =
mailbox_size_limit = 0
recipient_delimiter = _
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth_client
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_helo_required = yes
broken_sasl_auth_clients = yes
mynetworks = 127.0.0.0/8 192.168.0.0/16
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}" -a "${RECIPIENT}"
tls_random_source = dev:/dev/urandom
content_filter = smtp-amavis:[127.0.0.1]:10024
relay_domains = ketrenos.com, email.ketrenos.net, webserver.ketrenos.net
#transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
# smtpd_client_restrictions =
# permit_mynetworks
# reject_plaintext_session
smtpd_recipient_restrictions =
permit_mynetworks
check_recipient_access hash:/etc/postfix/recipient_restrictions
permit_sasl_authenticated
reject_unauth_destination
reject_rbl_client
zen.spamhaus.org=127.0.0.[2..11],
check_sender_access hash:/etc/postfix/sender_checks
check_policy_service unix:private/policy-spf
reject_unknown_sender_domain
warn_if_reject reject_unverified_sender
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
# Added check_sender_access to block all spoofed root@ketrenos.com email sends
smtpd_relay_restrictions =
permit_mynetworks
check_sender_access hash:/etc/postfix/sender_restrictions
check_recipient_access hash:/etc/postfix/recipient_restrictions
permit_sasl_authenticated
reject_unauth_destination
milter_connect_macros = i b j _ {daemon_name} {if_name} {client_addr}
# https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
milter_protocol = 2
milter_default_action = accept
smtpd_milters = unix:/milter-greylist/milter-greylist.sock, local:opendkim/opendkim.sock
#smtpd_milters = unix:/milter-greylist/milter-greylist.sock
non_smtpd_milters = $smtpd_milters milter_default_action = accept
smtpd_use_tls = yes
smtp_use_tls = no
policy-spf_time_limit = 3600s
compatibility_level = 3.6
Reference in New Issue View Git Blame Copy Permalink