diff options
Diffstat (limited to 'roles/MSA/templates/etc/postfix')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index a48a327..65a0339 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -33,40 +33,41 @@ multi_instance_enable = yes mydestination = local_transport = error:5.1.1 Mailbox unavailable alias_maps = alias_database = local_recipient_maps = message_size_limit = 67108864 recipient_delimiter = + # Forward everything to our internal outgoing proxy relayhost = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }} relay_domains = # Don't rewrite remote headers local_header_rewrite_clients = # Avoid splitting the envelope and scanning messages multiple times smtp_destination_recipient_limit = 1000 # Tolerate occasional high latency smtp_data_done_timeout = 1200s +policyd-spf_time_limit = $ipc_timeout # Anonymize the (authenticated) sender; pass the mail to the antivirus header_checks = pcre:$config_directory/anonymize_sender.pcre #content_filter = amavisfeed:unix:public/amavisfeed-antivirus # TLS smtp_tls_security_level = none smtpd_tls_security_level = encrypt smtpd_tls_ciphers = high smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtpd_tls_cert_file = $config_directory/ssl/smtp.fripost.org.pem smtpd_tls_key_file = $config_directory/ssl/smtp.fripost.org.key smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem smtpd_tls_session_cache_database= smtpd_tls_received_header = yes # SASL smtpd_sasl_auth_enable = yes @@ -90,33 +91,34 @@ address_verify_relayhost = address_verify_sender_ttl = 8069m address_verify_negative_refresh_time = 5m unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 address_verify_map = lmdb:$data_directory/verify_cache address_verify_default_transport = smtp_verify smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_login_maps = socketmap:unix:private/sender-login:sender_login smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access lmdb:$config_directory/check_sender_access + check_policy_service unix:private/policyd-spf reject_known_sender_login_mismatch smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient permit_sasl_authenticated reject smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : |