summaryrefslogtreecommitdiffstats
path: root/roles/MX/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/MX/templates')
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j219
1 files changed, 9 insertions, 10 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 09a5ce7..11c8199 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -69,12 +69,12 @@ transport_maps = cdb:$config_directory/virtual/transport
# Don't rewrite remote headers
-local_header_rewrite_clients =
+local_header_rewrite_clients =
# Pass the client information along to the content filter
-smtp_send_xforward_command = yes
+smtp_send_xforward_command = yes
# Avoid splitting the envelope and scanning messages multiple times
-smtp_destination_recipient_limit = 1000
-reserved-alias_recipient_limit = 1
+smtp_destination_recipient_limit = 1000
+reserved-alias_destination_recipient_limit = 1
# Tolerate occasional high latency
smtp_data_done_timeout = 1200s
@@ -90,7 +90,6 @@ smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy
smtp_tls_fingerprint_digest = sha256
{% endif %}
-smtpd_tls_security_level = none
smtpd_tls_security_level = may
smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
@@ -140,7 +139,7 @@ postscreen_dnsbl_sites =
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_greet_action = enforce
-postscreen_whitelist_interfaces = !88.80.11.28 static:all
+postscreen_whitelist_interfaces = !88.80.11.28 ![2a00:16b0:242:13::de30] static:all
smtpd_client_restrictions =
permit_mynetworks
@@ -154,13 +153,13 @@ smtpd_helo_restrictions =
smtpd_sender_restrictions =
reject_non_fqdn_sender
-smtpd_recipient_restrictions =
- # RFC requirements
- reject_non_fqdn_recipient
+smtpd_relay_restrictions =
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
- permit_dnswl_client list.dnswl.org
+
+smtpd_recipient_restrictions =
+ reject_non_fqdn_recipient
smtpd_data_restrictions =
reject_unauth_pipelining