diff options
Diffstat (limited to 'roles/mx/templates/etc')
-rw-r--r-- | roles/mx/templates/etc/postfix/main.cf.j2 | 142 |
1 files changed, 0 insertions, 142 deletions
diff --git a/roles/mx/templates/etc/postfix/main.cf.j2 b/roles/mx/templates/etc/postfix/main.cf.j2 deleted file mode 100644 index 0aa91b3..0000000 --- a/roles/mx/templates/etc/postfix/main.cf.j2 +++ /dev/null @@ -1,142 +0,0 @@ -######################################################################## -# MX configuration -# -# {{ ansible_managed }} -# Do NOT edit this file directly! - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no -readme_directory = no -mail_owner = postfix - -delay_warning_time = 4h -maximal_queue_lifetime = 5d - -myorigin = /etc/mailname -myhostname = mx{{ mxno | default('') }}.$mydomain -mydomain = {{ ansible_domain }} -append_dot_mydomain = no - -# Turn off all TCP/IP listener ports except that necessary for the mail -# exchange. -master_service_disable = !smtp.inet inet - -queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} -data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} -multi_instance_group = {{ postfix_instance[inst].group | default('') }} -multi_instance_name = postfix-{{ postfix_instance[inst].name }} -multi_instance_enable = yes - -# This server is a Mail eXchange -mynetworks_style = host -inet_interfaces = all -inet_protocols = all - -# No local delivery -mydestination = -local_transport = error:5.1.1 Mailbox unavailable -alias_maps = -alias_database = -local_recipient_maps = - -message_size_limit = 67108864 -recipient_delimiter = + - -# Forward everything to our internal mailhub -{% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} -{% else %} -relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }} -{% endif %} -relay_domains = - -# Virtual transport -{% if 'LDA' in group_names %} -virtual_transport = smtp:[127.0.0.1]:{{ LDA.port }} -{% else %} -virtual_transport = smtp:[{{ LDA.IPv4 }}]:{{ LDA.port }} -{% endif %} - -virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf -virtual_alias_maps = pcre:$config_directory/virtual/reserved_maps.pcre - ldap:$config_directory/virtual/alias_maps.cf - ldap:$config_directory/virtual/lists_maps.cf - ldap:$config_directory/virtual/alias_catchall_maps.cf -virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox_maps.cf -mailbox_transport_maps = cdb:$config_directory/virtual/reserved_transport_maps - ldap:$config_directory/virtual/transport_lists_maps.cf - -# Don't rewrite remote headers -local_header_rewrite_clients = -# Pass the client information along to the content filter -smtp_send_xforward_command = yes -# Avoid splitting the envelope and scanning messages multiple times -smtp_destination_recipient_limit = 1000 -# Tolerate occasional high latency -smtp_data_done_timeout = 1200s - -# Tunnel everything through IPSec -smtp_tls_security_level = none -smtp_bind_address = 172.16.0.1 - -# TLS -smtpd_tls_security_level = may -smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key -smtpd_tls_CApath = /etc/ssl/certs/ -smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache -smtpd_tls_received_header = yes -smtpd_tls_ask_ccert = yes -smtpd_tls_fingerprint_digest = sha1 -smtpd_tls_eecdh_grade = strong -tls_random_source = dev:/dev/urandom - - -# http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix -# http://www.howtoforge.com/block_spam_at_mta_level_postfix - -strict_rfc821_envelopes = yes -smtpd_delay_reject = yes -disable_vrfy_command = yes - -# UCE control -invalid_hostname_reject_code = 554 -multi_recipient_bounce_reject_code = 554 -non_fqdn_reject_code = 554 -relay_domains_reject_code = 554 -unknown_address_reject_code = 554 -unknown_client_reject_code = 554 -unknown_hostname_reject_code = 554 -unknown_local_recipient_reject_code = 554 -unknown_relay_recipient_reject_code = 554 -unknown_virtual_alias_reject_code = 554 -unknown_virtual_mailbox_reject_code = 554 -unverified_recipient_reject_code = 554 -unverified_sender_reject_code = 554 - - -smtpd_client_restrictions = - permit_mynetworks - reject_rbl_client zen.spamhaus.org - reject_rbl_client bl.spamcop.net - -smtpd_helo_required = yes -smtpd_helo_restrictions = - permit_mynetworks - reject_non_fqdn_helo_hostname - reject_invalid_helo_hostname - -smtpd_sender_restrictions = - reject_non_fqdn_sender - reject_unknown_sender_domain - -smtpd_recipient_restrictions = - # RFC requirements - reject_non_fqdn_recipient - reject_unknown_recipient_domain - permit_mynetworks - reject_unauth_destination - check_policy_service unix:private/postgrey - -smtpd_data_restrictions = - reject_unauth_pipelining |