summaryrefslogtreecommitdiffstats
path: root/roles/mx/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/mx/templates')
-rw-r--r--roles/mx/templates/etc/postfix/main.cf.j2142
1 files changed, 0 insertions, 142 deletions
diff --git a/roles/mx/templates/etc/postfix/main.cf.j2 b/roles/mx/templates/etc/postfix/main.cf.j2
deleted file mode 100644
index 0aa91b3..0000000
--- a/roles/mx/templates/etc/postfix/main.cf.j2
+++ /dev/null
@@ -1,142 +0,0 @@
-########################################################################
-# MX configuration
-#
-# {{ ansible_managed }}
-# Do NOT edit this file directly!
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-readme_directory = no
-mail_owner = postfix
-
-delay_warning_time = 4h
-maximal_queue_lifetime = 5d
-
-myorigin = /etc/mailname
-myhostname = mx{{ mxno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
-append_dot_mydomain = no
-
-# Turn off all TCP/IP listener ports except that necessary for the mail
-# exchange.
-master_service_disable = !smtp.inet inet
-
-queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }}
-data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }}
-multi_instance_group = {{ postfix_instance[inst].group | default('') }}
-multi_instance_name = postfix-{{ postfix_instance[inst].name }}
-multi_instance_enable = yes
-
-# This server is a Mail eXchange
-mynetworks_style = host
-inet_interfaces = all
-inet_protocols = all
-
-# No local delivery
-mydestination =
-local_transport = error:5.1.1 Mailbox unavailable
-alias_maps =
-alias_database =
-local_recipient_maps =
-
-message_size_limit = 67108864
-recipient_delimiter = +
-
-# Forward everything to our internal mailhub
-{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
-{% else %}
-relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
-{% endif %}
-relay_domains =
-
-# Virtual transport
-{% if 'LDA' in group_names %}
-virtual_transport = smtp:[127.0.0.1]:{{ LDA.port }}
-{% else %}
-virtual_transport = smtp:[{{ LDA.IPv4 }}]:{{ LDA.port }}
-{% endif %}
-
-virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
-virtual_alias_maps = pcre:$config_directory/virtual/reserved_maps.pcre
- ldap:$config_directory/virtual/alias_maps.cf
- ldap:$config_directory/virtual/lists_maps.cf
- ldap:$config_directory/virtual/alias_catchall_maps.cf
-virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox_maps.cf
-mailbox_transport_maps = cdb:$config_directory/virtual/reserved_transport_maps
- ldap:$config_directory/virtual/transport_lists_maps.cf
-
-# Don't rewrite remote headers
-local_header_rewrite_clients =
-# Pass the client information along to the content filter
-smtp_send_xforward_command = yes
-# Avoid splitting the envelope and scanning messages multiple times
-smtp_destination_recipient_limit = 1000
-# Tolerate occasional high latency
-smtp_data_done_timeout = 1200s
-
-# Tunnel everything through IPSec
-smtp_tls_security_level = none
-smtp_bind_address = 172.16.0.1
-
-# TLS
-smtpd_tls_security_level = may
-smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_tls_CApath = /etc/ssl/certs/
-smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
-smtpd_tls_received_header = yes
-smtpd_tls_ask_ccert = yes
-smtpd_tls_fingerprint_digest = sha1
-smtpd_tls_eecdh_grade = strong
-tls_random_source = dev:/dev/urandom
-
-
-# http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix
-# http://www.howtoforge.com/block_spam_at_mta_level_postfix
-
-strict_rfc821_envelopes = yes
-smtpd_delay_reject = yes
-disable_vrfy_command = yes
-
-# UCE control
-invalid_hostname_reject_code = 554
-multi_recipient_bounce_reject_code = 554
-non_fqdn_reject_code = 554
-relay_domains_reject_code = 554
-unknown_address_reject_code = 554
-unknown_client_reject_code = 554
-unknown_hostname_reject_code = 554
-unknown_local_recipient_reject_code = 554
-unknown_relay_recipient_reject_code = 554
-unknown_virtual_alias_reject_code = 554
-unknown_virtual_mailbox_reject_code = 554
-unverified_recipient_reject_code = 554
-unverified_sender_reject_code = 554
-
-
-smtpd_client_restrictions =
- permit_mynetworks
- reject_rbl_client zen.spamhaus.org
- reject_rbl_client bl.spamcop.net
-
-smtpd_helo_required = yes
-smtpd_helo_restrictions =
- permit_mynetworks
- reject_non_fqdn_helo_hostname
- reject_invalid_helo_hostname
-
-smtpd_sender_restrictions =
- reject_non_fqdn_sender
- reject_unknown_sender_domain
-
-smtpd_recipient_restrictions =
- # RFC requirements
- reject_non_fqdn_recipient
- reject_unknown_recipient_domain
- permit_mynetworks
- reject_unauth_destination
- check_policy_service unix:private/postgrey
-
-smtpd_data_restrictions =
- reject_unauth_pipelining