summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/IMAP/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/common/files/etc/postfix/master.cf1
-rw-r--r--roles/lists/templates/etc/postfix/main.cf.j21
3 files changed, 1 insertions, 3 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index 1f1f990..5758146 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -42,42 +42,40 @@ message_size_limit = 67108864
recipient_delimiter = +
# No relay: this server is inbound-only
relay_transport = error:5.1.1 Relay unavailable
default_transport = error:5.1.1 Transport unavailable
# Virtual transport (the alias resolution is already done by the MX:es)
virtual_transport = lmtp:unix:private/dovecot-lmtpd
lmtp_bind_address = 127.0.0.1
virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox.cf
transport_maps = ldap:$config_directory/virtual/transport_content_filter.cf
# Restore the original envelope recipient
relay_domains = $myhostname
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = pcre:$config_directory/recipient_canonical.pcre
# Don't rewrite remote headers
local_header_rewrite_clients =
-# Tolerate occasional high latency
-smtpd_timeout = 1200s
relay_clientcerts = cdb:$config_directory/relay_clientcerts
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
smtpd_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key
smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_fingerprint_digest = sha256
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_client_restrictions =
permit_mynetworks
permit_tls_clientcerts
diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index 02e1658..8ba9f0f 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -40,37 +40,38 @@ scache unix - - - - 1 scache
2525 inet n - - - - smtpd
2526 inet n - - - - smtpd
2527 inet n - - - - smtpd
127.0.0.1:2580 inet n - - - - smtpd
reserved-alias unix - n n - - pipe
flags=Rhu user=nobody argv=/usr/local/sbin/reserved-alias.pl ${sender} ${original_recipient} @fripost.org
mlmmj unix - n n - - pipe
flags=Rhu user=mlmmj argv=/usr/bin/mlmmj-receive -L /var/spool/mlmmj/${domain}/${user}
# Client part (lmtp) - amavis
amavisfeed unix - - n - 5 lmtp
-o lmtp_destination_recipient_limit=1000
-o lmtp_send_xforward_command=yes
-o lmtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
# Server part (smtpd) - amavis (if the MDA and outgoing proxy are on the
# same machine, we need to create another entry, on another port.)
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
+ -o smtpd_timeout=${stress?30}${stress:300}s
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks_style=host
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2
index 9859ac1..da68a42 100644
--- a/roles/lists/templates/etc/postfix/main.cf.j2
+++ b/roles/lists/templates/etc/postfix/main.cf.j2
@@ -47,41 +47,40 @@ message_size_limit = 67108864
recipient_delimiter = +
# Forward everything to our internal mailhub
{% if 'out' in group_names %}
relayhost = [127.0.0.1]:{{ postfix_instance.out.port }}
{% else %}
relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
{% endif %}
relay_domains =
# Virtual transport (the alias resolution is already done by the MX:es)
transport_maps = ldap:$config_directory/virtual/transport_list.cf
mlmmj_destination_recipient_limit = 1
# Don't rewrite remote headers
local_header_rewrite_clients =
# Avoid splitting the envelope and scanning messages multiple times
smtp_destination_recipient_limit = 1000
# Tolerate occasional high latency
smtp_data_done_timeout = 1200s
-smtpd_timeout = 1200s
# Forward everything to our internal outgoing proxy
{% if 'out' in group_names %}
relayhost = [127.0.0.1]:{{ postfix_instance.out.port }}
{% else %}
relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
{% endif %}
relay_domains =
{% if 'out' in group_names %}
smtp_tls_security_level = none
smtp_bind_address = 127.0.0.1
{% else %}
smtp_tls_security_level = encrypt
smtp_tls_cert_file = $config_directory/ssl/{{ ansible_fqdn }}.pem
smtp_tls_key_file = $config_directory/ssl/{{ ansible_fqdn }}.key
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_policy_maps = cdb:$config_directory/tls_policy
smtp_tls_fingerprint_digest = sha256
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 23:42:01 +0000