######################################################################## # Outgoing MTA (outgoing SMTP proxy) configuration # # {{ ansible_managed }} # Do NOT edit this file directly! smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no readme_directory = no mail_owner = postfix delay_warning_time = 1d maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = outgoing{{ outgoingno | default('') }}.$mydomain mydomain = fripost.org append_dot_mydomain = no mynetworks = 127.0.0.0/8, [::1]/128 {%- if groups.all | length > 1 -%} , {{ ipsec_subnet }} {% endif %} queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} multi_instance_group = {{ postfix_instance[inst].group | default('') }} multi_instance_name = postfix-{{ postfix_instance[inst].name }} multi_instance_enable = yes # No local delivery mydestination = local_transport = error:5.1.1 Mailbox unavailable alias_maps = alias_database = local_recipient_maps = message_size_limit = 0 recipient_delimiter = + relay_domains = relay_transport = error:5.3.2 Relay Transport unavailable # All header rewriting happens upstream local_header_rewrite_clients = smtp_tls_security_level = may smtp_tls_ciphers = medium smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_tls_security_level = none strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes address_verify_sender = $double_bounce_sender@$mydomain address_verify_sender_ttl = 24h unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_mynetworks # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient permit_mynetworks reject smtpd_data_restrictions = reject_unauth_pipelining content_filter = amavisfeed:[127.0.0.1]:10040 # vim: set filetype=pfmain :