X-Git-Url: https://pwan.org/git/?p=hgr.git;a=blobdiff_plain;f=templates%2Fpostfix%2Fmain.cf.erb;fp=templates%2Fpostfix%2Fmain.cf.erb;h=4710d594e3372bd2bdf0d87abe55a48d95bdb88e;hp=0000000000000000000000000000000000000000;hb=cb5a94b9d4662bcb79cc59e23c9d3f1bbdb31cc5;hpb=8e287a49e4932a8a9b7b20b4372225a9d5ea5bd9

diff --git a/templates/postfix/main.cf.erb b/templates/postfix/main.cf.erb
new file mode 100644
index 0000000..4710d59
--- /dev/null
+++ b/templates/postfix/main.cf.erb
@@ -0,0 +1,67 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_cert_file=/etc/ssl/certs/<%= scope.lookupvar('::fqdn') %>.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_key_file=/etc/ssl/private/<%= scope.lookupvar('::fqdn') %>.key
+smtpd_tls_CAfile=/etc/ssl/certs/<%= scope.lookupvar('::fqdn') %>-CA.pem
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+#myhostname = localhost
+myhostname = <%= scope.lookupvar('::fqdn') %>
+alias_maps = hash:/etc/aliases,regexp:/etc/postfix/regexp_aliases
+alias_database = hash:/etc/aliases
+myorigin = <%= scope.lookupvar('::fqdn') %>
+mydestination = <%= scope.lookupvar('::fqdn') %>, localhost, localhost.localdomain, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+mailbox_command = procmail -a "$EXTENSION"
+home_mailbox = Maildir/
+
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myhostname
+broken_sasl_auth_clients = yes
+
+smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
+#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, 
+#  reject_unknown_sender_domain,reject
+
+smtpd_recipient_restrictions = reject_unauth_pipelining,
+  permit_sasl_authenticated,
+  permit_mynetworks,
+  reject_non_fqdn_recipient,
+  reject_unknown_recipient_domain,
+  reject_unauth_destination,
+  reject_rbl_client sbl-xbl.spamhaus.org,  
+  check_sender_access hash:/etc/postfix/sender_access
+relay_domains = <%= scope.lookupvar('::fqdn') %>