-
-
Save Thermi/2efe1258ed9daf0df953ed93e1895613 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Only bind to 127.0.0.1 and ::1 so local SMTP clients (msmtp) can connect to it | |
| inet_interfaces = localhost | |
| # Use IPv4 and IPv6 | |
| inet_protocols = all | |
| myorigin = $myhostname | |
| smtp_sender_dependent_authentication = yes | |
| smtp_sasl_auth_enable = yes | |
| smtp_sasl_security_options = noplaintext noanonymous | |
| smtp_connection_cache_on_demand = no | |
| smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | |
| # Disables insecure sendmail | |
| authorized_submit_users = | |
| # You probably don't want to send the credentials to the remote MX in the clear | |
| smtp_tls_security_level = encrypt | |
| smtp_tls_ciphers = high | |
| sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent | |
| sender_canonical_maps = hash:/etc/postfix/sender_canonical | |
| smtpd_sender_login_maps = regexp:/etc/postfix/sender_login_map | |
| smtpd_helo_required = yes | |
| smtpd_reject_unlisted_sender = yes | |
| # For local SASL authentication where the user credentials are stored in dovecot | |
| smtpd_sasl_type = dovecot | |
| smtpd_sasl_path = private/auth | |
| smtpd_sasl_auth_enable = yes | |
| smtpd_sasl_authenticated_header = yes | |
| smtpd_reject_unlisted_sender = yes | |
| smtpd_sasl_security_options = noanonymous | |
| # Point this to the right local CA bundle | |
| smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt | |
| smtpd_helo_restrictions = permit_sasl_authenticated | |
| reject | |
| smtpd_client_restrictions = permit_sasl_authenticated | |
| reject | |
| smtpd_recipient_restrictions = reject_unknown_recipient_domain | |
| reject_unverified_recipient | |
| reject_non_fqdn_recipient | |
| permit | |
| smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch | |
| reject_unauthenticated_sender_login_mismatch | |
| permit | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $local_user_and_domain $remote_user_and_domain |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This can be a map of many types. (hash, regexp, ...) | |
| # Look up happens with the key being the sender address and the table should return the SASL | |
| # user that is allowed to send as this sender | |
| # This is regexp style | |
| /^marketing@remotething\.com$/ local_sasl_account_goes_here | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment