Skip to content

Instantly share code, notes, and snippets.

@steelcowboy
Created January 28, 2019 05:55
Show Gist options
  • Save steelcowboy/c1b2f97dcfd90988a716be2c8e08a38f to your computer and use it in GitHub Desktop.
Save steelcowboy/c1b2f97dcfd90988a716be2c8e08a38f to your computer and use it in GitHub Desktop.
alias_maps =
lmtp_host_lookup = native
message_size_limit = 50000000
milter_default_action = tempfail
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination =
mydomain = mysite.com
myhostname = mail.mysite.com
mynetworks = 127.0.0.1/32 [::1]/128 192.168.203.0/24
myorigin = $mydomain
podop = socketmap:unix:/tmp/podop.socket:
queue_directory = /queue
recipient_delimiter = +
relay_domains = ${podop}transport
relayhost = [email-smtp.us-west-2.amazonaws.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_authorized_xclient_hosts = 192.168.203.0/24
smtpd_client_restrictions = permit_mynetworks, check_sender_access
${podop}senderaccess, reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unverified_recipient, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_milters = inet:antispam:11332
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sender_login_maps = ${podop}senderlogin
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
transport_maps = ${podop}transport
unverified_recipient_reject_reason = Address lookup failure
virtual_alias_domains =
virtual_alias_maps = ${podop}alias
virtual_mailbox_domains = ${podop}domain
virtual_mailbox_maps = ${podop}mailbox
virtual_transport = lmtp:inet:imap:2525
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment