superboum · August 29, 2015 14:18
diff --git a/main.cf b/main.cf
 message_size_limit = 204800000 # Big attachement file, not safe in prod :p

 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no

 # appending .domain is the MUA's job.
 append_dot_mydomain = no

 # Uncomment the next line to generate "delayed mail" warnings
 #delay_warning_time = 4h

 readme_directory = no

 # TLS parameters
 smtpd_tls_cert_file=/path/to/file.pem
 smtpd_tls_key_file=/path/to/file.key
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 #smtp_tls_policy_maps = hash:/path/to/tls_policy
 smtp_tls_security_level = may

 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.

 myhostname = example.com
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = example.home
 relayhost = [my.relay.com]:587
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 # I don't need auth for this IP
 #mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
 mailbox_size_limit = 0 # unlimited
 recipient_delimiter = + # [email protected] will be the same as [email protected]
 inet_interfaces = all # Listen on all interfaces

 # Force authentication for SMTP
 smtp_sasl_auth_enable = yes 
 smtpd_sasl_path = smtpd
 smtpd_sasl_local_domain = example.com
 smtpd_sasl_authenticated_header = yes

 smtp_sasl_password_maps = hash:/etc/postfix/sasl_client
 smtp_sasl_security_options = noanonymous 
 smtpd_recipient_restrictions =
    permit_sasl_authenticated
    #check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination
 inet_protocols = all
 smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

 # Useful when you have a relay, in order to limit flood and ban !
 slow_destination_recipient_limit = 20
 slow_destination_concurrency_limit = 2

 virtual_alias_domains = example.net, example.fr, example.org
 virtual_alias_maps = hash:/etc/postfix/virtual
 dovecot_destination_recipient_limit = 1
 virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
 virtual_mailbox_domains = example.com
 virtual_transport = dovecot
diff --git a/master.cf b/master.cf
 # Not the full file
 flags=DRhu user=mailstore:mailstore argv=/usr/bin/sudo /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}
	message_size_limit = 204800000 # Big attachement file, not safe in prod :p

	smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
	biff = no

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	# Uncomment the next line to generate "delayed mail" warnings
	#delay_warning_time = 4h

	readme_directory = no

	# TLS parameters
	smtpd_tls_cert_file=/path/to/file.pem
	smtpd_tls_key_file=/path/to/file.key
	smtpd_use_tls=yes
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
	#smtp_tls_policy_maps = hash:/path/to/tls_policy
	smtp_tls_security_level = may

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	myhostname = example.com
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	myorigin = /etc/mailname
	mydestination = example.home
	relayhost = [my.relay.com]:587
	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 # I don't need auth for this IP
	#mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
	mailbox_size_limit = 0 # unlimited
	recipient_delimiter = + # [email protected] will be the same as [email protected]
	inet_interfaces = all # Listen on all interfaces

	# Force authentication for SMTP
	smtp_sasl_auth_enable = yes
	smtpd_sasl_path = smtpd
	smtpd_sasl_local_domain = example.com
	smtpd_sasl_authenticated_header = yes

	smtp_sasl_password_maps = hash:/etc/postfix/sasl_client
	smtp_sasl_security_options = noanonymous
	smtpd_recipient_restrictions =
	permit_sasl_authenticated
	#check_recipient_access hash:/etc/postfix/filtered_domains
	permit_mynetworks
	reject_unauth_destination
	inet_protocols = all
	smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

	# Useful when you have a relay, in order to limit flood and ban !
	slow_destination_recipient_limit = 20
	slow_destination_concurrency_limit = 2

	virtual_alias_domains = example.net, example.fr, example.org
	virtual_alias_maps = hash:/etc/postfix/virtual
	dovecot_destination_recipient_limit = 1
	virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
	virtual_mailbox_domains = example.com
	virtual_transport = dovecot
	# Not the full file
	flags=DRhu user=mailstore:mailstore argv=/usr/bin/sudo /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}