- # LOCAL PATHNAME INFORMATION
- queue_directory = /var/spool/postfix
- command_directory = /usr/sbin
- data_directory = /var/lib/postfix
- # QUEUE AND PROCESS OWNERSHIP
- mail_owner = postfix
- # INTERNET HOST AND DOMAIN NAMES
- myhostname = mail.minchev.bg
- mydomain = minchev.bg
- # SENDING MAIL
- #myorigin = $mydomain
- myorigin = $myhostname
- # RECEIVING MAIL
- mydestination = localhost
- #mydestination = $myhostname, localhost.$mydomain, mail.minchev.bg, mailback.minchev.bg, localhost
- inet_interfaces = 46.101.110.243, 127.0.0.1
- #custom settings for master postfix configuration
- #https://www.akadia.com/services/postfix_mx_backup.html
- relay_domains = $mydestination, mailback.minchev.bg
- transport_maps = hash:/etc/postfix/transport
- relay_recipient_maps = hash:/etc/postfix/relay_recipients
- #https://stackoverflow.com/questions/34266699/warning-pipe-flag-d-requires-dovecot-destination-recipient-limit-1
- #dovecot_destination_recipient_limit = 1
- #https://github.com/tomav/docker-mailserver/issues/362
- virtualprocmail_destination_recipient_limit = 1
- # REJECTING MAIL FROM UNKNOWN LOCAL USERS
- unknown_local_recipient_reject_code = 550
- # TRUST AND RELAY CONTROL
- mynetworks_style = host
- #mynetworks = 46.101.110.240/29, 127.0.0.0/12
- mynetworks = 127.0.0.0/12
- # DKIM SMTP SIGNATURE
- #smtpd_milters = inet:localhost:12301
- #smtpd_milters = unix:/var/run/opendkim/opendkim.sock
- #non_smtpd_milters = inet:localhost:12301
- #non_smtp_milters = unix:/var/run/opendkim/opendkim.sock
- milter_default_action = accept
- #milter_protocol = 6
- # BEGIN of custom content
- home_mailbox = Maildir/
- #default_transport = smtp
- #backup mail custom configuration
- #http://www.postfix.org/STANDARD_CONFIGURATION_README.html
- #relay_domains = shkolata.eu, lyubo.info, $mydestination
- #relay_recipient_maps = hash:/etc/postfix/relay_recipients
- #proxy_interfaces = 78.142.62.243
- # VIRTUAL DOMAIN AND USER OPTIONS
- virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
- virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
- virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
- virtual_mailbox_base = /var/mail
- virtual_mailbox_limit = 512000000
- virtual_minimum_uid = 7788
- #virtual_transport = dovecot
- virtual_transport = virtualprocmail:email
- #virtual_transport = smtp:minchev.bg:
- #virtualprocmail_destination_recipient_limit=1
- virtual_uid_maps = static:7788
- virtual_gid_maps = static:7788
- local_recipient_maps = $virtual_mailbox_maps
- sender_canonical_maps = hash:/etc/postfix/sender_canonical
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = /var/run/dovecot/auth-client
- #smtpd_sasl_path = private/auth
- smtpd_banner = mail.minchev.bg ESMTP $mail_name (Debian/GNU)
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
- smtp_use_tls = yes
- smtpd_use_tls = yes
- smtp_tls_note_starttls_offer = yes
- smtpd_tls_received_header = yes
- smtpd_tls_session_cache_timeout = 3600s
- smtpd_tls_cert_file=/etc/letsencrypt/live/minchev.bg/cert.pem
- smtpd_tls_key_file=/etc/letsencrypt/live/minchev.bg/privkey.pem
- smtpd_tls_CAfile=/etc/letsencrypt/live/minchev.bg/chain.pem
- smtp_tls_CAfile=/etc/letsencrypt/live/minchev.bg/chain.pem
- smtpd_sasl_local_domain = $mydomain
- broken_sasl_auth_clients = yes
- smtpd_tls_loglevel = 1
- tls_random_source = dev:/dev/urandom
- #policy-spf_time_limit = 3600s
- # ALIAS DATABASE
- alias_maps = hash:/etc/postfix/virtual_alias_maps.cf
- alias_database = /etc/postfix/virtual_alias_maps.cf
- # FIX EMPTY HEADERS
- always_add_missing_headers = yes
- # INSTALL-TIME CONFIGURATION INFORMATION
- sendmail_path = /usr/bin/sendmail
- newaliases_path = /usr/bin/newaliases
- mailq_path = /usr/bin/mailq
- setgid_group = postdrop
- html_directory = no
- manpage_directory = /usr/share/man
- readme_directory = /usr/share/doc/postfix
- inet_protocols = ipv4
- smtpd_sender_login_maps = mysql:/etc/postfix/virtual_sender_login_maps.cf
- smtpd_helo_required = yes
- smtpd_helo_restrictions = permit_mynetworks,
- check_client_access hash:/etc/postfix/rbl_whitelist,
- reject_invalid_helo_hostname,
- reject_non_fqdn_helo_hostname,
- reject_unknown_helo_hostname
- smtpd_sender_restrictions = permit_mynetworks,
- check_client_access hash:/etc/postfix/rbl_whitelist,
- reject_non_fqdn_sender,
- reject_unknown_sender_domain
- #backup mail custom config
- smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
- #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
- smtpd_recipient_restrictions =
- check_client_access hash:/etc/postfix/rbl_whitelist,
- permit_sasl_authenticated, permit_mynetworks,
- reject_non_fqdn_hostname,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unauth_destination,
- reject_unauth_pipelining,
- reject_invalid_hostname,
- reject_rbl_client zen.spamhaus.org
- smtpd_data_restrictions = reject_unauth_pipelining, permit
- #end custom settings
- mailbox_size_limit = 107374182
- message_size_limit = 52428800
- body_checks_size_limit = 52428800
- #Pocmail config
- mailbox_command = procmail -a "$EXTENSION"
- #mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=/var/mail/Maildir/ MAILDIR=/var/mail/Maildir/
- #Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
- disable_vrfy_command = yes