# LOCAL PATHNAME INFORMATION
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
data_directory = /var/lib/postfix

# QUEUE AND PROCESS OWNERSHIP
mail_owner = postfix

# INTERNET HOST AND DOMAIN NAMES
myhostname = mail.minchev.bg
mydomain = minchev.bg

# SENDING MAIL
#myorigin = $mydomain
myorigin = $myhostname

# RECEIVING MAIL
mydestination = localhost
#mydestination =  $myhostname, localhost.$mydomain, mail.minchev.bg, mailback.minchev.bg, localhost
inet_interfaces = 46.101.110.243, 127.0.0.1

#custom settings for master postfix configuration
#https://www.akadia.com/services/postfix_mx_backup.html
relay_domains = $mydestination, mailback.minchev.bg
transport_maps = hash:/etc/postfix/transport
relay_recipient_maps = hash:/etc/postfix/relay_recipients

#https://stackoverflow.com/questions/34266699/warning-pipe-flag-d-requires-dovecot-destination-recipient-limit-1
#dovecot_destination_recipient_limit = 1
#https://github.com/tomav/docker-mailserver/issues/362
virtualprocmail_destination_recipient_limit = 1


# REJECTING MAIL FROM UNKNOWN LOCAL USERS
unknown_local_recipient_reject_code = 550

# TRUST AND RELAY CONTROL
mynetworks_style = host
#mynetworks = 46.101.110.240/29, 127.0.0.0/12
mynetworks = 127.0.0.0/12

# DKIM SMTP SIGNATURE
#smtpd_milters = inet:localhost:12301
#smtpd_milters = unix:/var/run/opendkim/opendkim.sock
#non_smtpd_milters = inet:localhost:12301
#non_smtp_milters = unix:/var/run/opendkim/opendkim.sock
milter_default_action = accept
#milter_protocol = 6

# BEGIN of custom content
home_mailbox = Maildir/
#default_transport = smtp

#backup mail custom configuration
#http://www.postfix.org/STANDARD_CONFIGURATION_README.html
#relay_domains = shkolata.eu, lyubo.info, $mydestination
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
#proxy_interfaces = 78.142.62.243

# VIRTUAL DOMAIN AND USER OPTIONS
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 7788

#virtual_transport = dovecot
virtual_transport = virtualprocmail:email
#virtual_transport = smtp:minchev.bg:
#virtualprocmail_destination_recipient_limit=1

virtual_uid_maps = static:7788
virtual_gid_maps = static:7788
local_recipient_maps = $virtual_mailbox_maps
sender_canonical_maps = hash:/etc/postfix/sender_canonical


smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
#smtpd_sasl_path = private/auth
smtpd_banner = mail.minchev.bg ESMTP $mail_name (Debian/GNU)

smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtpd_tls_cert_file=/etc/letsencrypt/live/minchev.bg/cert.pem
smtpd_tls_key_file=/etc/letsencrypt/live/minchev.bg/privkey.pem
smtpd_tls_CAfile=/etc/letsencrypt/live/minchev.bg/chain.pem
smtp_tls_CAfile=/etc/letsencrypt/live/minchev.bg/chain.pem
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
#policy-spf_time_limit = 3600s

# ALIAS DATABASE
alias_maps = hash:/etc/postfix/virtual_alias_maps.cf
alias_database = /etc/postfix/virtual_alias_maps.cf

# FIX EMPTY HEADERS
always_add_missing_headers = yes


# INSTALL-TIME CONFIGURATION INFORMATION
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4

smtpd_sender_login_maps = mysql:/etc/postfix/virtual_sender_login_maps.cf

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
                          check_client_access hash:/etc/postfix/rbl_whitelist,
                          reject_invalid_helo_hostname,
                          reject_non_fqdn_helo_hostname,
                          reject_unknown_helo_hostname

smtpd_sender_restrictions =     permit_mynetworks,
                                check_client_access hash:/etc/postfix/rbl_whitelist,
                                reject_non_fqdn_sender,
                                reject_unknown_sender_domain
#backup mail custom config
smtpd_relay_restrictions =      permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions =
  check_client_access hash:/etc/postfix/rbl_whitelist,
  permit_sasl_authenticated, permit_mynetworks,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client zen.spamhaus.org

smtpd_data_restrictions = reject_unauth_pipelining, permit
#end custom settings

mailbox_size_limit = 107374182
message_size_limit = 52428800
body_checks_size_limit = 52428800

#Pocmail config
mailbox_command = procmail -a "$EXTENSION"
#mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=/var/mail/Maildir/ MAILDIR=/var/mail/Maildir/

#Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
disable_vrfy_command = yes