postfix_mynetworks: [] postfix_mydestination_local: - "{{ ansible_hostname }}.maruntiel.net" - "localhost" - "localhost.{{ ansible_domain }}" postfix_mydestination_extra: [] # main.cf settings postfix_settings: compatibility_level: 2 myhostname: "{{ ansible_hostname }}.maruntiel.net" myorigin: /etc/mailname mydestination: "{{ postfix_mydestination_local + postfix_mydestination_extra }}" mynetworks: "10.11.0.0/16 62.171.160.169/32 207.244.234.58/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix_mynetworks | join(' ') }}" relayhost: "" alias_maps: hash:/etc/aliases alias_database: hash:/etc/aliases biff: no mailbox_command: home_mailbox: Maildir/ mailbox_size_limit: 0 recipient_delimiter: + append_dot_mydomain: no readme_directory: no dovecot_destination_recipient_limit: 1 tls_random_source: dev:/dev/urandom default_transport: smtp relay_transport: smtp relay_domains: "" inet_protocols: ipv4 inet_interfaces: all virtual_mailbox_domains: - /etc/postfix/virtual_domains virtual_mailbox_base: - /var/mail/vhosts virtual_mailbox_maps: - hash:/etc/postfix/vmailbox virtual_alias_maps: - hash:/etc/postfix/virtual_alias virtual_minimum_uid: - 100 virtual_uid_maps: - static:5000 virtual_gid_maps: - static:5000 virtual_transport: - virtual virtual_alias_domains: - maruntiel.net - maruntiel.com - stillmob.ro - pedimedic.ro # SMTP SETTINGS smtp_use_tls: yes smtp_tls_security_level: may smtp_tls_note_starttls_offer: yes smtp_tls_session_cache_database: "btree:${data_directory}/smtp_scache" # SMTPD SETTINGS smtpd_use_tls: yes smtpd_tls_auth_only: no smtpd_tls_security_level: may smtpd_tls_loglevel: 1 smtpd_tls_received_header: yes smtpd_tls_session_cache_timeout: 3600s smtpd_tls_session_cache_database: "btree:${data_directory}/smtpd_scache" smtpd_tls_cert_file: "/etc/letsencrypt/live/maruntiel.net/fullchain.pem" smtpd_tls_key_file: "/etc/letsencrypt/live/maruntiel.net/privkey.pem" smtpd_banner: "$myhostname ESMTP $mail_name" smtpd_client_restrictions: - permit_mynetworks - permit_sasl_authenticated - reject_invalid_hostname - reject_unknown_client - reject_rbl_client sbl-xbl.spamhaus.org smtpd_sender_restrictions: - permit_mynetworks - reject_unknown_address - reject_unknown_sender_domain - reject_non_fqdn_sender smtpd_recipient_limit: 250 smtpd_recipient_restrictions: - reject_invalid_hostname - reject_non_fqdn_sender - reject_non_fqdn_recipient - reject_unlisted_sender - permit_mynetworks - permit_sasl_authenticated - reject_unauth_pipelining - reject_unauth_destination - check_policy_service unix:private/policyd-spf - reject_non_fqdn_hostname - reject_unknown_sender_domain - reject_rbl_client bl.spamcop.net - reject_rbl_client zen.spamhaus.org - permit smtpd_relay_restrictions: - reject_invalid_hostname - reject_non_fqdn_sender - reject_non_fqdn_recipient - reject_unlisted_sender - permit_mynetworks - permit_sasl_authenticated - reject_unauth_pipelining - reject_unauth_destination - check_policy_service unix:private/policyd-spf - reject_non_fqdn_hostname - reject_unknown_sender_domain - reject_rbl_client bl.spamcop.net - reject_rbl_client zen.spamhaus.org - permit smtpd_client_connection_rate_limit: 10 smtpd_client_message_rate_limit: 10 # SASL smtpd_sasl_auth_enable: yes smtpd_sasl_type: dovecot smtpd_sasl_path: private/auth broken_sasl_auth_clients: yes smtpd_sasl_local_domain: \$mydomain smtpd_sasl_security_options: noanonymous # Other header_checks: - regexp:/etc/postfix/header_checks # DKIM milter_default_action: accept milter_protocol: 6 smtpd_milters: local:opendkim/opendkim.sock non_smtpd_milters: $smtpd_milters # SPF policyd-spf_time_limit: 3600 postfix_opendkim: "{{ postfix_dkim_domains|count > 0 }}" postfix_relay: no postfix_smtpd_public: yes postfix_firewall: "{{ firewall_enabled|default(true) }}" postfix_dkim_domains: [] virtual_mailbox_domains: /etc/postfix/virtual_domains virtual_mailbox_base: /var/mail/vhosts virtual_mailbox_maps: hash:/etc/postfix/vmailbox virtual_alias_maps: hash:/etc/postfix/virtual_alias virtual_minimum_uid: 100 virtual_uid_maps: static:5000 virtual_gid_maps: static:5000 virtual_transport: virtual