main.cf 2.24 KB
Newer Older
1
2
# Postfix configuration file for the instance handling all outbound email.

ale's avatar
ale committed
3
{% include "main.cf.base.j2" %}
4

ale's avatar
ale committed
5
ldap = proxy:ldap:/etc/postfix/ldap/
6
pcre = pcre:${config_directory}/
7

8
mynetworks = 127.0.0.0/8 [::1]/128 {% for o in net_overlays %}{{ o.network }} {% endfor %}
9
10
11
12
13
14
15
16
17
18

smtpd_authorized_xforward_hosts = $mynetworks

# Don't anvil(8) control the re-injection port.
smtpd_client_connection_count_limit = 0
smtpd_client_event_limit_exceptions = $mynetworks

# Best practice when inet_interfaces is set, as this is not a
# "secondary IP personality" configuration.
smtp_bind_address = 0.0.0.0
ale's avatar
ale committed
19
smtp_bind_address6 = ::
20
inet_protocols = {{ postfix_out_inet_protocols | default('all') }}
21

ale's avatar
ale committed
22
# All header rewriting happens upstream.
23
24
local_header_rewrite_clients =

ale's avatar
ale committed
25
# No local delivery on border gateway.
26
27
28
29
30
31
32
33
34
35
mydestination =
alias_maps =
alias_database =
local_recipient_maps =
local_transport = error:5.1.1 Mailbox unavailable

# Only one (unrestricted client)
smtpd_relay_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, reject

36
37
38
# Disable DNS lookups, only internal hosts talk to us.
smtpd_peername_lookup = no

39
40
41
42
43
44
# Tolerate occasional high latency in the  content filter.
smtpd_timeout = 1200s

# Use the "relay" transport for inbound mail, and the default
# "smtp" transport for outbound mail (bounces, ...). The latter
# won't starve the former of delivery agent slots.
45
relay_domains = ${indexed}domains cdb:/etc/postfix/domains-auto
46
relay_recipient_maps = ${ldap}all-recipients ${indexed}transport ${pcre}transport.pcre ${indexed}mailman_transport
ale's avatar
ale committed
47
relay_destination_recipient_limit = 1
48

ale's avatar
ale committed
49
# Send each message to its target backend.
putro's avatar
putro committed
50
transport_maps = ${ldap}all-recipients ${indexed}transport ${indexed}mailman_transport
ale's avatar
ale committed
51

putro's avatar
putro committed
52
# resolve aliases
ale's avatar
ale committed
53
virtual_alias_maps = ${indexed}virtual ${ldap}aliases
putro's avatar
putro committed
54

ale's avatar
ale committed
55
# Concurrency tuning for "relay" and "smtp" transport.
ale's avatar
ale committed
56
57
relay_destination_concurrency_limit = 20
default_destination_concurrency_limit = 20
58
smtp_lowpri_destination_concurrency_limit = 2
ale's avatar
ale committed
59
60
61
62
63
64

# SSL configuration (outbound).
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
tls_random_source = dev:/dev/urandom
smtp_tls_policy_maps = ${indexed}tls_policy
65
66

# Process all messages through the opendkim milter.
ale's avatar
ale committed
67
68
smtpd_milters = unix:opendkim/opendkim.sock