Compare commits

..

2 Commits

Author SHA1 Message Date
Adrian 6c83ab224d Harden postfix config 2021-04-16 00:19:24 +02:00
Adrian 089d677fe7 Reorder some postfix config parameters 2021-04-16 00:16:50 +02:00
1 changed files with 15 additions and 6 deletions

View File

@ -5,9 +5,14 @@ compatibility_level = 2
disable_vrfy_command = yes disable_vrfy_command = yes
mailbox_size_limit = 0 mailbox_size_limit = 0
message_size_limit = 0 message_size_limit = 0
mydomain = local
mynetworks_style = subnet mynetworks_style = subnet
# Custom
mydomain = local
recipient_delimiter = +
smtp_helo_name = mail.example.com
# TLS # TLS
smtp_tls_security_level = may smtp_tls_security_level = may
@ -16,12 +21,13 @@ smtpd_tls_key_file = /data/ssl/certs/mail.example.com/privkey.pem
smtpd_tls_cert_file = /data/ssl/certs/mail.example.com/fullchain.pem smtpd_tls_cert_file = /data/ssl/certs/mail.example.com/fullchain.pem
tls_server_sni_maps = hash:/etc/postfix/sni.cf tls_server_sni_maps = hash:/etc/postfix/sni.cf
# Custom # Setup
smtpd_tls_received_header = yes
relay_domains = sqlite:/etc/postfix/relay.cf relay_domains = sqlite:/etc/postfix/relay.cf
transport_maps = sqlite:/etc/postfix/transport.cf transport_maps = sqlite:/etc/postfix/transport.cf
recipient_delimiter = +
virtual_mailbox_base = /data/mail/mail virtual_mailbox_base = /data/mail/mail
virtual_uid_maps = static:2000 virtual_uid_maps = static:2000
virtual_gid_maps = static:2000 virtual_gid_maps = static:2000
@ -33,10 +39,13 @@ virtual_mailbox_limit = 0
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth smtpd_sasl_path = private/auth
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_sender_login_maps = sqlite:/etc/postfix/login.cf, $virtual_alias_maps smtpd_sender_login_maps = sqlite:/etc/postfix/login.cf, $virtual_alias_maps
smtpd_delay_reject = no
smtpd_hard_error_limit = 1
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_recipient_restrictions = check_recipient_access sqlite:/etc/postfix/access.cf
smtpd_milters = unix:private/opendkim smtpd_milters = unix:private/opendkim
non_smtpd_milters = $smtpd_milters non_smtpd_milters = $smtpd_milters
smtpd_recipient_restrictions = check_recipient_access sqlite:/etc/postfix/access.cf