ansible-role-mailserver/templates/postfix/main.cf

queue_directory                     = /var/spool/postfix
command_directory                   = /usr/sbin
daemon_directory                    = /usr/lib/postfix
data_directory                      = /var/lib/postfix
mail_owner                          = postfix
setgid_group                        = postdrop
sendmail_path                       = /usr/sbin/sendmail
newaliases_path                     = /usr/bin/newaliases
mailq_path                          = /usr/bin/mailq
compatibility_level                 = 2

myhostname                          = mail.{{ domain }}
mydomain                            = {{ domain }}
myorigin                            = $mydomain
relay_domains                       = $mydestination
mynetworks_style                    = host
mynetworks                          = 127.0.0.0/8 10.3.0.0/24 37.221.196.144/32
smtpd_banner                        = $myhostname ESMTP

smtpd_tls_dh1024_param_file         = /etc/ssl/private/dh1024.pem
smtpd_tls_dh512_param_file          = /etc/ssl/private/dh512.pem
smtpd_tls_eecdh_grade               = strong
tls_preempt_cipherlist              = yes
smtpd_tls_loglevel                  = 1
smtp_tls_loglevel                   = 1
smtpd_tls_cert_file                 = /etc/ssl/private/mailcert.pem
smtpd_tls_key_file                  = /etc/ssl/private/mailkey.pem
smtpd_tls_security_level            = may

unknown_local_recipient_reject_code = 550
alias_maps                          = pgsql:/etc/postfix/pgsql-aliases.cf
alias_database                      = $alias_maps

smtpd_sasl_auth_enable              = yes
smtpd_sasl_security_options         = noanonymous
smtpd_sasl_local_domain             = $mydomain
smtpd_sasl_type                     = dovecot
smtpd_sasl_path                     = inet:127.0.0.1:6222
broken_sasl_auth_clients            = yes

receive_override_options            = no_address_mappings
disable_vrfy_command                = yes

dovecot_destination_recipient_limit = 1
recipient_delimiter                 = +
virtual_transport                   = dovecot
virtual_alias_maps                  = pgsql:/etc/postfix/pgsql-aliases.cf
virtual_mailbox_domains             = pgsql:/etc/postfix/pgsql-domains.cf
virtual_mailbox_maps                = pgsql:/etc/postfix/pgsql-maildir.cf

smtpd_delay_reject                  = yes
smtpd_helo_required                 = yes
smtpd_helo_restrictions             = 
	permit_mynetworks,
	reject_invalid_hostname,
	permit

smtpd_sender_restrictions           =
	permit_sasl_authenticated,
	permit_mynetworks,
	reject_non_fqdn_sender,
	reject_unknown_sender_domain,
	permit

smtpd_recipient_restrictions        =
	reject_unauth_pipelining,
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	permit_mynetworks,
	permit_sasl_authenticated,
	reject_unauth_destination,
   check_policy_service inet:127.0.0.1:5525,
   check_policy_service unix:private/spfpolicy,
	permit

smtpd_relay_restrictions            = 
	permit_mynetworks,
	permit_sasl_authenticated,
	defer_unauth_destination

html_directory                      = no
manpage_directory                   = /usr/share/man
sample_directory                    = /etc/postfix/sample
readme_directory                    = /usr/share/doc/postfix
inet_protocols                      = ipv4

message_size_limit                  = 20480000

debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5