All pastes #2081784 Raw Edit

Mine

public text v1 · immutable
#2081784 ·published 2011-09-21 09:52 UTC
rendered paste body
# Managed by Puppet

#
# Default values made explicit
#

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

#
# Settings specifiek voor de OGD MX
#

myhostname = ext-mx01.ogd.nl
myorigin = $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, webmail.ogd.nl, intranet.$mydomain
relay_domains = $mydomain, operatorgroepdelft.nl, steldevraag.com, coconutcenter.com
# 85.17.209.65/32: IASO appliance
mynetworks = 127.0.0.0/8 10.0.0.20/32 85.17.209.65/32
smtpd_banner = $myhostname ESMTP $mail_name
inet_interfaces = all

#
# Lookup tables for aliases, etc.
#

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
#virtual_alias_domains = operatorgroepdelft.nl
#virtual_alias_maps = hash:/etc/postfix/virtual_operatorgroepdelft.nl

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

#
# Debugging configuratie
#

debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

#
# Checks done for incoming messages. These are global settings, some transports will override these.
#

# Please please read the SMTPD_ACCESS_README before editing...

smtpd_delay_reject = yes

smtpd_helo_required = yes
smtpd_helo_restrictions =
        reject_invalid_helo_hostname

smtpd_client_restrictions =
        reject_rbl_client zen.spamhaus.org

smtpd_sender_login_maps = ldap:/etc/postfix/sender
smtpd_sender_restrictions =
        reject_authenticated_sender_login_mismatch
        reject_non_fqdn_sender
        reject_unknown_sender_domain

smtpd_recipient_restrictions =
        reject_unauth_pipelining
        reject_non_fqdn_recipient
        reject_unknown_recipient_domain
        permit_mynetworks
        permit_auth_destination
        permit_sasl_authenticated
        reject_unauth_destination
        permit

#
# Some more useful things to defy spam & co
#

disable_vrfy_command = yes

#
# Set limits on incoming mails
#

message_size_limit = 25000000
smtpd_recipient_limit = 100
unknown_address_reject_code = 450

#
# TLS configuration
#

smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/STAR.ogd.nl.pem
smtpd_tls_key_file = /etc/pki/tls/certs/STAR.ogd.nl.key
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache

#
# All local mail needs to be sent to the zarafa server
# Mail for unknown addresses (not in local_recipient_maps)
# will be rejected in order to reduce back scatter
#

relay_transport = smtp:[10.0.0.20]
unknown_local_recipient_reject_code = 550
soft_bounce = no