smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no readme_directory = no compatibility_level = 2 # TLS parameters smtp_tls_cert_file = /etc/letsencrypt/live/quietlife.nl/fullchain.pem smtp_tls_key_file = /etc/letsencrypt/live/quietlife.nl/privkey.pem smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/quietlife.nl/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/quietlife.nl/privkey.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_received_header = yes # Use strong ciphers smtpd_tls_ciphers = high smtpd_tls_mandatory_ciphers = high smtpd_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2 smtpd_tls_mandatory_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv3, !SSLv2 smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL smtpd_tls_eecdh_grade = ultra tls_eecdh_ultra_curve = secp384r1 tls_high_cipherlist = AES384+EECDH:AES384+EDH:AES256+EECDH:AES256+EDH tls_preempt_cipherlist = yes tls_ssl_options = NO_RENEGOTIATION # Enable SMTP for authenticated users and hand off authentication to Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # Network and host parameters myhostname = vitas.quietlife.nl myorigin = /etc/mailname mydestination = localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 inet_interfaces = all inet_protocols = all # Mail queue parameters maximal_queue_lifetime = 12h bounce_queue_lifetime = 12h maximal_backoff_time = 1h minimal_backoff_time = 5m queue_run_delay = 5m # Mailbox parameters alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases relayhost = mailbox_size_limit = 51200000 message_size_limit = 51200000 recipient_delimiter = + disable_vrfy_command = yes # Hand off local delivery to Dovecot's LMTP and tell it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp # Virtual domains, users and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf # Strip MUA headers mime_header_checks = regexp:/etc/postfix/header_checks header_checks = regexp:/etc/postfix/header_checks