imfreedom/ansible
Clone
Summary
Browse
Changes
Graph
Update the BSD agents to have all of our current dependencies
21 months ago, Gary Kramlich
4eaa5a34b086
Update the BSD agents to have all of our current dependencies
#
See
/
usr
/
share
/
postfix
/
main
.
cf
.
dist
for
a
commented
,
more
complete
version
#
Debian
specific
:
Specifying
a
file
name
will
cause
the
first
#
line
of
that
file
to
be
used
as
the
name
.
The
Debian
default
#
is
/
etc
/
mailname
.
#
myorigin
=
/
etc
/
mailname
virtual_mailbox_domains
=
pidgin
.
im
imfreedom
.
org
virtual_alias_domains
=
soc
.
pidgin
.
im
cpw
.
pidgin
.
im
virtual_alias_maps
=
hash
:
/
etc
/
postfix
/
virtual
#
disable
backwards
compatibility
allow_percent_hack
=
no
biff
=
no
backwards_bounce_logfile_compatibility
=
no
compatibility_level
=
2
inet_interfaces
=
all
#
appending
.
domain
is
the
MUA
'
s
job
.
append_dot_mydomain
=
no
readme_directory
=
no
#
Rate
limiting
smtpd_client_connection_count_limit
=
10
smtpd_client_connection_rate_limit
=
20
smtpd_client_event_limit_exceptions
=
127.0.0.0
/
8
,
[
::
1
]
/
128
#
Authentication
smtpd_sasl_type
=
dovecot
smtpd_sasl_path
=
private
/
auth
smtpd_sasl_security_options
=
noanonymous
smtpd_sasl_auth_enable
=
yes
mua_client_restrictions
=
mua_helo_restrictions
=
mua_sender_restrictions
=
smtpd_relay_restrictions
=
permit_mynetworks
,
permit_sasl_authenticated
,
reject_unauth_destination
#
TLS
smtpd_tls_CApath
=
/
etc
/
ssl
/
certs
smtpd_tls_cert_file
=
/
etc
/
letsencrypt
/
live
/
{{
inventory_hostname
}}
/
fullchain
.
pem
smtpd_tls_key_file
=
/
etc
/
letsencrypt
/
live
/
{{
inventory_hostname
}}
/
privkey
.
pem
smtpd_tls_session_cache_database
=
btree
:
$
{
data_directory
}
/
smtpd_scache
smtpd_tls_security_level
=
may
smtpd_tls_protocols
=
!
SSLv2
,!
SSLv3
,!
TLSv1
,!
TLSv1
.1
smtpd_tls_mandatory_protocols
=
$
smtpd_tls_protocols
smtpd_tls_loglevel
=
1
smtpd_tls_received_header
=
yes
smtpd_tls_preempt_cipherlist
=
yes
smtpd_tls_ciphers
=
high
smtpd_tls_mandatory_ciphers
=
$
smtpd_tls_ciphers
#
milters
(
rspamd
)
smtpd_milters
=
inet
:
localhost
:
11332
non_smtpd_milters
=
inet
:
localhost
:
11332
milter_protocol
=
6
milter_mail_macros
=
i
{
mail_addr
}
{
client_addr
}
{
client_name
}
{
auth_authen
}
milter_default_action
=
accept
#
Local
mail
delivery
to
Dovecot
via
LMTP
See
#
https
:
//doc.dovecot.org/configuration_manual/howto/postfix_dovecot_lmtp/
#
smtpd_recipient_restrictions
=
reject_unverified_recipient
virtual_transport
=
lmtp
:
unix
:
private
/
dovecot
-
lmtp
#
Generic
Settings
myhostname
=
{{
inventory_hostname
}}
smtpd_banner
=
$
myhostname
ESMTP
$
mail_name
(
Debian
/
GNU
)
smtpd_helo_required
=
yes
smtpd_delay_open_until_valid_rcpt
=
no
smtpd_hard_error_limit
=
20
strict_rfc821_envelopes
=
yes
alias_maps
=
hash
:
/
etc
/
aliases
alias_database
=
hash
:
/
etc
/
aliases
myorigin
=
/
etc
/
mailname
mydestination
=
$
myhostname
,
localhost
relayhost
=
mynetworks
=
127.0.0.0
/
8
[
::
ffff
:
127.0.0.0
]
/
104
[
::
1
]
/
128
mailbox_size_limit
=
0
recipient_delimiter
=
+
inet_protocols
=
all