diff options
Diffstat (limited to 'etc/postfix/main.cf')
| -rw-r--r-- | etc/postfix/main.cf | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index 1d93a701..0c36d421 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -1,3 +1,62 @@ +# edit configs from: +# https://wiki.archlinux.org/title/Postfix +# GPL-3.0-only https://github.com/LukeSmithxyz/emailwiz +# https://wiki.archlinux.org/title/OpenDMARC +# https://wiki.archlinux.org/title/OpenDKIM +# maybe useful things: +# `man postconf.5` +# print config: `postconf` +# default config: `postconf -d` +myhostname = mail.flylightning.xyz + +# fix "relay access denied" error when receiving emails +# I choose to follow `man postconf.5` instruction to only add $mydomain +# emailwiz way add a lot more to mydestination, see: +# https://github.com/LukeSmithxyz/emailwiz/pull/275 +# https://github.com/LukeSmithxyz/emailwiz/issues/265 +mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain + +smtp_tls_security_level = may +smtpd_tls_security_level = may +smtpd_use_tls = yes +smtpd_tls_cert_file = /etc/postfix/flylightning.pem +smtpd_tls_key_file = /etc/postfix/flylightning.key + +# Here we tell Postfix to look to Dovecot for authenticating users/passwords. +# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth + +# NOTE: the trailing slash here, or for any directory name in the home_mailbox +# command, is necessary as it distinguishes a maildir (which is the actual +# directory that we want) from a spoolfile (which is what old unix boomers want +# and no one else). +home_mailbox = Mail/Inbox/ + +# https://wiki.archlinux.org/title/OpenDKIM +non_smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock +smtpd_milters = unix:/run/opendkim/opendkim.sock, unix:/run/opendmarc/opendmarc.sock + +# more emailwiz configs, maybe useful: + +# TLS required for authentication. +#smtpd_tls_auth_only = yes + +# Exclude insecure and obsolete encryption protocols. +#smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +#smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +#smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +#smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 + +# helo, sender, relay and recipient restrictions +#smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre +#smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain +#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain +#smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination +#smtpd_helo_required = yes +#smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname + # Global Postfix configuration file. This file lists only a subset # of all parameters. For the syntax, and for a complete parameter # list, see the postconf(5) manual page (command: "man 5 postconf"). |