1# Global Postfix configuration file. This file lists only a subset 2# of all 300+ parameters. See the sample-xxx.cf files for a full list. 3# 4# The general format is lines with parameter = value pairs. Lines 5# that begin with whitespace continue the previous line. A value can 6# contain references to other $names or ${name}s. 7# 8# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF 9# POSTFIX STILL WORKS AFTER EVERY CHANGE. 10 11# SOFT BOUNCE 12# 13# The soft_bounce parameter provides a limited safety net for 14# testing. When soft_bounce is enabled, mail will remain queued that 15# would otherwise bounce. This parameter disables locally-generated 16# bounces, and prevents the SMTP server from rejecting mail permanently 17# (by changing 5xx replies into 4xx replies). However, soft_bounce 18# is no cure for address rewriting mistakes or mail routing mistakes. 19# 20#soft_bounce = no 21 22# LOCAL PATHNAME INFORMATION 23# 24# The queue_directory specifies the location of the Postfix queue. 25# This is also the root directory of Postfix daemons that run chrooted. 26# See the files in examples/chroot-setup for setting up Postfix chroot 27# environments on different UNIX systems. 28# 29queue_directory = /var/spool/postfix 30 31# The command_directory parameter specifies the location of all 32# postXXX commands. 33# 34command_directory = /usr/sbin 35 36# The daemon_directory parameter specifies the location of all Postfix 37# daemon programs (i.e. programs listed in the master.cf file). This 38# directory must be owned by root. 39# 40daemon_directory = /usr/lib/postfix 41 42# QUEUE AND PROCESS OWNERSHIP 43# 44# The mail_owner parameter specifies the owner of the Postfix queue 45# and of most Postfix daemon processes. Specify the name of a user 46# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS 47# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In 48# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED 49# USER. 50# 51mail_owner = postfix 52 53# The default_privs parameter specifies the default rights used by 54# the local delivery agent for delivery to external file or command. 55# These rights are used in the absence of a recipient user context. 56# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. 57# 58#default_privs = nobody 59 60# INTERNET HOST AND DOMAIN NAMES 61# 62# The myhostname parameter specifies the internet hostname of this 63# mail system. The default is to use the fully-qualified domain name 64# from gethostname(). $myhostname is used as a default value for many 65# other configuration parameters. 66# 67#myhostname = host.domain.tld 68#myhostname = virtual.domain.tld 69 70# The mydomain parameter specifies the local internet domain name. 71# The default is to use $myhostname minus the first component. 72# $mydomain is used as a default value for many other configuration 73# parameters. 74# 75#mydomain = domain.tld 76 77# SENDING MAIL 78# 79# The myorigin parameter specifies the domain that locally-posted 80# mail appears to come from. The default is to append $myhostname, 81# which is fine for small sites. If you run a domain with multiple 82# machines, you should (1) change this to $mydomain and (2) set up 83# a domain-wide alias database that aliases each user to 84# user@that.users.mailhost. 85# 86# For the sake of consistency between sender and recipient addresses, 87# myorigin also specifies the default domain name that is appended 88# to recipient addresses that have no @domain part. 89# 90#myorigin = $myhostname 91#myorigin = $mydomain 92 93# RECEIVING MAIL 94 95# The inet_interfaces parameter specifies the network interface 96# addresses that this mail system receives mail on. By default, 97# the software claims all active interfaces on the machine. The 98# parameter also controls delivery of mail to user@[ip.address]. 99# 100# See also the proxy_interfaces parameter, for network addresses that 101# are forwarded to us via a proxy or network address translator. 102# 103# Note: you need to stop/start Postfix when this parameter changes. 104# 105#inet_interfaces = all 106#inet_interfaces = $myhostname 107#inet_interfaces = $myhostname, localhost 108 109# The proxy_interfaces parameter specifies the network interface 110# addresses that this mail system receives mail on by way of a 111# proxy or network address translation unit. This setting extends 112# the address list specified with the inet_interfaces parameter. 113# 114# You must specify your proxy/NAT addresses when your system is a 115# backup MX host for other domains, otherwise mail delivery loops 116# will happen when the primary MX host is down. 117# 118#proxy_interfaces = 119#proxy_interfaces = 1.2.3.4 120 121# The mydestination parameter specifies the list of domains that this 122# machine considers itself the final destination for. 123# 124# These domains are routed to the delivery agent specified with the 125# local_transport parameter setting. By default, that is the UNIX 126# compatible delivery agent that lookups all recipients in /etc/passwd 127# and /etc/aliases or their equivalent. 128# 129# The default is $myhostname + localhost.$mydomain. On a mail domain 130# gateway, you should also include $mydomain. 131# 132# Do not specify the names of virtual domains - those domains are 133# specified elsewhere (see sample-virtual.cf). 134# 135# Do not specify the names of domains that this machine is backup MX 136# host for. Specify those names via the relay_domains settings for 137# the SMTP server, or use permit_mx_backup if you are lazy (see 138# sample-smtpd.cf). 139# 140# The local machine is always the final destination for mail addressed 141# to user@[the.net.work.address] of an interface that the mail system 142# receives mail on (see the inet_interfaces parameter). 143# 144# Specify a list of host or domain names, /file/name or type:table 145# patterns, separated by commas and/or whitespace. A /file/name 146# pattern is replaced by its contents; a type:table is matched when 147# a name matches a lookup key (the right-hand side is ignored). 148# Continue long lines by starting the next line with whitespace. 149# 150# DO NOT LIST RELAY DESTINATIONS IN MYDESTINATION. 151# SPECIFY RELAY DESTINATIONS IN RELAY_DOMAINS. 152# 153# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". 154# 155#mydestination = $myhostname, localhost.$mydomain 156#mydestination = $myhostname, localhost.$mydomain $mydomain 157#mydestination = $myhostname, localhost.$mydomain, $mydomain, 158# mail.$mydomain, www.$mydomain, ftp.$mydomain 159mydestination = $myhostname, localhost.$mydomain $mydomain, 160 kneschke.de, phpgw.de, egroupware.org, linux-at-work.de, lists.kneschke.de 161 162# REJECTING MAIL FOR UNKNOWN LOCAL USERS 163# 164# The local_recipient_maps parameter specifies optional lookup tables 165# with all names or addresses of users that are local with respect 166# to $mydestination and $inet_interfaces. 167# 168# If this parameter is defined, then the SMTP server will reject 169# mail for unknown local users. This parameter is defined by default. 170# 171# To turn off local recipient checking in the SMTP server, specify 172# local_recipient_maps = (i.e. empty). 173# 174# The default setting assumes that you use the default Postfix local 175# delivery agent for local delivery. You need to update the 176# local_recipient_maps setting if: 177# 178# - You define $mydestination domain recipients in files other than 179# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. 180# For example, you define $mydestination domain recipients in 181# the $virtual_mailbox_maps files. 182# 183# - You redefine the local delivery agent in master.cf. 184# 185# - You redefine the "local_transport" setting in main.cf. 186# 187# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" 188# feature of the Postfix local delivery agent (see sample-local.cf). 189# 190# Details are described in the LOCAL_RECIPIENT_README file. 191# 192# Beware: if the Postfix SMTP server runs chrooted, you probably have 193# to access the passwd file via the proxymap service, in order to 194# overcome chroot restrictions. The alternative, having a copy of 195# the system passwd file in the chroot jail is just not practical. 196# 197# The right-hand side of the lookup tables is conveniently ignored. 198# In the left-hand side, specify a bare username, an @domain.tld 199# wild-card, or specify a user@domain.tld address. 200# 201#local_recipient_maps = unix:passwd.byname $alias_maps 202#local_recipient_maps = proxy:unix:passwd.byname $alias_maps 203#local_recipient_maps = 204 205# The unknown_local_recipient_reject_code specifies the SMTP server 206# response code when a recipient domain matches $mydestination or 207# $inet_interfaces, while $local_recipient_maps is non-empty and the 208# recipient address or address local-part is not found. 209# 210# The default setting is 550 (reject mail) but it is safer to start 211# with 450 (try again later) until you are certain that your 212# local_recipient_maps settings are OK. 213# 214unknown_local_recipient_reject_code = 550 215#unknown_local_recipient_reject_code = 450 216 217# TRUST AND RELAY CONTROL 218 219# The mynetworks parameter specifies the list of "trusted" SMTP 220# clients that have more privileges than "strangers". 221# 222# In particular, "trusted" SMTP clients are allowed to relay mail 223# through Postfix. See the smtpd_recipient_restrictions parameter 224# in file sample-smtpd.cf. 225# 226# You can specify the list of "trusted" network addresses by hand 227# or you can let Postfix do it for you (which is the default). 228# 229# By default (mynetworks_style = subnet), Postfix "trusts" SMTP 230# clients in the same IP subnetworks as the local machine. 231# On Linux, this does works correctly only with interfaces specified 232# with the "ifconfig" command. 233# 234# Specify "mynetworks_style = class" when Postfix should "trust" SMTP 235# clients in the same IP class A/B/C networks as the local machine. 236# Don't do this with a dialup site - it would cause Postfix to "trust" 237# your entire provider's network. Instead, specify an explicit 238# mynetworks list by hand, as described below. 239# 240# Specify "mynetworks_style = host" when Postfix should "trust" 241# only the local machine. 242# 243#mynetworks_style = class 244#mynetworks_style = subnet 245#mynetworks_style = host 246 247# Alternatively, you can specify the mynetworks list by hand, in 248# which case Postfix ignores the mynetworks_style setting. 249# 250# Specify an explicit list of network/netmask patterns, where the 251# mask specifies the number of bits in the network part of a host 252# address. 253# 254# You can also specify the absolute pathname of a pattern file instead 255# of listing the patterns here. Specify type:table for table-based lookups 256# (the value on the table right-hand side is not used). 257# 258#mynetworks = 168.100.189.0/28, 127.0.0.0/8 259#mynetworks = $config_directory/mynetworks 260#mynetworks = hash:/etc/postfix/network_table 261 262# The relay_domains parameter restricts what destinations this system will 263# relay mail to. See the smtpd_recipient_restrictions restriction in the 264# file sample-smtpd.cf for detailed information. 265# 266# By default, Postfix relays mail 267# - from "trusted" clients (IP address matches $mynetworks) to any destination, 268# - from "untrusted" clients to destinations that match $relay_domains or 269# subdomains thereof, except addresses with sender-specified routing. 270# The default relay_domains value is $mydestination. 271# 272# In addition to the above, the Postfix SMTP server by default accepts mail 273# that Postfix is final destination for: 274# - destinations that match $inet_interfaces, 275# - destinations that match $mydestination 276# - destinations that match $virtual_alias_domains, 277# - destinations that match $virtual_mailbox_domains. 278# These destinations do not need to be listed in $relay_domains. 279# 280# Specify a list of hosts or domains, /file/name patterns or type:name 281# lookup tables, separated by commas and/or whitespace. Continue 282# long lines by starting the next line with whitespace. A file name 283# is replaced by its contents; a type:name table is matched when a 284# (parent) domain appears as lookup key. 285# 286# NOTE: Postfix will not automatically forward mail for domains that 287# list this system as their primary or backup MX host. See the 288# permit_mx_backup restriction in the file sample-smtpd.cf. 289# 290#relay_domains = $mydestination 291 292# INTERNET OR INTRANET 293 294# The relayhost parameter specifies the default host to send mail to 295# when no entry is matched in the optional transport(5) table. When 296# no relayhost is given, mail is routed directly to the destination. 297# 298# On an intranet, specify the organizational domain name. If your 299# internal DNS uses no MX records, specify the name of the intranet 300# gateway host instead. 301# 302# In the case of SMTP, specify a domain, host, host:port, [host]:port, 303# [address] or [address]:port; the form [host] turns off MX lookups. 304# 305# If you're connected via UUCP, see also the default_transport parameter. 306# 307#relayhost = $mydomain 308#relayhost = gateway.my.domain 309#relayhost = uucphost 310#relayhost = [an.ip.add.ress] 311 312# REJECTING UNKNOWN RELAY USERS 313# 314# The relay_recipient_maps parameter specifies optional lookup tables 315# with all addresses in the domains that match $relay_domains. 316# 317# If this parameter is defined, then the SMTP server will reject 318# mail for unknown relay users. This feature is off by default. 319# 320# The right-hand side of the lookup tables is conveniently ignored. 321# In the left-hand side, specify an @domain.tld wild-card, or specify 322# a user@domain.tld address. 323# 324#relay_recipient_maps = hash:/etc/postfix/relay_recipients 325 326# INPUT RATE CONTROL 327# 328# The in_flow_delay configuration parameter implements mail input 329# flow control. This feature is turned on by default, although it 330# still needs further development (it's disabled on SCO UNIX due 331# to an SCO bug). 332# 333# A Postfix process will pause for $in_flow_delay seconds before 334# accepting a new message, when the message arrival rate exceeds the 335# message delivery rate. With the default 100 SMTP server process 336# limit, this limits the mail inflow to 100 messages a second more 337# than the number of messages delivered per second. 338# 339# Specify 0 to disable the feature. Valid delays are 0..10. 340# 341#in_flow_delay = 1s 342 343# ADDRESS REWRITING 344# 345# Insert text from sample-rewrite.cf if you need to do address 346# masquerading. 347# 348# Insert text from sample-canonical.cf if you need to do address 349# rewriting, or if you need username->Firstname.Lastname mapping. 350 351# ADDRESS REDIRECTION (VIRTUAL DOMAIN) 352# 353# Insert text from sample-virtual.cf if you need virtual domain support. 354 355# "USER HAS MOVED" BOUNCE MESSAGES 356# 357# Insert text from sample-relocated.cf if you need "user has moved" 358# style bounce messages. Alternatively, you can bounce recipients 359# with an SMTP server access table. See sample-smtpd.cf. 360 361# TRANSPORT MAP 362# 363# Insert text from sample-transport.cf if you need explicit routing. 364 365# ALIAS DATABASE 366# 367# The alias_maps parameter specifies the list of alias databases used 368# by the local delivery agent. The default list is system dependent. 369# 370# On systems with NIS, the default is to search the local alias 371# database, then the NIS alias database. See aliases(5) for syntax 372# details. 373# 374# If you change the alias database, run "postalias /etc/aliases" (or 375# wherever your system stores the mail alias file), or simply run 376# "newaliases" to build the necessary DBM or DB file. 377# 378# It will take a minute or so before changes become visible. Use 379# "postfix reload" to eliminate the delay. 380# 381#alias_maps = dbm:/etc/aliases 382#alias_maps = hash:/etc/aliases 383#alias_maps = hash:/etc/aliases, nis:mail.aliases 384#alias_maps = netinfo:/aliases 385 386# The alias_database parameter specifies the alias database(s) that 387# are built with "newaliases" or "sendmail -bi". This is a separate 388# configuration parameter, because alias_maps (see above) may specify 389# tables that are not necessarily all under control by Postfix. 390# 391#alias_database = dbm:/etc/aliases 392#alias_database = dbm:/etc/mail/aliases 393#alias_database = hash:/etc/aliases 394#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases 395 396# ADDRESS EXTENSIONS (e.g., user+foo) 397# 398# The recipient_delimiter parameter specifies the separator between 399# user names and address extensions (user+foo). See canonical(5), 400# local(8), relocated(5) and virtual(5) for the effects this has on 401# aliases, canonical, virtual, relocated and .forward file lookups. 402# Basically, the software tries user+foo and .forward+foo before 403# trying user and .forward. 404# 405#recipient_delimiter = + 406 407# DELIVERY TO MAILBOX 408# 409# The home_mailbox parameter specifies the optional pathname of a 410# mailbox file relative to a user's home directory. The default 411# mailbox file is /var/spool/mail/user or /var/mail/user. Specify 412# "Maildir/" for qmail-style delivery (the / is required). 413# 414#home_mailbox = Mailbox 415#home_mailbox = Maildir/ 416 417# The mail_spool_directory parameter specifies the directory where 418# UNIX-style mailboxes are kept. The default setting depends on the 419# system type. 420# 421#mail_spool_directory = /var/mail 422#mail_spool_directory = /var/spool/mail 423 424# The mailbox_command parameter specifies the optional external 425# command to use instead of mailbox delivery. The command is run as 426# the recipient with proper HOME, SHELL and LOGNAME environment settings. 427# Exception: delivery for root is done as $default_user. 428# 429# Other environment variables of interest: USER (recipient username), 430# EXTENSION (address extension), DOMAIN (domain part of address), 431# and LOCAL (the address localpart). 432# 433# Unlike other Postfix configuration parameters, the mailbox_command 434# parameter is not subjected to $parameter substitutions. This is to 435# make it easier to specify shell syntax (see example below). 436# 437# Avoid shell meta characters because they will force Postfix to run 438# an expensive shell process. Procmail alone is expensive enough. 439# 440# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN 441# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. 442# 443#mailbox_command = /some/where/procmail 444#mailbox_command = /some/where/procmail -a "$EXTENSION" 445 446# The mailbox_transport specifies the optional transport in master.cf 447# to use after processing aliases and .forward files. This parameter 448# has precedence over the mailbox_command, fallback_transport and 449# luser_relay parameters. 450# 451# Specify a string of the form transport:nexthop, where transport is 452# the name of a mail delivery transport defined in master.cf. The 453# :nexthop part is optional. For more details see the sample transport 454# configuration file. 455# 456# NOTE: if you use this feature for accounts not in the UNIX password 457# file, then you must update the "local_recipient_maps" setting in 458# the main.cf file, otherwise the SMTP server will reject mail for 459# non-UNIX accounts with "User unknown in local recipient table". 460# 461#mailbox_transport = lmtp:unix:/file/name 462mailbox_transport = lmtp:unix:/var/imap/socket/lmtp 463#mailbox_transport = cyrus 464 465# The fallback_transport specifies the optional transport in master.cf 466# to use for recipients that are not found in the UNIX passwd database. 467# This parameter has precedence over the luser_relay parameter. 468# 469# Specify a string of the form transport:nexthop, where transport is 470# the name of a mail delivery transport defined in master.cf. The 471# :nexthop part is optional. For more details see the sample transport 472# configuration file. 473# 474# NOTE: if you use this feature for accounts not in the UNIX password 475# file, then you must update the "local_recipient_maps" setting in 476# the main.cf file, otherwise the SMTP server will reject mail for 477# non-UNIX accounts with "User unknown in local recipient table". 478# 479#fallback_transport = lmtp:unix:/file/name 480#fallback_transport = cyrus 481#fallback_transport = 482 483# The luser_relay parameter specifies an optional destination address 484# for unknown recipients. By default, mail for unknown@$mydestination 485# and unknown@[$inet_interfaces] is returned as undeliverable. 486# 487# The following expansions are done on luser_relay: $user (recipient 488# username), $shell (recipient shell), $home (recipient home directory), 489# $recipient (full recipient address), $extension (recipient address 490# extension), $domain (recipient domain), $local (entire recipient 491# localpart), $recipient_delimiter. Specify ${name?value} or 492# ${name:value} to expand value only when $name does (does not) exist. 493# 494# luser_relay works only for the default Postfix local delivery agent. 495# 496# NOTE: if you use this feature for accounts not in the UNIX password 497# file, then you must specify "local_recipient_maps =" (i.e. empty) in 498# the main.cf file, otherwise the SMTP server will reject mail for 499# non-UNIX accounts with "User unknown in local recipient table". 500# 501#luser_relay = $user@other.host 502#luser_relay = $local@other.host 503#luser_relay = admin+$local 504 505# JUNK MAIL CONTROLS 506# 507# The controls listed here are only a very small subset. See the file 508# sample-smtpd.cf for an elaborate list of anti-UCE controls. 509 510# The header_checks parameter specifies an optional table with patterns 511# that each logical message header is matched against, including 512# headers that span multiple physical lines. 513# 514# By default, these patterns also apply to MIME headers and to the 515# headers of attached messages. With older Postfix versions, MIME and 516# attached message headers were treated as body text. 517# 518# For details, see the sample-filter.cf file. 519# 520#header_checks = regexp:/etc/postfix/header_checks 521 522# FAST ETRN SERVICE 523# 524# Postfix maintains per-destination logfiles with information about 525# deferred mail, so that mail can be flushed quickly with the SMTP 526# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". 527# 528# By default, Postfix maintains deferred mail logfile information 529# only for destinations that Postfix is willing to relay to (as 530# specified in the relay_domains parameter). For other destinations, 531# Postfix attempts to deliver ALL queued mail after receiving the 532# SMTP "ETRN domain.tld" command, or after execution of "sendmail 533# -qRdomain.tld". This can be slow when a lot of mail is queued. 534# 535# The fast_flush_domains parameter controls what destinations are 536# eligible for this "fast ETRN/sendmail -qR" service. 537# 538#fast_flush_domains = $relay_domains 539#fast_flush_domains = 540 541# The disable_vrfy_command parameter allows you to disable the SMTP 542# VRFY command. This stops some techniques used by spammers to harvest 543# email addresses. 544# 545disable_vrfy_command = yes 546 547# SHOW SOFTWARE VERSION OR NOT 548# 549# The smtpd_banner parameter specifies the text that follows the 220 550# code in the SMTP server's greeting banner. Some people like to see 551# the mail version advertised. By default, Postfix shows no version. 552# 553# You MUST specify $myhostname at the start of the text. That is an 554# RFC requirement. Postfix itself does not care. 555# 556#smtpd_banner = $myhostname ESMTP $mail_name 557#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) 558 559# PARALLEL DELIVERY TO THE SAME DESTINATION 560# 561# How many parallel deliveries to the same user or domain? With local 562# delivery, it does not make sense to do massively parallel delivery 563# to the same user, because mailbox updates must happen sequentially, 564# and expensive pipelines in .forward files can cause disasters when 565# too many are run at the same time. With SMTP deliveries, 10 566# simultaneous connections to the same domain could be sufficient to 567# raise eyebrows. 568# 569# Each message delivery transport has its XXX_destination_concurrency_limit 570# parameter. The default is $default_destination_concurrency_limit for 571# most delivery transports. For the local delivery agent the default is 2. 572 573#local_destination_concurrency_limit = 2 574#default_destination_concurrency_limit = 20 575 576# DEBUGGING CONTROL 577# 578# The debug_peer_level parameter specifies the increment in verbose 579# logging level when an SMTP client or server host name or address 580# matches a pattern in the debug_peer_list parameter. 581# 582debug_peer_level = 2 583 584# The debug_peer_list parameter specifies an optional list of domain 585# or network patterns, /file/name patterns or type:name tables. When 586# an SMTP client or server host name or address matches a pattern, 587# increase the verbose logging level by the amount specified in the 588# debug_peer_level parameter. 589# 590#debug_peer_list = 127.0.0.1 591#debug_peer_list = some.domain 592 593# The debugger_command specifies the external command that is executed 594# when a Postfix daemon program is run with the -D option. 595# 596# Use "command .. & sleep 5" so that the debugger can attach before 597# the process marches on. If you use an X-based debugger, be sure to 598# set up your XAUTHORITY environment variable before starting Postfix. 599# 600debugger_command = 601 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin 602 xxgdb $daemon_directory/$process_name $process_id & sleep 5 603 604# If you don't have X installed on the Postfix machine, try: 605# debugger_command = 606# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; 607# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 608# >$config_directory/$process_name.$process_id.log & sleep 5 609 610# INSTALL-TIME CONFIGURATION INFORMATION 611# 612# The following parameters are used when installing a new Postfix version. 613# 614# sendmail_path: The full pathname of the Postfix sendmail command. 615# This is the Sendmail-compatible mail posting interface. 616# 617sendmail_path = /usr/sbin/sendmail 618 619# newaliases_path: The full pathname of the Postfix newaliases command. 620# This is the Sendmail-compatible command to build alias databases. 621# 622newaliases_path = /usr/bin/newaliases 623 624# mailq_path: The full pathname of the Postfix mailq command. This 625# is the Sendmail-compatible mail queue listing command. 626# 627mailq_path = /usr/bin/mailq 628 629# setgid_group: The group for mail submission and queue management 630# commands. This must be a group name with a numerical group ID that 631# is not shared with other accounts, not even with the Postfix account. 632# 633setgid_group = postdrop 634 635# manpage_directory: The location of the Postfix on-line manual pages. 636# 637manpage_directory = /usr/share/man 638 639# sample_directory: The location of the Postfix sample configuration files. 640# 641sample_directory = /usr/share/doc/postfix-2.0.19/sample 642 643# readme_directory: The location of the Postfix README files. 644# 645readme_directory = /usr/share/doc/postfix-2.0.19/readme 646default_destination_concurrency_limit = 2 647#alias_database = hash:/etc/mail/aliases 648local_destination_concurrency_limit = 2 649alias_maps = hash:/etc/mail/aliases 650 651content_filter = smtp-amavis:[127.0.0.1]:10024 652queue_minfree = 100000000 653message_size_limit = 50000000 654mailbox_size_limit = 500000000 655smtpd_helo_required=yes 656smtpd_helo_restrictions=permit_mynetworks, reject_invalid_hostname, reject_invalid_hostname 657smtpd_sender_restrictions=permit_mynetworks, reject_unknown_sender_domain, reject_non_fqdn_sender 658 659virtual_maps = ldap:aliases, ldap:mailboxes 660 661aliases_server_host = 127.0.0.1 662aliases_search_base = dc=domain,dc=loc 663aliases_query_filter = (&(|(mail=%s)(mailalternateaddress=%s))(objectclass=posixaccount)(deliveryMode=forwardonly)(accountstatus=active)) 664aliases_bind_dn = cn=thepostfixadmin,dc=domain,dc=loc 665aliases_bind_pw = thepassword 666aliases_result_attribute = mailforwardingaddress 667aliases_version = 3 668 669mailboxes_server_host = 127.0.0.1 670mailboxes_search_base = dc=domain,dc=loc 671mailboxes_query_filter = (&(|(mail=%s)(mailalternateaddress=%s))(objectclass=posixaccount)(accountstatus=active)) 672mailboxes_bind_dn = cn=thepostfixadmin,dc=domain,dc=loc 673mailboxes_bind_pw = thepassword 674mailboxes_result_attribute = uid, mailforwardingaddress 675mailboxes_version = 3 676 677 678#SMTPD mit SASL-Authentification verwenden 679smtpd_sasl_auth_enable = yes 680 681#Zusatz-Optionen: Keine anonyme-Anmeldung verwenden 682smtpd_sasl_security_options = noanonymous 683 684#Wieder ein Workaround f�r �ltere Clients und Outlook 685broken_sasl_auth_clients = yes 686 687# ODER meine Netze und SASL erlauben 688smtpd_recipient_restrictions = 689 permit_mynetworks, 690 permit_sasl_authenticated, 691 reject_rbl_client relays.ordb.org, 692 reject_rbl_client sbl-xbl.spamhaus.org, 693 reject_rbl_client opm.blitzed.org, 694 reject_rbl_client dnsbl.njabl.org, 695 reject_rbl_client blackholes.wirehub.net, 696 reject_rbl_client list.dsbl.org, 697 reject_rbl_client dnsbl.sorbs.net, 698 reject_unauth_destination, 699 reject_non_fqdn_sender, 700 reject_non_fqdn_recipient, 701 reject_unauth_pipelining, 702 reject_unknown_sender_domain, 703 reject_unknown_recipient_domain 704 705# reject_unknown_client 706# reject_rbl_client proxies.relays.monkeys.com, 707 708# incoming SSL 709smtpd_use_tls = yes 710#smtpd_tls_auth_only = yes 711smtpd_tls_key_file = /etc/ssl/private/smtp.linux-at-work.de/smtp.linux-at-work.de.key 712smtpd_tls_cert_file = /etc/ssl/private/smtp.linux-at-work.de/smtp.linux-at-work.de.crt 713smtpd_tls_CAfile = /etc/ssl/certs/ca-cert.pem 714smtpd_tls_loglevel = 1 715smtpd_tls_received_header = yes 716smtpd_tls_session_cache_timeout = 3600s 717tls_random_source = dev:/dev/urandom 718 719#outgoing SSL 720smtp_tls_key_file = /etc/ssl/private/smtp.linux-at-work.de/smtp.linux-at-work.de.key 721smtp_tls_cert_file = /etc/ssl/private/smtp.linux-at-work.de/smtp.linux-at-work.de.crt 722smtp_tls_CAfile = /etc/ssl/certs/ca-cert.pem 723smtp_tls_CApath = /etc/ssl/certs 724smtp_tls_loglevel = 2 725# The server and client negotiate a session, which takes some computer time 726# and network bandwidth. The session is cached only in the smtpd process 727# actually using this session and is lost when the process dies. 728# To share the session information between the smtp processes, a disc based 729# session cache can be used based on the SDBM databases (routines included 730# in Postfix/TLS). Since concurrent writing must be supported, only SDBM 731# can be used. 732# 733smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache 734 735# By default TLS is disabled, so no difference to plain postfix is visible. 736# If you enable TLS it will be used when offered by the server. 737# WARNING: I didn't have access to other software (except those explicitely 738# listed) to test the interaction. On corresponding mailing list 739# there was a discussion going on about MS exchange servers offering 740# STARTTLS even if it is not configured, so it might be wise to not 741# use this option on your central mail hub, as you don't know in advance 742# whether you are going to hit such host. Use the recipient/site specific 743# options instead. 744# HINT: I have it switched on on my mailservers and did experience one 745# single failure since client side TLS is implemented. (There was one 746# misconfired MS Exchange server; I contacted ths admin.) Hence, I am happy 747# with it running all the time, but I am interested in testing anyway. 748# You have been warned, however :-) 749# 750# In case of failure, a "4xx" code is issued and the mail stays in the queue. 751# 752# Explicitely switch it on here, if you want it. 753# 754#smtp_use_tls = yes 755