Updated postfix configuration

author Giorgio Ravera <giorgio.ravera@gmail.com>

Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)

committer Giorgio Ravera <giorgio.ravera@gmail.com>

Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)
author Giorgio Ravera <giorgio.ravera@gmail.com>
Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)
committer Giorgio Ravera <giorgio.ravera@gmail.com>
Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)
diff --git a/main.cf b/main.cf

index 76e2ec6ce99cc6a3834d30dc0f54cf0c8da9128c..e37b829affffed085392dbd74066a407744f795a 100644 (file)
--- a/main.cf
+++ b/main.cf
@@ -1,6 +1,10 @@
  # See /usr/share/postfix/main.cf.dist for a commented, more complete version
  
-compatibility_level = 2
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
  
  biff = yes
  
@@ -10,13 +14,44 @@ append_dot_mydomain = no
  # Uncomment the next line to generate "delayed mail" warnings
  #delay_warning_time = 4h
  
-alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
-# Map applied to sender and recipent
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+# Alias
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+# General Settings
+myhostname = mail.giorgioravera.it
+mydomain = giorgioravera.it
+myorigin = /etc/mailname
+mydestination = localhost, localhost.localdomain
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 192.168.2.0/24 192.168.3.0/24 192.168.178.0/24
+inet_interfaces = all
+inet_protocols = all
+
+# Relay
+#relay_domains = /etc/postfix/ml-domains
+relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
+sender_dependent_relayhost_maps = mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
+#relayhost = [smtp.gmail.com]:587
+relayhost = [smtp.eu.sparkpostmail.com]:587
+
+# Mailbox settings
+mailbox_command = /usr/bin/procmail -a "$EXTENSION"
+mailbox_size_limit = 512000000
+message_size_limit = 20480000
+recipient_delimiter = +
+content_filter = amavis:[127.0.0.1]:10024
+
+# Maps applied to sender and recipent
  canonical_maps = mysql:/etc/postfix/mysql/canonical_maps.cf
-# Map applied to recipent only
+# Maps applied to recipent only
  #recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
-# Map applied to sender only
+# Maps applied to sender only
  #sender_canonical_maps = hash:/etc/postfix/sender_canonical
+# Bcc Maps
  #recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
  recipient_bcc_maps = mysql:/etc/postfix/mysql/recipient_bcc_maps.cf
  #sender_bcc_maps = hash:/etc/postfix/sender_bcc
@@ -41,22 +76,6 @@ virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
  #transport_maps = hash:/etc/postfix/transport
  transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf
  
-myhostname = mail.giorgioravera.it
-mydomain = giorgioravera.it
-myorigin = localhost.localdomain
-mydestination = localhost, localhost.localdomain
-#relay_domains = /etc/postfix/ml-domains
-relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
-mynetworks = 127.0.0.0/8, [::1]/128, 192.168.0.0/24, 192.168.2.0/24
-inet_protocols = all
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
-mailbox_size_limit = 512000000
-message_size_limit = 20480000
-recipient_delimiter = +
-content_filter = amavis:[127.0.0.1]:10024
-#content_filter = spamassassin
-mailman_destination_recipient_limit = 1
-
  # Evita header X-Original-To
  enable_original_recipient = no
  # Evita header Delivered-To
@@ -71,6 +90,7 @@ bounce_template_file = /etc/postfix/bounce.cf
  
  disable_vrfy_command = yes
  
+# SMTPD
  smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU Linux)
  
  # SMTPD Auth
@@ -83,21 +103,18 @@ broken_sasl_auth_clients = yes
  smtpd_sasl_authenticated_header = no
  
  # SMTPD SSL
-smtpd_use_tls = yes
+#smtpd_use_tls = yes
+#smtpd_tls_security_level = encrypt
+smtpd_tls_security_level = may
  #smtpd_tls_protocols = !SSLv2
-#smtpd_tls_key_file = /etc/ssl/giorgioravera.it/certs/mail.giorgioravera.it.key
-#smtpd_tls_cert_file = /etc/ssl/giorgioravera.it/certs/mail.giorgioravera.it.crt
-#smtpd_tls_CAfile = /etc/ssl/giorgioravera.it/ca.crt
-smtpd_tls_cert_file = /etc/ssl/giorgioravera.it/cert.pem
+smtpd_tls_cert_file = /etc/ssl/giorgioravera.it/fullchain.pem
  smtpd_tls_key_file = /etc/ssl/giorgioravera.it/privkey.pem
-smtpd_tls_CAfile = /etc/ssl/giorgioravera.it/chain.pem
  #smtpd_tls_loglevel = 2
  smtpd_tls_received_header = no
  smtpd_tls_session_cache_timeout = 3600s
  tls_random_source = dev:/dev/urandom
  
  # SMTPD Restrictions 
-# Allow connections from trusted networks only.
  smtpd_client_restrictions = permit_mynetworks,
         permit_sasl_authenticated, 
         reject_unauth_pipelining,
@@ -138,24 +155,22 @@ smtpd_recipient_restrictions = permit_mynetworks,
         reject_rbl_client dul.dnsbl.sorbs.net,
         reject_rhsbl_helo dbl.spamhaus.org,
         reject_rhsbl_sender dbl.spamhaus.org
-
  smtpd_error_sleep_time = 1s
  smtpd_soft_error_limit = 10
  smtpd_hard_error_limit = 20
  
  # SMTP Client
-smtp_use_tls = yes
+#smtp_use_tls = yes
+#smtp_tls_security_level = encrypt
+smtp_tls_security_level = may
  smtp_sasl_auth_enable = yes
  smtp_sasl_security_options = noanonymous
+#smtp_sasl_mechanism_filter = plain login
  #smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwd
  smtp_sasl_password_maps = mysql:/etc/postfix/mysql/smtp_sasl_passwd_maps.cf
  #smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
  smtp_tls_policy_maps = mysql:/etc/postfix/mysql/smtp_tls_policy_maps.cf
  smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-sender_dependent_relayhost_maps = mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
-#smtp_sasl_mechanism_filter = plain login
-#relayhost = [smtp.gmail.com]:587
-relayhost = [smtp.eu.sparkpostmail.com]:587
  
  # Blocchi generici
  #invalid_hostname_reject_code = 554
@@ -172,3 +187,4 @@ relayhost = [smtp.eu.sparkpostmail.com]:587
  #unknown_virtual_mailbox_reject_code = 554
  #unverified_recipient_reject_code = 554
  #unverified_sender_reject_code = 554
+cyrus_sasl_config_path = /etc/postfix/sasl
diff --git a/master.cf b/master.cf

index 2e1613ed3fd06f546a707279e01acc7a8247ef0b..9d9f9793a45c3e7ee386119527f03cac17c37172 100644 (file)
--- a/master.cf
+++ b/master.cf
@@ -144,7 +144,7 @@ spamassassin unix -     n       n       -       -       pipe
  amavis    unix  -       -       y       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
-  -o disable_dns_lookups=yes
+  -o smtp_dns_support_level=disabled
    -o max_use=20
  
  127.0.0.1:10025 inet n  -       y       -       -       smtpd
author	Giorgio Ravera <giorgio.ravera@gmail.com>
	Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)
committer	Giorgio Ravera <giorgio.ravera@gmail.com>
	Wed, 21 Jan 2026 10:17:24 +0000 (11:17 +0100)
main.cf		patch \| blob \| history
master.cf		patch \| blob \| history