#### POSTFIX MAIN.CF #### ## Configured to use sasl + tls ## ## Standard stuff -- defaults should be fine queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix ## Your network details - MUST BE CHANGED FOR YOUR NETWORK myhostname = `hostname` mydomain = your.domain.com myorigin = $mydomain ## open up the interfaces inet_interfaces = all ## my destination specifies who you will deliver mail for. The following is standard mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 ## Specify trusted networks - CHANGE THIS TO MATCH YOUR TRUSTED NETWORKS ## See comments in original main.cf for other options here mynetworks = 172.16.0.0/16, 127.0.0.0/8 ## More standard stuff. Default should be fine alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.1.5/samples readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES #### SASL bits #### smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options=noanonymous ## You can add "permit_mynetworks" here to allow mynetworks clients to send mail without authenticating smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_relay_domains smtpd_delay_reject = yes ## this is necessary for some email clients broken_sasl_auth_clients = yes #### TLS bits #### smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes ## Location of key, cert and CA-cert. ## These files need to be generated using openssl smtpd_tls_key_file = /usr/share/ssl/certs/key.pem smtpd_tls_cert_file = /usr/share/ssl/certs/cert.pem smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_exchange_name = /var/run/prng_exch tls_random_source = dev:/dev/urandom tls_smtp_use_tls = yes ipv6_version = 1.25