stefanpejcic/main.cf

## main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP
biff = no
inet_protocols = ipv4

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/postfix/malware.expert.crt
smtpd_tls_key_file=/etc/postfix/malware.expert.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_note_starttls_offer   = yes
smtp_tls_security_level = may

# Conf
delay_warning_time = 4h
bounce_queue_lifetime = 5d
maximal_queue_lifetime = 5d
smtp_connect_timeout = 10s
smtpd_helo_required = yes
#It allows Postfix to log recipient address information when rejecting a client name/address or sender address
smtpd_delay_reject = yes
strict_rfc821_envelopes = yes
message_size_limit = 50000000

# Maps to Relay & Transport (Domains and Destination routing)
relay_domains 		= proxy:mysql:/etc/postfix/postfix-mysql-relay_domains_maps.cf
transport_maps 		= proxy:mysql:/etc/postfix/postfix-mysql-transport_maps.cf

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mx01.malware.expert
mydestination =  $myhostname, localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost =
# Which servers allowed send outgoing emails
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtpd_sender_restrictions =
    permit_mynetworks
    reject_non_fqdn_sender
    reject_unknown_sender_domain

smtpd_recipient_restrictions =
    permit_mynetworks
    reject_unauth_destination
    reject_invalid_helo_hostname
    warn_if_reject reject_non_fqdn_helo_hostname
    warn_if_reject reject_unknown_helo_hostname
    warn_if_reject reject_unknown_reverse_client_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_sender_domain
    reject_unknown_recipient_domain

smtpd_data_restrictions =
    reject_unauth_pipelining
    reject_multi_recipient_bounce
	# See /usr/share/postfix/main.cf.dist for a commented, more complete version

	smtpd_banner = $myhostname ESMTP
	biff = no
	inet_protocols = ipv4

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	readme_directory = no

	# TLS parameters
	smtpd_tls_cert_file=/etc/postfix/malware.expert.crt
	smtpd_tls_key_file=/etc/postfix/malware.expert.key
	smtpd_tls_security_level = may
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
	smtp_tls_note_starttls_offer = yes
	smtp_tls_security_level = may

	# Conf
	delay_warning_time = 4h
	bounce_queue_lifetime = 5d
	maximal_queue_lifetime = 5d
	smtp_connect_timeout = 10s
	smtpd_helo_required = yes
	#It allows Postfix to log recipient address information when rejecting a client name/address or sender address
	smtpd_delay_reject = yes
	strict_rfc821_envelopes = yes
	message_size_limit = 50000000

	# Maps to Relay & Transport (Domains and Destination routing)
	relay_domains = proxy:mysql:/etc/postfix/postfix-mysql-relay_domains_maps.cf
	transport_maps = proxy:mysql:/etc/postfix/postfix-mysql-transport_maps.cf

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	myhostname = mx01.malware.expert
	mydestination = $myhostname, localhost
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	myorigin = /etc/mailname
	relayhost =
	# Which servers allowed send outgoing emails
	mynetworks = 127.0.0.0/8
	mailbox_size_limit = 0
	recipient_delimiter = +
	inet_interfaces = all

	smtpd_sender_restrictions =
	permit_mynetworks
	reject_non_fqdn_sender
	reject_unknown_sender_domain

	smtpd_recipient_restrictions =
	permit_mynetworks
	reject_unauth_destination
	reject_invalid_helo_hostname
	warn_if_reject reject_non_fqdn_helo_hostname
	warn_if_reject reject_unknown_helo_hostname
	warn_if_reject reject_unknown_reverse_client_hostname
	reject_non_fqdn_sender
	reject_non_fqdn_recipient
	reject_unknown_sender_domain
	reject_unknown_recipient_domain

	smtpd_data_restrictions =
	reject_unauth_pipelining
	reject_multi_recipient_bounce