superboum/main.cf

## main.cf
message_size_limit = 204800000 # Big attachement file, not safe in prod :p

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/path/to/file.pem
smtpd_tls_key_file=/path/to/file.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#smtp_tls_policy_maps = hash:/path/to/tls_policy
smtp_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = example.home
relayhost = [my.relay.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 # I don't need auth for this IP
#mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
mailbox_size_limit = 0 # unlimited
recipient_delimiter = + # john+alias@example.com will be the same as john@example.com
inet_interfaces = all # Listen on all interfaces

# Force authentication for SMTP
smtp_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_local_domain = example.com
smtpd_sasl_authenticated_header = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_client
smtp_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
    permit_sasl_authenticated
    #check_recipient_access hash:/etc/postfix/filtered_domains
    permit_mynetworks
    reject_unauth_destination
inet_protocols = all
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

# Useful when you have a relay, in order to limit flood and ban !
slow_destination_recipient_limit = 20
slow_destination_concurrency_limit = 2

virtual_alias_domains = example.net, example.fr, example.org
virtual_alias_maps = hash:/etc/postfix/virtual
dovecot_destination_recipient_limit = 1
virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
virtual_mailbox_domains = example.com
virtual_transport = dovecot

## master.cf
# Not the full file
flags=DRhu user=mailstore:mailstore argv=/usr/bin/sudo /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}
	message_size_limit = 204800000 # Big attachement file, not safe in prod :p

	smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
	biff = no

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	# Uncomment the next line to generate "delayed mail" warnings
	#delay_warning_time = 4h

	readme_directory = no

	# TLS parameters
	smtpd_tls_cert_file=/path/to/file.pem
	smtpd_tls_key_file=/path/to/file.key
	smtpd_use_tls=yes
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
	#smtp_tls_policy_maps = hash:/path/to/tls_policy
	smtp_tls_security_level = may

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	myhostname = example.com
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	myorigin = /etc/mailname
	mydestination = example.home
	relayhost = [my.relay.com]:587
	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 # I don't need auth for this IP
	#mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
	mailbox_size_limit = 0 # unlimited
	recipient_delimiter = + # john+alias@example.com will be the same as john@example.com
	inet_interfaces = all # Listen on all interfaces

	# Force authentication for SMTP
	smtp_sasl_auth_enable = yes
	smtpd_sasl_path = smtpd
	smtpd_sasl_local_domain = example.com
	smtpd_sasl_authenticated_header = yes

	smtp_sasl_password_maps = hash:/etc/postfix/sasl_client
	smtp_sasl_security_options = noanonymous
	smtpd_recipient_restrictions =
	permit_sasl_authenticated
	#check_recipient_access hash:/etc/postfix/filtered_domains
	permit_mynetworks
	reject_unauth_destination
	inet_protocols = all
	smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination

	# Useful when you have a relay, in order to limit flood and ban !
	slow_destination_recipient_limit = 20
	slow_destination_concurrency_limit = 2

	virtual_alias_domains = example.net, example.fr, example.org
	virtual_alias_maps = hash:/etc/postfix/virtual
	dovecot_destination_recipient_limit = 1
	virtual_mailbox_maps = ldap:/etc/postfix/ldap-account.cf
	virtual_mailbox_domains = example.com
	virtual_transport = dovecot
	# Not the full file
	flags=DRhu user=mailstore:mailstore argv=/usr/bin/sudo /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}