myhostname = smtp.balsillie.net mydomain = balsillie.net myorigin = $mydomain mynetworks = 127.0.0.0/8 10.64.0.0/12 10.96.10.0/24 mydestination = $myhostname localhost biff = no bounce_queue_lifetime = 1d broken_sasl_auth_clients = no compatibility_level = 3.6 header_checks = pcre:/config/header_checks.pcre inet_interfaces = all inet_protocols = ipv4 lmtp_tls_loglevel = 1 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 lmtp_tls_security_level = none lmtp_tls_wrappermode = no lmtp_use_tls = no local_recipient_maps = local_transport = local:$myhostname mailbox_size_limit = 51200000 maillog_file = /dev/stdout maximal_queue_lifetime = 1d message_size_limit = 51200000 mime_header_checks = $header_checks # Milters milter_protocol = 6 milter_default_action = accept dkim_milter = inet:127.0.0.1:8891 # dmarc_milter = inet:localhost:8893 # smtpd_milters = $dkim_milter,$dmarc_milter smtpd_milters = $dkim_milter non_smtpd_milters = $dkim_milter postscreen_access_list = postscreen_denylist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_allowlist_threshold = -1 postscreen_dnsbl_sites = zen.spamhaus.org=127.0.1.[2..254]*3, ix.dnsbl.manitu.net*3, bl.spamcop.net, b.barracudacentral.org, safe.dnsbl.sorbs.net, swl.spamhaus.org*-10, postscreen_dnsbl_threshold = 3 postscreen_greet_action = ignore postscreen_greet_banner = postscreen_upstream_proxy_protocol = # proxy_interfaces = x.x.x.x # Set with postconf during startup recipient_delimiter = + relay_domains = relayhost = sender_dependent_relayhost_maps = smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = dane smtpd_banner = $myhostname ESMTP # SASL - SMTPS sasl settings specified in master.cf smtpd_sasl_auth_enable = no # SMTPD restrictions smtpd_helo_required = yes smtpd_delay_reject = yes smtpd_client_restrictions = reject_unknown_client_hostname smtpd_helo_restrictions = reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_relay_restrictions = permit_auth_destination, reject_unauth_destination smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unlisted_recipient smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce # client , reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org # helo , reject_rhsbl_helo dbl.spamhaus.org # sender , reject_rhsbl_sender dbl.spamhaus.org smtpd_tls_cert_file=/cert/tls.crt smtpd_tls_key_file=/cert/tls.key smtpd_tls_dh1024_param_file = /cert/dhparams.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_security_level = encrypt tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 tls_preempt_cipherlist = no tls_ssl_options = NO_COMPRESSION unverified_recipient_reject_code = 577 virtual_alias_maps = ldap:/config/ldap_users.cf virtual_mailbox_base = virtual_mailbox_domains = $mydomain virtual_mailbox_maps = $virtual_alias_maps virtual_transport = lmtp:unix:private/dovecot-lmtp