# chain myhostname = mail.@smtphost@ mydomain = @smtphost@ myorigin = $mydomain mydestination = $mydomain, localhost.$mydomain, localhost, @server_domains@ alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases compatibility_level = 2 relayhost = mynetworks = 127.0.0.0/8 inet_interfaces = all home_mailbox = Maildir/ mailbox_size_limit = 0 recipient_delimiter = + queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix/bin/ data_directory = /var/lib/postfix html_directory = /usr/share/doc/packages/postfix-doc/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix-doc/samples readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES mail_spool_directory = /var/mail # dkim smtpd_milters = unix:/var/spool/postfix/opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters milter_default_action = accept internal_mail_filter_classes = bounce # tls ... tls_random_source = dev:/dev/urandom tls_append_default_CA = no smtp_tls_loglevel = 3 smtp_tls_security_level = encrypt smtp_tls_CApath = /etc/ssl/certs smtp_tls_CAfile = /srv/webroot/@smtphost@/ssl/cert.pem smtpd_tls_key_file = /srv/webroot/@smtphost@/ssl/privkey.pem smtpd_tls_cert_file = /srv/webroot/@smtphost@/ssl/fullchain.pem smtpd_tls_loglevel = 3 smtpd_tls_security_level = encrypt smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_received_header = yes smtpd_tls_CApath = /etc/easy-rsa/pki smtpd_tls_CAfile = /etc/easy-rsa/pki/ca.crt smtpd_relay_restrictions = permit_mynetworks, permit_tls_all_clientcerts, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_tls_all_clientcerts, reject_unauth_destination meta_directory = /usr/lib/postfix setgid_group = maildrop newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq sendmail_path = /usr/sbin/sendmail mail_owner = postfix shlib_directory = /usr/lib/postfix inet_protocols = ipv4