smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no readme_directory = no compatibility_level = 2 # TLS parameters smtp_dns_support_level = dnssec smtp_tls_cert_file = /etc/letsencrypt/live/quietlife.nl/fullchain.pem smtp_tls_key_file = /etc/letsencrypt/live/quietlife.nl/privkey.pem smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/quietlife.nl/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/quietlife.nl/privkey.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_received_header = yes # Use strong ciphers smtp_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3 smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3 smtp_tls_ciphers = high smtp_tls_mandatory_ciphers = high smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8, 3DES, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256, MD5, SHA smtpd_tls_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3 smtpd_tls_ciphers = high smtpd_tls_mandatory_ciphers = high smtpd_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA, SEED, ARIA, CAMELLIA, AESCCM8, 3DES, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256, MD5, SHA smtpd_tls_eecdh_grade = ultra smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem tls_eecdh_ultra_curve = secp384r1 tls_high_cipherlist = EECDH+AESGCM:EDH+AESGCM tls_preempt_cipherlist = yes tls_ssl_options= NO_COMPRESSION, NO_RENEGOTIATION # Enable SMTP for authenticated users and hand off authentication to Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # Network and host parameters inet_interfaces = all inet_protocols = all mydestination = localhost myhostname = vitas.quietlife.nl mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname # Mail queue parameters maximal_queue_lifetime = 12h bounce_queue_lifetime = 12h maximal_backoff_time = 1h minimal_backoff_time = 5m queue_run_delay = 5m # Mailbox parameters alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases recipient_delimiter = + disable_vrfy_command = yes # Hand off local delivery to Dovecot's LMTP and tell it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp # Virtual domains, users and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf # Strip MUA headers smtp_header_checks = regexp:/etc/postfix/header_checks