# ============ Basic settings ============ # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix html_directory = /usr/share/doc/postfix/html ## - The Internet protocols Postfix will attempt to use when making ## - or accepting connections. ## - DEFAULT: ipv4 inet_protocols = ipv4 #inet_interfaces = all inet_interfaces = 127.0.0.1 #192.168.92.254 myhostname = gw-spr.sprachenatelier.netz mydestination = gw-spr.sprachenatelier.netz localhost ## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - mynetworks = 127.0.0.0/8 192.168.92.254/32 smtp_bind_address = smtp_bind_address6 = ## - The method to generate the default value for the mynetworks parameter. ## - ## - mynetworks_style = host" when Postfix should "trust" only the local machine ## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP ## - clients in the same IP subnetworks as the local machine. ## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same ## - IP class A/B/C networks as the local machine. ## - #mynetworks_style = host ## - The maximal size of any local(8) individual mailbox or maildir file, ## - or zero (no limit). In fact, this limits the size of any file that is ## - written to upon local delivery, including files written by external ## - commands that are executed by the local(8) delivery agent. ## - mailbox_size_limit = 0 ## - The maximal size in bytes of a message, including envelope information. ## - ## - we user 50MB ## - message_size_limit = 52480000 ## - The system-wide recipient address extension delimiter ## - recipient_delimiter = + ## - The alias databases that are used for local(8) delivery. ## - alias_maps = hash:/etc/aliases ## - The alias databases for local(8) delivery that are updated ## - with "newaliases" or with "sendmail -bi". ## - alias_database = hash:/etc/aliases ## - The maximal time a message is queued before it is sent back as ## - undeliverable. Defaults to 5d (5 days) ## - Specify 0 when mail delivery should be tried only once. ## - maximal_queue_lifetime = 3d bounce_queue_lifetime = $maximal_queue_lifetime ## - delay_warning_time (default: 0h) ## - ## - The time after which the sender receives a copy of the message ## - headers of mail that is still queued. To enable this feature, ## - specify a non-zero time value (an integral value plus an optional ## - one-letter suffix that specifies the time unit). ## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). ## - The default time unit is h (hours). delay_warning_time = 1d # ============ Relay parameters ============ #relayhost = # ============ SASL authentication ============ # Enable SASL authentication smtp_sasl_auth_enable = yes # Forwarding to the ip-adress of host b.mx.oopen.de relayhost = [b.mx.oopen.de] # File including login data smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Force using a (TLS) security connection # obsulete - use smtp_tls_security_level instead #smtp_use_tls = yes #smtp_tls_enforce_peername = no smtp_tls_security_level = encrypt # Disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # ============ TLS parameters ============ ## - Aktiviert TLS für den Mailempfang ## - ## - may: ## - Opportunistic TLS. Use TLS if this is supported by the remote ## - SMTP server, otherwise use plaintext ## - ## - This overrides the obsolete parameters smtpd_use_tls and ## - smtpd_enforce_tls. This parameter is ignored with ## - "smtpd_tls_wrappermode = yes". #smtpd_use_tls=yes smtp_tls_security_level=encrypt ## - Aktiviert TLS für den Mailversand ## - ## - may: ## - Opportunistic TLS: announce STARTTLS support to SMTP clients, ## - but do not require that clients use TLS encryption. # smtp_use_tls=yes smtpd_tls_security_level=may ## - 0 Disable logging of TLS activity. ## - 1 Log TLS handshake and certificate information. ## - 2 Log levels during TLS negotiation. ## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. ## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. ## - smtpd_tls_loglevel = 1 smtp_tls_loglevel = 1 smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem ## - also possible to use 2048 key with that parameter ## - smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem ## - File containing CA certificates of root CAs trusted to sign either remote SMTP ## - server certificates or intermediate CA certificates. These are loaded into ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail. ## - smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt ## - Directory with PEM format certificate authority certificates that the Postfix SMTP ## - client uses to verify a remote SMTP server certificate. Don't forget to create the ## - necessary "hash" links with, for example, " ## - /bin/c_rehash /etc/postfix/certs". ## - ## - !! Note !! ## - To use this option in chroot mode, this directory (or a copy) must be inside ## - the chroot jail. ## - ## - Note that a chrooted daemon resolves all filenames relative to the Postfix ## - queue directory (/var/spool/postfix) ## - #smtpd_tls_CApath = /etc/postfix/certs # Disable SSLv2 SSLv3 - Postfix SMTP server # # List of TLS protocols that the Postfix SMTP server will exclude or # include with opportunistic TLS encryption. smtpd_tls_protocols = !SSLv2, !SSLv3 # # The SSL/TLS protocols accepted by the Postfix SMTP server # with mandatory TLS encryption. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 # Disable SSLv2 SSLv3 - Postfix SMTP client # # List of TLS protocols that the Postfix SMTP client will exclude or # include with opportunistic TLS encryption. smtp_tls_protocols = !SSLv2, !SSLv3 # # List of SSL/TLS protocols that the Postfix SMTP client will use # with mandatory TLS encryption smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 ## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange ## - openssl > 1.0 ## - smtpd_tls_eecdh_grade = strong # standard list cryptographic algorithm tls_preempt_cipherlist = yes # Disable ciphers which are less than 256-bit: # #smtpd_tls_mandatory_ciphers = high # # opportunistic smtpd_tls_ciphers = high # Exclude ciphers #smtpd_tls_exclude_ciphers = # RC4 # aNULL # SEED-SHA # EXP # MD5 smtpd_tls_exclude_ciphers = aNULL eNULL EXPORT DES RC4 MD5 PSK aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5, CBC3-SHA smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache