From 5f3e18aa9b6ad4e74d560aedc7d2e3369fb98bea Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <thallian@users.noreply.github.com>
Date: Fri, 28 Oct 2016 13:05:20 +0200
Subject: [PATCH] Update main.cf.tmpl

---
 rootfs/etc/confd/templates/main.cf.tmpl | 30 +++++++++++++------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index d82f657..a355d2e 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -11,25 +11,27 @@ mynetworks_style = subnet
 relay_domains = $mydestination
 recipient_delimiter = +
 
-mailbox_transport = lmtp:{{getenv "LMTPHOST"}}
-mailbox_size_limit = {{getenv "MAILBOXSIZELIMIT"}}
-smtpd_banner = {{getenv "SMTP"}} $myhostname ESMTP $mail_name
+mailbox_transport = lmtp:{{getenv "LMTP_HOST"}}
+mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}}
+smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name
 
 virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf
 virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf
 virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf
-virtual_transport = lmtp:inet:{{getenv "LMTPHOST"}}:{{getenv "LMTPPORT"}}
+virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}
 
-smtpd_tls_key_file=/etc/ssl/mail/privkey.pem
-smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem
+smtpd_tls_key_file=/etc/ssl/mail/{{getenv "KEYNAME" "privkey.pem"}}
+smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERTNAME" "fullchain.pem"}}
 
-smtpd_tls_security_level = {{getenv "TLSSECURITYLEVEL"}}
+smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
 smtpd_tls_auth_only = yes
 
-smtpd_tls_mandatory_protocols = {{getenv "TLSMANDATORYPROTOCOLS"}}
-smtpd_tls_mandatory_ciphers = {{getenv "TLSMANDATORYCIPHERS"}}
-smtpd_tls_ciphers = {{getenv "TLSCIPHERS"}}
-smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}}
+smtpd_tls_mandatory_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}}
+smtpd_tls_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}}
+smtpd_tls_mandatory_ciphers = {{getenv "TLS_CIPHERS" "high"}}
+smtpd_tls_ciphers = {{getenv "TLS_CIPHERS" "high"}}
+smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}}
+smtpd_tls_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}}
 smtpd_tls_wrappermode = no
 
 smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
@@ -42,20 +44,20 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 smtpd_sasl_type = dovecot
-smtpd_sasl_path = inet:{{getenv "DOVECOTHOST"}}:{{getenv "DOVECOTAUTHPORT"}}
+smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
 smtpd_sasl_auth_enable = yes
 
 smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
 
 smtpd_milters =
     unix:/var/run/spamass-milter/spamass.sock
-    inet:{{getenv "DKIMHOST"}}:{{getenv "DKIMPORT"}}
+    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
 non_smtpd_milters = $smtpd_milters
 milter_default_action = accept
 milter_macro_daemon_name = ORIGINATING
 milter_connect_macros = "i j {daemon_name} v {if_name} _"
 
-message_size_limit = {{getenv "MESSAGESIZELIMIT"}}
+message_size_limit = {{getenv "MESSAGE_SIZELIMIT" "20000000"}}
 
 tls_preempt_cipherlist = yes