diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index eedbc8b..df42ad1 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -13,6 +13,7 @@ mynetworks_style = subnet relay_domains = $mydestination recipient_delimiter = + mailbox_transport = lmtp:{{getenv "LMTPHOST"}} +mailbox_size_limit = {{getenv "MAILBOXSIZELIMIT"}} smtpd_banner = $myhostname ESMTP $mail_name virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf @@ -30,3 +31,10 @@ milter_default_action = accept milter_connect_macros = "i j {daemon_name} v {if_name} _" message_size_limit = {{getenv "MESSAGESIZELIMIT"}} sender_dependent_default_transport_maps = hash:/etc/postfix/sender-transport +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtpd_tls_mandatory_protocols = {{getenv "TLSMANDATORYPROTOCOLS"}} +tls_preempt_cipherlist = yes +smtpd_tls_mandatory_ciphers = {{getenv "TLSMANDATORYCIPHERS"}} +smtpd_tls_ciphers = {{getenv "TLSCIPHERS"}} +smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}} \ No newline at end of file diff --git a/rootfs/etc/confd/templates/master.cf.tmpl b/rootfs/etc/confd/templates/master.cf.tmpl index dc8199a..bed11a8 100644 --- a/rootfs/etc/confd/templates/master.cf.tmpl +++ b/rootfs/etc/confd/templates/master.cf.tmpl @@ -1,13 +1,16 @@ smtp inet n - - - - smtpd + -o syslog_name=postfix/smtp -o myhostname={{getenv "MYDOMAIN"}} -o smtpd_tls_key_file=/etc/ssl/mail/privkey.pem -o smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem {{getenv "MYDOMAIN"}}-out unix - - - - - smtp -o smtp_helo_name={{getenv "MYHOSTNAME"}} + -o syslog_name=postfix/smtp-out submission inet n - - - - smtpd -o syslog_name=postfix/submission + -o smtpd_tls_wrappermode=no -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination