compatibility_level = 2 mail_owner = postfix myhostname = {{getenv "MYHOSTNAME"}} mydomain = {{getenv "MYDOMAIN"}} myorigin = $mydomain mydestination = localhost unknown_local_recipient_reject_code = 550 mynetworks_style = subnet relay_domains = $mydestination recipient_delimiter = + mailbox_transport = lmtp:{{getenv "LMTP_HOST"}} mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}} smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}} smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}} smtpd_tls_auth_only = yes smtpd_tls_mandatory_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}} smtpd_tls_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}} smtpd_tls_mandatory_ciphers = {{getenv "TLS_CIPHERS" "high"}} smtpd_tls_ciphers = {{getenv "TLS_CIPHERS" "high"}} smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}} smtpd_tls_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}} smtpd_tls_wrappermode = no smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers smtp_tls_ciphers = $smtpd_tls_ciphers lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers lmtp_tls_ciphers = $smtpd_tls_ciphers smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_sasl_type = dovecot smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}} smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination smtpd_milters = unix:/var/run/spamass-milter/spamass.sock inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}} non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_macro_daemon_name = ORIGINATING milter_connect_macros = "i j {daemon_name} v {if_name} _" message_size_limit = {{getenv "MESSAGE_SIZELIMIT" "20000000"}} tls_preempt_cipherlist = yes smtputf8_enable = no biff = no