|
|
@ -11,7 +11,7 @@ address_verify_map = btree:$data_directory/verify_cache |
|
|
|
address_verify_negative_cache = yes |
|
|
|
address_verify_negative_expire_time = 3d |
|
|
|
address_verify_negative_refresh_time = 3h |
|
|
|
address_verify_poll_count = ${stress?1}${stress:3} |
|
|
|
address_verify_poll_count = ${stress?{1}:{3}} |
|
|
|
address_verify_poll_delay = 3s |
|
|
|
address_verify_positive_expire_time = 31d |
|
|
|
address_verify_positive_refresh_time = 7d |
|
|
@ -35,7 +35,7 @@ always_bcc = |
|
|
|
anvil_rate_time_unit = 60s |
|
|
|
anvil_status_update_time = 600s |
|
|
|
append_at_myorigin = yes |
|
|
|
append_dot_mydomain = yes |
|
|
|
append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}} |
|
|
|
application_event_drain_time = 100s |
|
|
|
authorized_flush_users = static:anyone |
|
|
|
authorized_mailq_users = static:anyone |
|
|
@ -59,6 +59,8 @@ cleanup_service_name = cleanup |
|
|
|
command_execution_directory = |
|
|
|
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ |
|
|
|
command_time_limit = 1000s |
|
|
|
compatibility_level = 0 |
|
|
|
confirm_delay_cleared = no |
|
|
|
connection_cache_protocol_timeout = 5s |
|
|
|
connection_cache_service_name = scache |
|
|
|
connection_cache_status_update_time = 600s |
|
|
@ -73,6 +75,7 @@ debugger_command = |
|
|
|
default_delivery_slot_cost = 5 |
|
|
|
default_delivery_slot_discount = 50 |
|
|
|
default_delivery_slot_loan = 3 |
|
|
|
default_delivery_status_filter = |
|
|
|
default_destination_concurrency_failed_cohort_limit = 1 |
|
|
|
default_destination_concurrency_limit = 20 |
|
|
|
default_destination_concurrency_negative_feedback = 1 |
|
|
@ -169,6 +172,7 @@ ipc_ttl = 1000s |
|
|
|
line_length_limit = 2048 |
|
|
|
lmdb_map_size = 16777216 |
|
|
|
lmtp_address_preference = any |
|
|
|
lmtp_address_verify_target = rcpt |
|
|
|
lmtp_assume_final = no |
|
|
|
lmtp_bind_address = |
|
|
|
lmtp_bind_address6 = |
|
|
@ -187,6 +191,7 @@ lmtp_defer_if_no_mx_address_found = no |
|
|
|
lmtp_delivery_slot_cost = $default_delivery_slot_cost |
|
|
|
lmtp_delivery_slot_discount = $default_delivery_slot_discount |
|
|
|
lmtp_delivery_slot_loan = $default_delivery_slot_loan |
|
|
|
lmtp_delivery_status_filter = $default_delivery_status_filter |
|
|
|
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit |
|
|
|
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit |
|
|
|
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback |
|
|
@ -195,6 +200,7 @@ lmtp_destination_rate_delay = $default_destination_rate_delay |
|
|
|
lmtp_destination_recipient_limit = $default_destination_recipient_limit |
|
|
|
lmtp_discard_lhlo_keyword_address_maps = |
|
|
|
lmtp_discard_lhlo_keywords = |
|
|
|
lmtp_dns_reply_filter = |
|
|
|
lmtp_dns_resolver_options = |
|
|
|
lmtp_dns_support_level = |
|
|
|
lmtp_enforce_tls = no |
|
|
@ -274,12 +280,14 @@ lmtp_tls_session_cache_database = |
|
|
|
lmtp_tls_session_cache_timeout = 3600s |
|
|
|
lmtp_tls_trust_anchor_file = |
|
|
|
lmtp_tls_verify_cert_match = hostname |
|
|
|
lmtp_tls_wrappermode = no |
|
|
|
lmtp_use_tls = no |
|
|
|
lmtp_xforward_timeout = 300s |
|
|
|
local_command_shell = |
|
|
|
local_delivery_slot_cost = $default_delivery_slot_cost |
|
|
|
local_delivery_slot_discount = $default_delivery_slot_discount |
|
|
|
local_delivery_slot_loan = $default_delivery_slot_loan |
|
|
|
local_delivery_status_filter = $default_delivery_status_filter |
|
|
|
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit |
|
|
|
local_destination_concurrency_limit = 2 |
|
|
|
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback |
|
|
@ -298,8 +306,8 @@ local_transport = local:$myhostname |
|
|
|
luser_relay = |
|
|
|
mail_name = Postfix |
|
|
|
mail_owner = postfix |
|
|
|
mail_release_date = 20140507 |
|
|
|
mail_version = 2.11.1 |
|
|
|
mail_release_date = 20150208 |
|
|
|
mail_version = 3.0.0 |
|
|
|
mailbox_command = |
|
|
|
mailbox_command_maps = |
|
|
|
mailbox_delivery_lock = fcntl, dotlock |
|
|
@ -316,6 +324,7 @@ max_idle = 100s |
|
|
|
max_use = 100 |
|
|
|
maximal_backoff_time = 4000s |
|
|
|
maximal_queue_lifetime = 5d |
|
|
|
message_drop_headers = bcc, content-length, resent-bcc, return-path |
|
|
|
message_reject_characters = |
|
|
|
message_size_limit = 10240000 |
|
|
|
message_strip_characters = |
|
|
@ -346,7 +355,6 @@ multi_instance_name = |
|
|
|
multi_instance_wrapper = |
|
|
|
multi_recipient_bounce_reject_code = 550 |
|
|
|
mydestination = $myhostname, localhost.$mydomain, localhost |
|
|
|
mynetworks_style = subnet |
|
|
|
myorigin = $myhostname |
|
|
|
nested_header_checks = $header_checks |
|
|
|
non_fqdn_reject_code = 504 |
|
|
@ -356,6 +364,7 @@ owner_request_special = yes |
|
|
|
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps |
|
|
|
permit_mx_backup_networks = |
|
|
|
pickup_service_name = pickup |
|
|
|
pipe_delivery_status_filter = $default_delivery_status_filter |
|
|
|
plaintext_reject_code = 450 |
|
|
|
postmulti_control_commands = reload flush |
|
|
|
postmulti_start_commands = start |
|
|
@ -371,7 +380,7 @@ postscreen_cache_retention_time = 7d |
|
|
|
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit |
|
|
|
postscreen_command_count_limit = 20 |
|
|
|
postscreen_command_filter = |
|
|
|
postscreen_command_time_limit = ${stress?10}${stress:300}s |
|
|
|
postscreen_command_time_limit = ${stress?{10}:{300}}s |
|
|
|
postscreen_disable_vrfy_command = $disable_vrfy_command |
|
|
|
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps |
|
|
|
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords |
|
|
@ -379,6 +388,7 @@ postscreen_dnsbl_action = ignore |
|
|
|
postscreen_dnsbl_reply_map = |
|
|
|
postscreen_dnsbl_sites = |
|
|
|
postscreen_dnsbl_threshold = 1 |
|
|
|
postscreen_dnsbl_timeout = 10s |
|
|
|
postscreen_dnsbl_ttl = 1h |
|
|
|
postscreen_dnsbl_whitelist_threshold = 0 |
|
|
|
postscreen_enforce_tls = $smtpd_enforce_tls |
|
|
@ -387,7 +397,7 @@ postscreen_forbidden_commands = $smtpd_forbidden_commands |
|
|
|
postscreen_greet_action = ignore |
|
|
|
postscreen_greet_banner = $smtpd_banner |
|
|
|
postscreen_greet_ttl = 1d |
|
|
|
postscreen_greet_wait = ${stress?2}${stress:6}s |
|
|
|
postscreen_greet_wait = ${stress?{2}:{6}}s |
|
|
|
postscreen_helo_required = $smtpd_helo_required |
|
|
|
postscreen_non_smtp_command_action = drop |
|
|
|
postscreen_non_smtp_command_enable = no |
|
|
@ -405,12 +415,12 @@ postscreen_use_tls = $smtpd_use_tls |
|
|
|
postscreen_watchdog_timeout = 10s |
|
|
|
postscreen_whitelist_interfaces = static:all |
|
|
|
prepend_delivered_header = command, file, forward |
|
|
|
process_id = 6537 |
|
|
|
process_id = 25939 |
|
|
|
process_id_directory = pid |
|
|
|
process_name = postconf |
|
|
|
propagate_unmatched_extensions = canonical, virtual |
|
|
|
proxy_interfaces = |
|
|
|
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps |
|
|
|
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions |
|
|
|
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map |
|
|
|
proxymap_service_name = proxymap |
|
|
|
proxywrite_service_name = proxywrite |
|
|
@ -447,7 +457,7 @@ relay_destination_concurrency_negative_feedback = $default_destination_concurren |
|
|
|
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback |
|
|
|
relay_destination_rate_delay = $default_destination_rate_delay |
|
|
|
relay_destination_recipient_limit = $default_destination_recipient_limit |
|
|
|
relay_domains = $mydestination |
|
|
|
relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} |
|
|
|
relay_domains_reject_code = 554 |
|
|
|
relay_extra_recipient_limit = $default_extra_recipient_limit |
|
|
|
relay_initial_destination_concurrency = $initial_destination_concurrency |
|
|
@ -493,6 +503,7 @@ setgid_group = postdrop |
|
|
|
show_user_unknown_table_name = yes |
|
|
|
showq_service_name = showq |
|
|
|
smtp_address_preference = any |
|
|
|
smtp_address_verify_target = rcpt |
|
|
|
smtp_always_send_ehlo = yes |
|
|
|
smtp_bind_address = |
|
|
|
smtp_bind_address6 = |
|
|
@ -511,6 +522,7 @@ smtp_defer_if_no_mx_address_found = no |
|
|
|
smtp_delivery_slot_cost = $default_delivery_slot_cost |
|
|
|
smtp_delivery_slot_discount = $default_delivery_slot_discount |
|
|
|
smtp_delivery_slot_loan = $default_delivery_slot_loan |
|
|
|
smtp_delivery_status_filter = $default_delivery_status_filter |
|
|
|
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit |
|
|
|
smtp_destination_concurrency_limit = $default_destination_concurrency_limit |
|
|
|
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback |
|
|
@ -519,6 +531,7 @@ smtp_destination_rate_delay = $default_destination_rate_delay |
|
|
|
smtp_destination_recipient_limit = $default_destination_recipient_limit |
|
|
|
smtp_discard_ehlo_keyword_address_maps = |
|
|
|
smtp_discard_ehlo_keywords = |
|
|
|
smtp_dns_reply_filter = |
|
|
|
smtp_dns_resolver_options = |
|
|
|
smtp_dns_support_level = |
|
|
|
smtp_enforce_tls = no |
|
|
@ -599,6 +612,7 @@ smtp_tls_session_cache_database = |
|
|
|
smtp_tls_session_cache_timeout = 3600s |
|
|
|
smtp_tls_trust_anchor_file = |
|
|
|
smtp_tls_verify_cert_match = hostname |
|
|
|
smtp_tls_wrappermode = no |
|
|
|
smtp_use_tls = no |
|
|
|
smtp_xforward_timeout = 300s |
|
|
|
smtpd_authorized_verp_clients = $authorized_verp_clients |
|
|
@ -619,26 +633,31 @@ smtpd_delay_open_until_valid_rcpt = yes |
|
|
|
smtpd_delay_reject = yes |
|
|
|
smtpd_discard_ehlo_keyword_address_maps = |
|
|
|
smtpd_discard_ehlo_keywords = |
|
|
|
smtpd_dns_reply_filter = |
|
|
|
smtpd_end_of_data_restrictions = |
|
|
|
smtpd_enforce_tls = no |
|
|
|
smtpd_error_sleep_time = 1s |
|
|
|
smtpd_etrn_restrictions = |
|
|
|
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ |
|
|
|
smtpd_forbidden_commands = CONNECT GET POST |
|
|
|
smtpd_hard_error_limit = ${stress?1}${stress:20} |
|
|
|
smtpd_hard_error_limit = ${stress?{1}:{20}} |
|
|
|
smtpd_helo_required = no |
|
|
|
smtpd_helo_restrictions = |
|
|
|
smtpd_history_flush_threshold = 100 |
|
|
|
smtpd_junk_command_limit = ${stress?1}${stress:100} |
|
|
|
smtpd_junk_command_limit = ${stress?{1}:{100}} |
|
|
|
smtpd_log_access_permit_actions = |
|
|
|
smtpd_milters = |
|
|
|
smtpd_noop_commands = |
|
|
|
smtpd_null_access_lookup_key = <> |
|
|
|
smtpd_peername_lookup = yes |
|
|
|
smtpd_per_record_deadline = ${stress?yes}${stress:no} |
|
|
|
smtpd_per_record_deadline = ${stress?{yes}:{no}} |
|
|
|
smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem |
|
|
|
smtpd_policy_service_max_idle = 300s |
|
|
|
smtpd_policy_service_max_ttl = 1000s |
|
|
|
smtpd_policy_service_request_limit = 0 |
|
|
|
smtpd_policy_service_retry_delay = 1s |
|
|
|
smtpd_policy_service_timeout = 100s |
|
|
|
smtpd_policy_service_try_limit = 2 |
|
|
|
smtpd_proxy_ehlo = $myhostname |
|
|
|
smtpd_proxy_filter = |
|
|
|
smtpd_proxy_options = |
|
|
@ -664,8 +683,8 @@ smtpd_sender_login_maps = |
|
|
|
smtpd_sender_restrictions = |
|
|
|
smtpd_service_name = smtpd |
|
|
|
smtpd_soft_error_limit = 10 |
|
|
|
smtpd_starttls_timeout = ${stress?10}${stress:300}s |
|
|
|
smtpd_timeout = ${stress?10}${stress:300}s |
|
|
|
smtpd_starttls_timeout = ${stress?{10}:{300}}s |
|
|
|
smtpd_timeout = ${stress?{10}:{300}}s |
|
|
|
smtpd_tls_CAfile = |
|
|
|
smtpd_tls_CApath = |
|
|
|
smtpd_tls_always_issue_session_ids = yes |
|
|
@ -698,6 +717,7 @@ smtpd_tls_wrappermode = no |
|
|
|
smtpd_upstream_proxy_protocol = |
|
|
|
smtpd_upstream_proxy_timeout = 5s |
|
|
|
smtpd_use_tls = no |
|
|
|
smtputf8_autodetect_classes = sendmail, verify |
|
|
|
soft_bounce = no |
|
|
|
stale_lock_time = 500s |
|
|
|
stress = |
|
|
@ -707,10 +727,11 @@ strict_8bitmime_body = no |
|
|
|
strict_mailbox_ownership = yes |
|
|
|
strict_mime_encoding_domain = no |
|
|
|
strict_rfc821_envelopes = no |
|
|
|
strict_smtputf8 = no |
|
|
|
sun_mailtool_compatibility = no |
|
|
|
swap_bangpath = yes |
|
|
|
syslog_facility = mail |
|
|
|
syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} |
|
|
|
syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}} |
|
|
|
tcp_windowsize = 0 |
|
|
|
tls_append_default_CA = no |
|
|
|
tls_daemon_random_bytes = 32 |
|
|
@ -720,11 +741,11 @@ tls_dane_trust_anchor_digest_enable = yes |
|
|
|
tls_disable_workarounds = |
|
|
|
tls_eecdh_strong_curve = prime256v1 |
|
|
|
tls_eecdh_ultra_curve = secp384r1 |
|
|
|
tls_export_cipherlist = ALL:+RC4:@STRENGTH |
|
|
|
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH |
|
|
|
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH |
|
|
|
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH |
|
|
|
tls_legacy_public_key_fingerprints = no |
|
|
|
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH |
|
|
|
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH |
|
|
|
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH |
|
|
|
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH |
|
|
|
tls_null_cipherlist = eNULL:!aNULL |
|
|
|
tls_preempt_cipherlist = no |
|
|
|
tls_random_bytes = 32 |
|
|
@ -732,6 +753,7 @@ tls_random_exchange_name = ${data_directory}/prng_exch |
|
|
|
tls_random_prng_update_period = 3600s |
|
|
|
tls_random_reseed_period = 3600s |
|
|
|
tls_random_source = dev:/dev/urandom |
|
|
|
tls_session_ticket_cipher = aes-128-cbc |
|
|
|
tls_ssl_options = |
|
|
|
tls_wildcard_matches_multiple_labels = yes |
|
|
|
tlsmgr_service_name = tlsmgr |
|
|
@ -786,6 +808,7 @@ unverified_sender_reject_code = 450 |
|
|
|
unverified_sender_reject_reason = |
|
|
|
unverified_sender_tempfail_action = $reject_tempfail_action |
|
|
|
verp_delimiter_filter = -=+ |
|
|
|
virtual_alias_address_length_limit = 1000 |
|
|
|
virtual_alias_domains = $virtual_alias_maps |
|
|
|
virtual_alias_expansion_limit = 1000 |
|
|
|
virtual_alias_maps = $virtual_maps |
|
|
@ -793,6 +816,7 @@ virtual_alias_recursion_limit = 1000 |
|
|
|
virtual_delivery_slot_cost = $default_delivery_slot_cost |
|
|
|
virtual_delivery_slot_discount = $default_delivery_slot_discount |
|
|
|
virtual_delivery_slot_loan = $default_delivery_slot_loan |
|
|
|
virtual_delivery_status_filter = $default_delivery_status_filter |
|
|
|
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit |
|
|
|
virtual_destination_concurrency_limit = $default_destination_concurrency_limit |
|
|
|
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback |
|
|
|