#!/bin/sh cat > /etc/postfix/main.cf << MAINCF # FQDN of system !reverse DNS! myhostname = $HOSTNAME # aliases virtual_alias_maps = hash:/etc/postfix/virtual recipient_delimiter = + smtpd_relay_restictions = smtpd_recipient_restrictions = # white/blacklists check_recipient_access hash:/etc/postfix/access_recipient check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, # deny mails for nonexistend recipients reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, # allow mails of our users permit_sasl_authenticated, permit_mynetworks, # deny mails to external destinations reject_unauth_destination, # check against RBL reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, # check greylisting check_policy_service inet:postgrey:25 # check if the user exists in dovecot reject_unverified_recipient, # let it out permit smtpd_sasl_auth_enable = yes smtpd_sasl_path= inet:dovecot:100 smtpd_sasl_type = dovecot # out smtp_tls_security_level = may # in smtpd_tls_security_level = may smtpd_tls_cert_file = $TLS_CERT smtpd_tls_CAfile = $TLS_CHAIN smtpd_tls_key_file = $TLS_KEY smtpd_tls_dh1024_param_file = /etc/postfix/dh-params/2048.pem smtpd_tls_dh512_param_file = /etc/postfix/dh-params/512.pem smtpd_tls_eecdh_grade = strong tls_preempt_cipherlist = yes smtpd_tls_auth_only = yes # for lmtp relaying to dovecot relay_domains = hash:/etc/postfix/relay_domains MAINCF [ -e /etc/postfix/relay_domains ] && rm /etc/postfix/relay_domains for virtual_host in $VIRTUAL_HOSTS;do echo "$virtual_host lmtp:[dovecot]" >> /etc/postfix/relay_domains done postmap /etc/postfix/relay_domains [ -e /etc/postfix/dh_512.pem ] || openssl gendh -out /etc/postfix/dh-params/512.pem -2 512 [ -e /etc/postfix/dh_2048.pem ] || openssl gendh -out /etc/postfix/dh-params/2048.pem -2 2048 postmap /etc/postfix/virtual /usr/lib/postfix/master -c /etc/postfix -d