# This simple postfix main.cf configures a "satellite" system which relays mail # through an account on another server. Local delivery is also configured so # that /etc/aliases can be used to route mail (don't forget to run newaliases). # Debian defaults biff = no append_dot_mydomain = no readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache # Default configuration for a satellite mailserver. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = MYFQDN alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = MYFQDN, MYLOCALNAME, localhost.localdomain, localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = all # Use Sonic.net's mail server as the next hop for all mail. The [] notation # means that an MX DNS lookup won't be done, it'll just use a normal A/AAAA # lookup. relayhost = [mail.sonic.net]:587 # We're using the TLS port, so set all that up securely: smtp_tls_security_level = secure smtp_tls_mandatory_protocols = TLSv1 smtp_tls_mandatory_ciphers = high smtp_tls_CApath = /etc/ssl/certs smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Plaintext SASL auth is okay, because it's done over secured TLS: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd smtp_sasl_security_options = noanonymous # We must remap the sender address to match the Sonic mail account used to send # the mail. In particular, Sonic will bounce the message if the original # sender address can't be resolved (which it can't be, since it's a local # domain name). sender_canonical_maps = regexp:/etc/postfix/sender_canonical