# postfix main configuration file
# see `postconf(5)` or https://www.postfix.org/BASIC_CONFIGURATION_README.html

compatibility_level = 3.6

# Allowed interfaces and addresses
inet_protocols = ipv4
inet_interfaces = all

# Values for default settings
mydomain = example.com
myhostname = mail.example.com
mydestination = $myhostname, $mydomain, localhost, localhost.localdomain
myorigin = $mydomain
relay_domains = $myhostname, $mydomain

# Advertise host name after SMTP 200
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# Address rewriting
smtp_generic_maps = lmdb:/etc/postfix/generic
recipient_canonical_maps = lmdb:/etc/postfix/recipient_canonical

# Transport map
smtp_dns_support_level = disabled
transport_maps = lmdb:/etc/postfix/transport

# Logging
maillog_file = /dev/stdout

# Authentication
cyrus_sasl_config_path = /etc/sasl2/
smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_service = smtpd
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes

# Encryption
smtpd_tls_chain_files = /var/letsencrypt/chain.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = >=TLSv1.2
smtpd_tls_security_level = encrypt

# If set, mail destined for any member of `$mydestination` would be rejected if user lookup failed
local_recipient_maps =

# Local management
mail_owner = postfix
setgid_group = postdrop

home_mailbox = Maildir/

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
html_directory = no
manpage_directory = /usr/share/man
mail_spool_directory = /var/spool/mail
meta_directory = /etc/postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/readme
sample_directory = /etc/postfix
shlib_directory = /usr/lib/postfix