alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 3.6
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = no
html_directory = no
inet_interfaces = all
inet_protocols = ipv4 ipv6
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 51200000
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
myhostname =
mail.domain.commynetworks =
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps transport_maps $mynetworks
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_recipient_maps = proxy:mysql:/etc/postfix/
mysql_virtual_alias_maps.cfsample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = no
smtp_enforce_tls = yes
smtp_sasl_security_options = noanonymous
smtp_tls_cert_file = /etc/dehydrated/certs/
domain.com/fullchain.pemsmtp_tls_key_file = /etc/dehydrated/certs/
domain.com/privkey.pemsmtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = cidr:/etc/postfix/cidr_client_access, permit
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_checks, permit
smtpd_milters = unix:/var/run/rspamd/milter.sock
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, check_helo_access hash:/etc/postfix/helo_checks,
check_sender_access hash:/etc/postfix/helo_checks, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, reject_invalid_hostname,
reject_unverified_recipient, reject_unauth_pipelining,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_unlisted_sender, reject_unauth_destination, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client
cbl.abuseat.org, reject_rbl_client
dnsbl-1.uceprotect.net, reject_rbl_client
bl.spamcop.net, reject_rbl_client
iadb.isipp.com, reject_rbl_client
dnsbl.sorbs.net, reject_rbl_client
plus.bondedsender.org, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = !
127.0.0.0/8 ![::ffff:127.0.0.0]/104 ![::1]/128
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/dehydrated/certs/
domain.com/fullchain.pemsmtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparams.pem
smtpd_tls_key_file = /etc/dehydrated/certs/
domain.com/privkey.pemsmtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_medium_cipherlist =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
virtual_alias_maps = proxy:mysql:/etc/postfix/
mysql_virtual_alias_maps.cfvirtual_gid_maps = static:1001
virtual_mailbox_base = /var/spool/postmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/
mysql_virtual_domains_maps.cfvirtual_mailbox_maps = proxy:mysql:/etc/postfix/
mysql_virtual_mailbox_maps.cfvirtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:1002