1 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
4 # Debian specific: Specifying a file name will cause the first
5 # line of that file to be used as the name. The Debian default
7 myorigin = /etc/mailname
9 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
12 # appending .domain is the MUA's job.
13 append_dot_mydomain = no
15 # Uncomment the next line to generate "delayed mail" warnings
16 #delay_warning_time = 4h
23 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
24 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
25 # use 0 for Postfix >= 2.9, and 1 for earlier versions
26 smtpd_tls_loglevel = 0
27 # enable opportunistic TLS support in the SMTP server and client
28 smtpd_tls_security_level = may
29 smtp_tls_security_level = may
31 # if you have authentication enabled, only offer it after STARTTLS
32 smtpd_tls_auth_only = yes
33 tls_ssl_options = NO_COMPRESSION
35 # be explicit about turning off SSLv2 / v3 due to the DROWN attack
36 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
37 smtp_tls_protocols = !SSLv2, !SSLv3
39 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
40 lmtp_tls_protocols = !SSLv2, !SSLv3
42 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
43 smtpd_tls_protocols = !SSLv2, !SSLv3
45 smtpd_tls_mandatory_ciphers=high
46 tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
47 smtpd_tls_eecdh_grade=ultra
49 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
50 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
52 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
53 # information on enabling SSL in the smtp client.
56 alias_maps = hash:/etc/aliases
57 alias_database = hash:/etc/aliases
58 myorigin = /etc/mailname