smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

config_directory = /etc/postfix
disable_vrfy_command = yes
smtpd_helo_required = yes

queue_directory = /var/spool/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.streetdispatch.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.streetdispatch.org/privkey.pem
smtpd_tls_CAfile=/etc/letsencrypt/live/mail.streetdispatch.org/chain.pem
smtpd_tls_CApath=/etc/ssl/certs
smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
smtpd_tls_mandatory_ciphers=high
smtpd_tls_protocols=!SSLv2,!SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
smtpd_tls_ciphers = high
smtpd_tls_security_level = may
smtpd_tls_dh1024_param_file = /etc/postfix/dh_4096.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_4096.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_eecdh_grade = ultra

tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_high_cipherlist=EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!MEDIUM:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA
tls_ssl_options = no_ticket, no_compression, no_renegotiation
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom

smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes

smtp_use_tls = yes
smtp_tls_cert_file=$smtpd_tls_cert_file
smtp_tls_key_file=$smtpd_tls_key_file
smtp_tls_CAfile=$smtpd_tls_CAfile
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_mandatory_protocols=!SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_exclude_ciphers = MD5, SRP, PSK, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5, RC4
smtp_tls_mandatory_ciphers = high
smtp_tls_protocols=!SSLv2,!SSLv3, !TLSv1, !TLSv1.1
smtp_tls_exclude_ciphers = MD5, SRP, PSK, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5, RC4
smtp_tls_ciphers = high
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_milters =
non_smtpd_milters = $smtpd_milters
milter_protocol = 6
milter_default_action = accept

smtpd_recipient_restrictions =
	reject_rbl_client xbl.spamhaus.org,
	reject_rbl_client pbl.spamhaus.org,
	reject_rbl_client sbl.spamhaus.org,
	reject_rbl_client multi.uribl.com,
	reject_rbl_client rbl-plus.mail-abuse.org,
	reject_rbl_client dialups.mail-abuse.org,
	reject_invalid_hostname,
	reject_non_fqdn_hostname,
	reject_non_fqdn_sender,
	reject_non_fqdn_recipient,
	reject_unknown_sender_domain,
	reject_unknown_recipient_domain,
	permit_mynetworks,
	permit_sasl_authenticated,
	permit_auth_destination,
	reject_unauth_destination,
	reject_unverified_recipient,
	permit

smtpd_relay_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	defer_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

broken_sasl_auth_clients = yes

#limit incoming or receiving email rate
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

myhostname = host.domaine.eu
mydomain = domaine.eu
#myorigin = /etc/mailname
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, mail.$mydomain, lists.$mydomain, host, localhost
mynetworks = 127.0.0.0/8 [:: ffff:127.0.0.0]/104 [::1]/128
relayhost =
relay_domains = lists.domaine.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_size_limit = 51200000
message_size_limit = 25600000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual-alias-maps.cf,mysql:/etc/postfix/mysql/email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1