conf dovecot
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# deliver mail for users to Dovecot's LMTP socket
#local_transport = lmtp:unix:private/dovecot-lmtp
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 3.6
#setgid_group = mail
#message_size_limit=10240000
### Maximum size of inbound e-mails (50 MB)
message_size_limit = 52428800
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/domain.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/domain.org/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#smtpd_tls_auth_only = no
# activate SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# don't allow plaintext auth methods on unencrypted connections
smtpd_sasl_security_options = noanonymous, noplaintext
# but plaintext auth is fine when using TLS
smtpd_sasl_tls_security_options = noanonymous
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = domain.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, domain.org, localhost.fr, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
mydomain=smtp.domain.org
#transport_maps = hash:/etc/postfix/transport
#Ré-écriture d'adresse
#######################
#sender_canonical_maps = hash:/etc/postfix/send_canonical
#recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
home_mailbox = Maildir/
message_size_limit = 52428800
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtpd_recipient_restrictions=
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
reject_unlisted_recipient,
reject_unlisted_sender,
reject_non_fqdn_helo_hostname,
reject_rbl_client list.dsbl.org,
reject_rhsbl_sender dsn.rfc-ignorant.org
#OpenDKIM en tant que milter pour postfix
#milter_default_action = accept
#milter_protocol = 2
#smtpd_milters = inet:localhost:17789
#non_smtpd_milters = $smtpd_milters
#Rspam milter postfix
#smtpd_milters = inet:127.0.0.1:11332
# /var/spool/postfix c’est une sorte de chroot, postfix voit ça comme sa racine
# /var/spool/postfix -> /var/spool/postfix/run/rspamd/milter.sock
smtpd_milters = unix:/run/rspamd/milter.sock
#non_smtpd_milters = inet:127.0.0.1:11332
# /var/spool/postfix c’est une sorte de chroot, postfix voit ça comme sa racine
# /var/spool/postfix -> /var/spool/postfix/run/rspamd/milter.sock
non_smtpd_milters = unix:/run/rspamd/milter.sock
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# if rspamd is down, don't reject mail
milter_default_action = accept
# We'll uncomment these when we set up rspamd later:
#milter_protocol = 6
#milter_default_action = accept
#smtpd_milters = unix:/var/spool/postfix/run/rspamd/milter.sock
#milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
