#
# Network
#
myhostname = <%= myhostname %>
mydomain = <%= mydomain %>
# list of IPs I trust
mynetworks = 192.168.0.0/16 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost, <%= `hostname -f` %>
#inet_interfaces = loopback-only
#inet_protocols = ipv4
disable_dns_lookups = no
relayhost =

#
# System
#
mail_name = <%= mail_name %>
smtpd_banner = <%= smtpd_banner %>
biff = yes
bounce_queue_lifetime = 5d
maximal_queue_lifetime = 5d
message_size_limit = <%= message_size_limit %>

# TOTO XXX: appending .domain is the MUA's job.
append_dot_mydomain = no

#
# Authentication
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $mydomain
unknown_local_recipient_reject_code = 450

#
# TLS parameters
#
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/etc/ssl/certs/smtpd.pem
smtpd_tls_key_file=/etc/ssl/private/smtpd.pem
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem


#
# Local
#
myorigin = /etc/mailname
mydestination = $mydomain, localhost
alias_maps = hash:/etc/aliases
local_recipient_maps = $alias_maps

#
# Mailbox
#
mailbox_command = <%= dovecot %>
mailbox_size_limit = 0
mail_spool_directory = /var/spool/postfix
recipient_delimiter = +


# XXX
#default_transport = error
#relay_transport = error

#
# Virtual
#

## if DSPAM active
#virtual_transport  = lmtp:inet:localhost:2424
## else - use dovecot
virtual_transport = dovecot

dovecot_destination_recipient_limit = 1

virtual_mailbox_domains = <%= "#{adapter}:#{root_path}/#{adapter}/virtual_mailbox_domains.cf" %>
virtual_mailbox_maps = <%= "#{adapter}:#{root_path}/#{adapter}/virtual_mailbox_maps.cf" %>
virtual_alias_maps = <%= "#{adapter}:#{root_path}/#{adapter}/virtual_alias_maps.cf" %>,<%= "#{adapter}:#{root_path}/#{adapter}/email2email.cf" %>
smtpd_sender_login_maps = <%= "#{adapter}:#{root_path}/#{adapter}/sender_login_maps.cf" %>

#
# Restrictions
#

# Relay control: local or authenticated clients may specify any domain.
smtpd_relay_restrictions = permit_mynetworks,
	permit_sasl_authenticated,
	reject_unauth_destination

smtpd_recipient_restrictions = \
    permit_mynetworks           \
#    reject_rbl_client dnsbl.sorbs.net \
#    reject_rbl_client bl.spamcop.net \
#    reject_rbl_client zen.spamhaus.org    \
    permit_sasl_authenticated   \
    reject_unauth_destination


# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain

# Block clients that speak too early.
#smtpd_data_restrictions = reject_unauth_pipelining


#
# Appends from AutomateIt
#