1 files changed, 47 insertions, 0 deletions

diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
new file mode 100644
index 0000000..9557cc4
--- /dev/null
+++ b/templates/etc/postfix/main.cf.j2
@@ -0,0 +1,47 @@
+########################################################################
+# Nullmailer configuration
+
+smtpd_banner      = $myhostname ESMTP $mail_name (Debian/GNU)
+biff              = no
+readme_directory  = no
+
+compatibility_level = 3.6
+smtputf8_enable     = no
+
+myorigin            = /etc/mailname
+myhostname          = {{ ansible_fqdn }}
+mydomain            = {{ ansible_domain }}
+append_dot_mydomain = no
+
+# This server is for internal use only
+mynetworks_style = host
+inet_interfaces  = loopback-only
+
+# No local delivery
+mydestination        =
+local_transport      = error:5.1.1 Mailbox unavailable
+alias_maps           =
+local_recipient_maps =
+
+# All aliases are virtual
+virtual_alias_maps = hash:/etc/aliases
+alias_database     = $virtual_alias_maps
+mailbox_size_limit = 0
+
+# Forward everything to our internal outgoing proxy
+# TODO: User relay-smtps on 465/tcp once Hetzner opens it
+relay_domains     =
+relayhost         = [smtp.guilhem.org]:587
+default_transport = relay
+
+smtpd_tls_security_level        = none
+smtp_tls_exclude_ciphers        = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
+smtp_tls_security_level         = may
+smtp_tls_note_starttls_offer    = yes
+smtp_tls_cert_file              = /etc/ssl/certs/ssl-cert-snakeoil.pem
+smtp_tls_key_file               = /etc/ssl/private/ssl-cert-snakeoil.key
+smtp_tls_CApath                 = /etc/ssl/certs
+smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
+smtp_tls_policy_maps            = hash:$config_directory/tls_policy
+smtp_tls_fingerprint_digest     = sha256
+smtp_tls_loglevel               = 1