From 46e97e0763d240eb669ca5be128c6f144a6340e8 Mon Sep 17 00:00:00 2001
From: MartusDortus <martin@kusnier.cz>
Date: Wed, 3 Jun 2026 09:11:55 +0000
Subject: [PATCH] Add main.cf

---
 main.cf | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 main.cf

diff --git a/main.cf b/main.cf
new file mode 100644
index 0000000..5f21c1b
--- /dev/null
+++ b/main.cf
@@ -0,0 +1,107 @@
+# Toto je postfix main.cf sebrany z gitu, co jsem mel doma.
+# Projit, zatridit.
+# https://www.postfix.org/postconf.5.html
+
+smtpd_banner = $myhostname ESMTP $mail_name
+compatibility_level = 3.11
+
+mynetworks_style = subnet
+#mynetworks = 127.0.0.1/8
+inet_interfaces = all
+inet_protocols = ipv4
+
+alias_maps = lmdb:/etc/postfix/aliases
+alias_database = $alias_maps
+virtual_alias_maps = lmdb:/etc/postfix/virtual
+
+# Pokud se home_mailbox vynecha, tak se pouzije mailbox, jinak Maildir
+#home_mailbox = Maildir/
+
+mydomain = lab-6.doma.martus.cz
+myhostname = mail.lab-6.doma.martus.cz
+# myorigin se je domena odchoziho mailu (?asi pouze collectnuta pres lmtp ?)
+myorigin = $mydomain
+mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
+
+relay_domains =
+relayhost =
+
+unknown_local_recipient_reject_code = 550
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+#		TODO
+#smtpd_sender_restrictions bude asi zajimavy pro zabezpeceni odchozi posty
+## Don't accept mail from domains that don't exist.
+#smtpd_sender_restrictions = reject_unknown_sender_domain
+
+#		TODO
+# Tato konfigurace vypada jako dobry odfiltrovani prichoziho spamu
+    # Spam control: exclude local clients and authenticated clients
+    # from DNSBL lookups.
+#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org
+
+smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
+smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject
+
+#		TODO
+# SASL
+#smtpd_sasl_type = dovecot
+#smtpd_sasl_path = private/auth
+#smtpd_sasl_auth_enable = yes
+
+#		TODO
+# DKIM
+# Zkopirovane z postevaka, overit v dokumentaci
+#milter_default_action = accept
+#milter_protocol = 6
+#smtpd_milters = inet:localhost:8891
+#non_smtpd_milters = inet:localhost:8891
+#disable_vrfy_command = yes
+
+#		TODO
+# TLS
+# Zkopirovane z postevaka, overit v dokumentaci
+#ismtp_tls_security_level = may
+#smtp_tls_CApath=/etc/ssl/certs
+#smtp_tls_note_starttls_offer = yes
+#smtpd_tls_security_level = may
+#smtpd_tls_loglevel = 1
+#smtpd_tls_received_header = yes
+#smtpd_tls_cert_file = /etc/certifikaty/mail.martus.cz/fullchain.pem
+#smtpd_tls_key_file = /etc/certifikaty/mail.martus.cz/privkey.pem
+#smtpd_tls_auth_only = yes
+#smtpd_tls_loglevel = 1
+#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+#	Vselijaky adresare a cesty k necemu.
+#	Prevazne Arch Linux postfix 3.11.2 balicek
+meta_directory = /etc/postfix
+manpage_directory = /usr/share/man
+shlib_directory = /usr/lib/postfix
+daemon_directory = /usr/lib/postfix/bin
+command_directory = /usr/bin
+newaliases_path = /usr/bin/newaliases
+mailq_path = /usr/bin/mailq
+data_directory = /var/lib/postfix
+queue_directory = /var/spool/postfix
+
+sendmail_path = /usr/bin/sendmail
+
+sample_directory = no
+html_directory = no
+readme_directory = no
+
+# po zmene je potreba postfix set-permissions
+mail_owner = postfix
+setgid_group = postdrop
+
+#	Pro debugging pres ddd
+#debugger_command =
+#	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+#	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+#	Pro tyto peery extra verbozni logging
+#debug_peer_list = 192.168.161.0/24
\ No newline at end of file