# Toto je postfix main.cf sebrany z gitu, co jsem mel doma.
# Projit, zatridit.
# https://www.postfix.org/postconf.5.html

smtpd_banner = $myhostname ESMTP $mail_name
compatibility_level = 3.11

mynetworks_style = subnet
#mynetworks = 127.0.0.1/8
inet_interfaces = all
inet_protocols = ipv4

alias_maps = lmdb:/etc/postfix/aliases
alias_database = $alias_maps
virtual_alias_maps = lmdb:/etc/postfix/virtual

# Pokud se home_mailbox vynecha, tak se pouzije mailbox, jinak Maildir
#home_mailbox = Maildir/

mydomain = lab-6.doma.martus.cz
myhostname = mail.lab-6.doma.martus.cz
# myorigin se je domena odchoziho mailu (?asi pouze collectnuta pres lmtp ?)
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost

relay_domains =
relayhost =

unknown_local_recipient_reject_code = 550

# appending .domain is the MUA's job.
append_dot_mydomain = no

#		TODO
#smtpd_sender_restrictions bude asi zajimavy pro zabezpeceni odchozi posty
## Don't accept mail from domains that don't exist.
#smtpd_sender_restrictions = reject_unknown_sender_domain

#		TODO
# Tato konfigurace vypada jako dobry odfiltrovani prichoziho spamu
    # Spam control: exclude local clients and authenticated clients
    # from DNSBL lookups.
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject

#		TODO
# SASL
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
#smtpd_sasl_auth_enable = yes

#		TODO
# DKIM
# Zkopirovane z postevaka, overit v dokumentaci
#milter_default_action = accept
#milter_protocol = 6
#smtpd_milters = inet:localhost:8891
#non_smtpd_milters = inet:localhost:8891
#disable_vrfy_command = yes

#		TODO
# TLS
# Zkopirovane z postevaka, overit v dokumentaci
#ismtp_tls_security_level = may
#smtp_tls_CApath=/etc/ssl/certs
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_security_level = may
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_cert_file = /etc/certifikaty/mail.martus.cz/fullchain.pem
#smtpd_tls_key_file = /etc/certifikaty/mail.martus.cz/privkey.pem
#smtpd_tls_auth_only = yes
#smtpd_tls_loglevel = 1
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#	Vselijaky adresare a cesty k necemu.
#	Prevazne Arch Linux postfix 3.11.2 balicek
meta_directory = /etc/postfix
manpage_directory = /usr/share/man
shlib_directory = /usr/lib/postfix
daemon_directory = /usr/lib/postfix/bin
command_directory = /usr/bin
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
data_directory = /var/lib/postfix
queue_directory = /var/spool/postfix

sendmail_path = /usr/bin/sendmail

sample_directory = no
html_directory = no
readme_directory = no

# po zmene je potreba postfix set-permissions
mail_owner = postfix
setgid_group = postdrop

#	Pro debugging pres ddd
#debugger_command =
#	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
#	 ddd $daemon_directory/$process_name $process_id & sleep 5

#	Pro tyto peery extra verbozni logging
#debug_peer_list = 192.168.161.0/24