# service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # Exposed SMTP service smtp inet n - n - 1 smtpd # Internal SMTP service 10025 inet n - n - 1 smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_discard_ehlo_keywords=pipelining,silent-discard -o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit -o smtpd_reject_unlisted_recipient={% if REJECT_UNLISTED_RECIPIENT %}{{ REJECT_UNLISTED_RECIPIENT }}{% else %}no{% endif %} -o cleanup_service_name=outclean outclean unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/outclean_header_filter.cf -o nested_header_checks= # Polite policy polite unix - - n - - smtp -o syslog_name=postfix-polite -o polite_destination_concurrency_limit=3 -o polite_destination_rate_delay=0 -o polite_destination_recipient_limit=20 -o polite_destination_concurrency_failed_cohort_limit=10 # Turtle policy turtle unix - - n - - smtp -o syslog_name=postfix-turtle -o turtle_destination_concurrency_limit=1 -o turtle_destination_rate_delay=1 -o turtle_destination_recipient_limit=5 -o turtle_destination_concurrency_failed_cohort_limit=10 # Internal postfix services pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp smtpd pass - - n - - smtpd relay unix - - n - - smtp error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache postlog unix-dgram n - n - 1 postlogd {# Ensure that the rendered file ends with a newline #} {{- "\n" }}