diff --git a/postfix/main.cf b/postfix/main.cf
new file mode 100644
index 0000000..96583e8
--- /dev/null
+++ b/postfix/main.cf
@@ -0,0 +1,81 @@
+# See http://www.postfix.org/COMPATIBILITY_README.html
+compatibility_level = 3.9
+maillog_file = /var/log/mail.log
+
+# Text that follows the 220 code in the SMTP server's greeting banner.
+# You MUST specify $myhostname at the start due to an RFC requirement.
+smtpd_banner = $myhostname ESMTP $mail_name (Debian)
+
+# IP protocols to use: ipv4, ipv6, or all
+# (set this explicitly so `post-install upgrade-configuration' wont complain)
+inet_protocols = all
+inet_interfaces = all
+
+mynetworks_style = host
+
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+
+mydestination = $myhostname, tobiastime.xyz, mx.tobiastime.xyz, localhost.localdomain, localhost
+
+# Maximum size of a user mailbox
+mailbox_size_limit = 0
+home_mailbox = mail/
+
+# List of alias maps to use to lookup local addresses.
+# Per Debian Policy it should be /etc/aliases.
+alias_maps = hash:/etc/aliases
+
+# List of alias maps to make indexes on, when running newaliases.
+alias_database = hash:/etc/aliases
+
+# Notify (or not) local biff service when new mail arrives.
+# Rarely used these days.
+biff = no
+
+# Separator between user name and address extension (user+foo@domain)
+recipient_delimiter = +
+
+cyrus_sasl_config_path = /etc/postfix/sasl
+
+### TLS settings
+# SMTP server RSA key and certificate in PEM format
+# enter the actual path
+smtpd_tls_key_file = /path/2/privkey.pem
+smtpd_tls_cert_file = /path/2/cert.pem
+# SMTP Server security level: none|may|encrypt
+smtpd_tls_security_level = may
+
+# List of CAs for SMTP Client to trust
+# Prefer this over _CApath when smtp is running chrooted
+# enter actual path
+smtp_tls_CAfile = /path/2/ca-certificates.crt
+
+# SMTP Client TLS security level: none|may|encrypt|...
+smtp_tls_security_level = encrypt
+
+# SMTP Client TLS session cache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+
+smtpd_tls_auth_only = yes
+smtpd_tls_loglevel = 1
+smtpd_tls_received_header = yes
+
+myhostname = mx.tobiastime.xyz
+smtp_dns_support_level = dnssec
+
+milter_default_action = accept
+milter_protocol = 6
+
+#utilize actual port
+smtpd_milters = inet:localhost:12345
+non_smtpd_milters = inet:localhost:12334
+
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+header_checks = regexp:/etc/postfix/header_checks
+
+smtpd_sender_restrictions =
+    reject_sender_login_mismatch,
+    reject_unknown_sender_domain
\ No newline at end of file