# See http://www.postfix.org/COMPATIBILITY_README.html
compatibility_level = 3.9
maillog_file = /var/log/mail.log

# Text that follows the 220 code in the SMTP server's greeting banner.
# You MUST specify $myhostname at the start due to an RFC requirement.
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
myorigin = /etc/mailname

# IP protocols to use: ipv4, ipv6, or all
# (set this explicitly so `post-install upgrade-configuration' wont complain)
inet_protocols = all
inet_interfaces = all

mynetworks_style = host

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mydestination = $myhostname, tobiastime.xyz, mx.tobiastime.xyz, localhost.localdomain, localhost

# Maximum size of a user mailbox
mailbox_size_limit = 0
home_mailbox = mail/

# List of alias maps to use to lookup local addresses.
# Per Debian Policy it should be /etc/aliases.
alias_maps = hash:/etc/aliases

# List of alias maps to make indexes on, when running newaliases.
alias_database = hash:/etc/aliases

# Notify (or not) local biff service when new mail arrives.
# Rarely used these days.
biff = no

# Separator between user name and address extension (user+foo@domain)
recipient_delimiter = +

cyrus_sasl_config_path = /etc/postfix/sasl

### TLS settings
# SMTP server RSA key and certificate in PEM format
# enter the actual path
smtpd_tls_key_file = /path/2/privkey.pem
smtpd_tls_cert_file = /path/2/cert.pem
# SMTP Server security level: none|may|encrypt
smtpd_tls_security_level = may

# List of CAs for SMTP Client to trust
# Prefer this over _CApath when smtp is running chrooted
# enter actual path
smtp_tls_CAfile = /path/2/ca-certificates.crt

# SMTP Client TLS security level: none|may|encrypt|...
smtp_tls_security_level = encrypt

# SMTP Client TLS session cache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

myhostname = mx.tobiastime.xyz
smtp_dns_support_level = dnssec

milter_default_action = accept
milter_protocol = 6

#utilize actual port
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12334

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
header_checks = regexp:/etc/postfix/header_checks

smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain