Postfix-main.cf-AfterDovecotSetup.txt

# postfix main config for djigzo

# these settings will be changed by the MTA admin page
djigzo_myhostname = mail2.openforum.opensourcevista.net
djigzo_mydestination = securemail.opensourcevista.net
djigzo_mynetworks = 66.206.177.80/28, 68.35.27.66
djigzo_relayhost = 
djigzo_relayhost_mx_lookup = 
djigzo_relayhost_port = 25
djigzo_relay_domains = openforum.opensourcevista.net, vademo409.openforum.opensourcevista.net, reminders.openforum.opensourcevista.net, wvehr309a.openforum.opensourcevista.net, mdc-crew.net, wvehr309.openforum.opensourcevista.net
djigzo_before_filter_message_size_limit = 10240000
djigzo_after_filter_message_size_limit = 512000000
djigzo_mailbox_size_limit = 512000000
djigzo_smtp_helo_name = 66.206.177.87.rmu.edu
djigzo_relay_transport_host = 
djigzo_relay_transport_host_mx_lookup = 
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient = 
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains = 

smtpd_banner = $myhostname ESMTP $mail_name (Djigzo)

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = ${djigzo_myhostname}
mydestination = ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, ${djigzo_mynetworks}
relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relay_domains = ${djigzo_relay_domains}
message_size_limit = ${djigzo_after_filter_message_size_limit}
mailbox_size_limit = ${djigzo_mailbox_size_limit}
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:$myhostname}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}$djigzo_relay_transport_host${djigzo_relay_transport_host_mx_lookup:]}:$djigzo_relay_transport_host_port}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination ${djigzo_reject_unverified_recipient?, reject_unverified_recipient} 
unverified_recipient_reject_code = $djigzo_unverified_recipient_reject_code
parent_domain_matches_subdomains = $djigzo_parent_domain_matches_subdomains

# disable DSN and ETRN ESMTP announce
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn

# reject all ETRN
smtpd_etrn_restrictions = reject

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

recipient_delimiter = +

smtpd_authorized_xforward_hosts = 127.0.0.1/32

content_filter = djigzo:127.0.0.1:10025

#Below Added by Nancy Anthracite to set up alternate mail delivery port 9302 for reminders on 66.206.177.84
#also added reminders.openforum.opensourcevista.net  :[66.206.177.84]:9302 line to /etc/postfix/transport
#and several more to /etc/postfix/transport
# and the ran postmap /etc/postfix/transport
#then restart postfix with /etc/init.d/postfix restart 
transport_maps = hash:/etc/postfix/transport

#Below one Added by Nancy Anthracite to make it work with the NHIN Direct Gateway
mime_header_checks = regexp:/etc/postfix/header_checks

#Added by Nancy Anthracite to enable Start_TLS
smtpd_tls_CApath = /etc/postfix/certs
smtpd_tls_cert_file = /etc/postfix/ssl/ssl.pem
smtpd_tls_key_file = /etc/postfix/ssl/ssl.key
#smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#May range from 0-4 but only use up to 3
#Logs are located /var/log/mail.info
smtpd_tls_loglevel = 2


#smtp_tls_security_level = may 

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_type = cyrus
smtp_tls_CApath = /etc/postfix/certs/
smtp_sasl_security_options = 

#This enforces encryption for certain domains so not needed if encryption is
#enforced for all email
#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

# force encryption for all *outgoing* email
smtp_tls_security_level=encrypt
# allow but not enforce encryption for all *outgoing* email
#smtp_tls_security_level = may 
# force encryption for all *incoming* email
smtpd_tls_security_level=encrypt
#allow but not enforce encryption by TLS for *incoming*
#smtpd_tls_security_level=may