alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4

### Desabilitar busca de nomes de usuários (usado para obter nomes válidos)
disable_vrfy_command = yes
delay_warning_time = 1h

ldapsource_bind = no
ldapsource_domain = dominio.com.br
ldapsource_query_filter = (&(mail=%s)(objectClass=qmailUser))
ldapsource_result_attribute = mail
ldapsource_search_base = dc=com,dc=br
ldapsource_server_host = IP_SERVIDOR_LDAP

ldapalias_bind = no
ldapalias_domain = dominio.com.br
ldapalias_query_filter = (&(mailAlternateAddress=%s)(objectClass=qmailUser))
ldapalias_result_attribute = mail
ldapalias_search_base = dc=com,dc=br
ldapalias_server_host = IP_SERVIDOR_LDAP

ldapvacation_bind = no
ldapvacation_domain = dominio.com.br
ldapvacation_server_host = IP_SERVIDOR_LDAP
ldapvacation_search_base = dc=com,dc=br
ldapvacation_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(deliveryMode=reply))
ldapvacation_result_attribute = mail
ldapvacation_result_filter = %s,%u@autoreply.dominio.com.br
ldapvacation_scope = sub
ldapvacation_version = 3

ldapforward_domain= dominio.com.br
ldapforward_bind=no
ldapforward_server_host = IP_SERVIDOR_LDAP
ldapforward_search_base = ou=dominio,dc=com,dc=br
ldapforward_query_filter = (|(mail=%s)(mailalternateaddress=%s))
ldapforward_result_attribute = mail,mailForwardingAddress
ldapforward_scope = one
ldapforward_version = 3


mailbox_size_limit = 0
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mail_owner = postfix
default_privs = nobody
default_transport = smtp
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
command_directory = /usr/sbin
mydomain = dominio.com.br
myorigin = $mydomain


mydestination = $myhostname, localhost.$mydomain, localhost, $myorigin
myhostname = pf2.dominio.com.br
#mynetworks = 127.0.0.0/8
mynetworks_style = host
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

### Parametro que le auto-reply, forward, alias do ldap
virtual_alias_maps = ldap:ldapvacation, ldap:ldapforward, ldap:ldapsource, ldap:ldapalias

virtual_gid_maps = static:104
virtual_mailbox_base = /home/MENSAGENS/
virtual_mailbox_maps = ldap:ldapvacation, ldap:ldapforward, ldap:ldapsource, ldap:ldapalias
virtual_transport = maildrop
virtual_uid_maps = static:1002

### =========== QUOTA ============ ##
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:ldapsource
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 100000000
virtual_maildir_limit_message = "Sorry, the user's maildir has overdrawn his diskspace quota, please try again later."
virtual_overquota_bounce = yes

### ============ MAILDROP =========== ##
fallback_transport = maildrop
maildrop_destination_recipient_limit = 1
unknown_local_recipient_reject_code = 450

### ============= Tamanho Máximo das Mensagens ========= ###
# Setado em 10M
message_size_limit = 10240000

### ============== Máximo de Destinatários por Mensagem ======= ##
# Setado em 35 destinatários
smtpd_recipient_limit = 35

### ============== Autenticação de Usuários ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_sender_login_maps = ldap:ldapsource

### ============= Restrições de Envio ===============
# Numero máximo de conexões por host:
# smtpd_client_connection_count_limit = 50
# Numero máximo de conexões/minuto que um host pode fazer
# 0 (zero) deixa desabilitado
# smtpd_client_connection_rate_limit = 0
# anvil_rate_time_unit = 60s
# Hosts que podem "escapar" da restrição; normalmente, os hosts contidos em mynetworks.
# smtpd_client_connection_limit_exceptions = $mynetworks

smtpd_client_restrictions = check_client_access hash:/etc/postfix/rbl_client_exceptions,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_rbl_client zen.spamhaus.org ,
        reject_rbl_client list.dsbl.org ,
        reject_rbl_client cbl.abuseat.org ,
        reject_rbl_client dul.dnsbl.sorbs.net

smtpd_recipient_restrictions = permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

smtpd_sender_restrictions = reject_unauthenticated_sender_login_mismatch,
        reject_sender_login_mismatch

### Habilita expressões nos emails
### É necessário para o mailman tb
recipient_delimiter = +
owner_request_special = no

### ============== Log de mensagens ================== ###
always_bcc = backup.log@dominio.com.br
### Pode ser feito através das diretivas:
#recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
#sender_bcc_maps = hash:/etc/postfix/sender_bcc
### Nesse caso para domínios virtuais ou outras aplicações

### desabilitar duplicidade no log (aplicado direto no master.cf)
#receive_override_options = no_address_mappings

allow_mail_to_commands = alias
transport_maps = hash:/etc/postfix/transport

debug_peer_level = 2

### Opções de TLS
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom