# --------------- local settings ------------------
myhostname                      = mynewmailserver.example.org
inet_interfaces                 = localhost, $myhostname
mynetworks                      = $config_directory/mynetworks
mydestination                   = localhost.$mydomain, localhost, $myhostname
#uncomment if you need relay_domains... do not list domains in both relay and virtual
#relay_domains                   = proxy:mysql:$config_directory/mysql_relay_domains_maps.cf
# ---------------------- VIRTUAL DOMAINS START ----------------------
virtual_mailbox_domains         = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base            = /home/vmail
virtual_mailbox_maps            = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps              = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_mailbox_limit_maps      = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_minimum_uid             = 2000
virtual_uid_maps                = static:2000
virtual_gid_maps                = static:2000
virtual_transport               = dovecot
dovecot_destination_recipient_limit = 1
# ---------------------- VIRTUAL DOMAINS END ----------------------
# ---------------------- SASL PART START ----------------------
smtpd_sasl_auth_enable          = yes
#smtpd_sasl_local_domain        = $myhostname
smtpd_sasl_exceptions_networks  = $mynetworks
smtpd_sasl_security_options     = noanonymous
broken_sasl_auth_clients        = yes
smtpd_sasl_type                 = dovecot
# Can be an absolute path, or relative to $queue_directory
smtpd_sasl_path                 = private/auth
# ---------------------- SASL PART END ----------------------
# ---------------------- TLS PART START ----------------------
#smtp_tls_CAfile                 = /etc/pki/tls/certs/cert.pem
#smtp_tls_cert_file              = /etc/pki/tls/certs/myserver.example.com.crt
#smtp_tls_key_file               = /etc/pki/tls/private/myserver.example.com.key
smtp_tls_cert_file =  /etc/ssl/certs/mailserver.pem
#Postfix 2.5 or greater must use:
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache
smtp_tls_security_level = may
#smtpd_tls_CAfile                = /etc/pki/tls/certs/cert.pem
#smtpd_tls_cert_file             = /etc/pki/tls/certs/myserver.example.com.crt
#smtpd_tls_key_file              = /etc/pki/tls/private/myserver.example.com.key
smtpd_tls_cert_file =  /etc/ssl/certs/mailserver.pem
#Postfix 2.5 or greater must use:
#smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache
#smtpd_tls_dh1024_param_file     = $config_directory/dh_1024.pem
#smtpd_tls_dh512_param_file      = $config_directory/dh_512.pem
smtpd_tls_security_level        = may
smtpd_tls_received_header       = yes
smtpd_tls_ask_ccert             = yes
smtpd_tls_loglevel              = 1
tls_random_source               = dev:/dev/urandom
# ---------------------- TLS PART END ----------------------
smtpd_helo_required             = yes
disable_vrfy_command            = yes
non_fqdn_reject_code            = 450
invalid_hostname_reject_code    = 450
maps_rbl_reject_code            = 450
#unverified_sender_reject_code  = 550
#header_checks                  = pcre:$config_directory/header_checks
#body_checks                    = pcre:$config_directory/body_checks
#warning: the restrictions reject_unknown_(sender|recipient)_domain
#will trigger if your DNS becomes unavailable
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_invalid_helo_hostname
        warn_if_reject reject_non_fqdn_helo_hostname
        warn_if_reject reject_unknown_helo_hostname
        warn_if_reject reject_unknown_client
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client bl.spamcop.net
        reject_rbl_client dnsbl.sorbs.net=127.0.0.2
        reject_rbl_client dnsbl.sorbs.net=127.0.0.3
        reject_rbl_client dnsbl.sorbs.net=127.0.0.4
        reject_rbl_client dnsbl.sorbs.net=127.0.0.5
        reject_rbl_client dnsbl.sorbs.net=127.0.0.7
        reject_rbl_client dnsbl.sorbs.net=127.0.0.9
        reject_rbl_client dnsbl.sorbs.net=127.0.0.11
        reject_rbl_client dnsbl.sorbs.net=127.0.0.12
        warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org
        warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org
        warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org
        warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org
        warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org
        permit
smtpd_data_restrictions =
        reject_unauth_pipelining,
        reject_multi_recipient_bounce,
        permit