command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
html_directory = /etc/postfix/html

myhostname = mx1.posluns.com
mydomain = posluns.com
myorigin = $myhostname

mail_owner = postfix
setgid_group = postdrop
default_privs = nobody
# always_bcc = backupmail
soft_bounce = no

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# The following is for an smtpd_proxy_filter. You can also use a content_filter by commenting out the three proxy_filter lines and adding: content_filter = smtp:[127.0.0.1]:10024
smtpd_proxy_filter = 127.0.0.1:10024
smtpd_proxy_timeout = 180s
smtpd_proxy_ehlo = antispam.posluns.com
recipient_delimiter = +
smtp_send_xforward_command = yes
smtpd_client_connection_count_limit=10

# If you're using DSPAM, you might want the following:
#dspam_destination_recipient_limit = 1
#dspam-add_destination_recipient_limit = 1
#dspam-fp_destination_recipient_limit = 1

# # SSL/TLS encrypted email is nice to have. You'll need to have your own certificates.
#smtp_use_tls = yes
#smtp_tls_key_file = /etc/postfix/ssl/mx1.posluns.com.pem
#smtp_tls_cert_file = /etc/postfix/ssl/mx1.posluns.com.crt
#smtp_tls_CAfile = /etc/postfix/ssl/cacert.crt

#smtpd_use_tls = yes
#smtpd_tls_key_file = /etc/postfix/ssl/mx1.posluns.com.pem
#smtpd_tls_cert_file = /etc/postfix/ssl/mx1.posluns.com.crt
#smtpd_tls_CAfile = /etc/postfix/ssl/cacert.crt
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom

#smtpd_tls_auth_only = yes
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain =
#broken_sasl_auth_clients = yes

inet_interfaces = localhost, 69.70.12.212
#inet_interfaces = all

mail_spool_directory = /var/mail
#home_mailbox = Maildir/
#mailbox_command = /usr/local/bin/procmail
smtpd_banner = $myhostname

mydestination = $myhostname
transport_maps = hash:/etc/postfix/maps/transport
#			regexp:/etc/postfix/maps/dspam_regexp
header_checks = pcre:/etc/postfix/maps/header_checks.short
body_checks = pcre:/etc/postfix/maps/body_checks.short
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
relay_domains = hash:/etc/postfix/maps/relay_domains
#virtual_maps = hash:/etc/postfix/maps/virtual
mynetworks = /etc/postfix/mynetworks
#local_recipient_maps = $virtual_maps $alias_maps

local_destination_concurrency_limit = 8
default_destination_concurrency_limit = 16
in_flow_delay = 1s
debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes
smtpd_etrn_restriction = reject
message_size_limit = 32768000
bounce_size_limit = 65536
header_size_limit = 32768
smtpd_recipient_limit = 128
smtpd_timeout = 180

strict_rfc821_envelopes = yes
allow_untrusted_routing = no
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_error_sleep_time = 1s

# In case of mail bombing enable:
# smtpd_soft_error_limit = 1
# smtpd_hard_error_limit = 2
# smtpd_error_sleep_time = 0s

# For SPF Implementation as per http://www.libspf2.org/
#spf_received_header = yes
#spf_mark_only = yes
#spf_reject_code = 550
#spf_global_whitelist = no
policy_time_limit = 3600

# Note that the restriction class data that used to be in here is now located at:
# http://www.posluns.com/files/restriction.cf

smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
	permit_mynetworks,
#	permit_sasl_authenticated,	#You'll need to enable this in order to have authenticated users send mail.
	reject_unauth_destination,
	check_sender_access hash:/etc/postfix/maps/sender_ok,
	check_recipient_access hash:/etc/postfix/maps/recipient_ok,
#	reject_unknown_client,		#This has caused a fair number of wrongful rejections.
#	reject_non_fqdn_hostname,	#This has caused a fair number of wrongful rejections.
#	reject_unknown_hostname,	#This has caused a fair number of wrongful rejections.
	reject_invalid_hostname,
	reject_unauth_pipelining,
	reject_non_fqdn_sender,
	reject_unknown_sender_domain,
	reject_multi_recipient_bounce,
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	check_sender_access hash:/etc/postfix/maps/idiots,
	check_recipient_access hash:/etc/postfix/maps/idiots,
#	reject_spf_invalid_sender,	#Alternate SPF mechanism - requires patching source code
	check_policy_service unix:private/policy,
	reject_unverified_sender,
	reject_unverified_recipient