#your server's hostname and domain name
myhostname = postfix.domain.com
mydomain = domain.com

# Transport map's table
transport_maps = mysql:/etc/postfix/mysql/transport.cf


# Our users and aliases tables;
virtual_mailbox_base = /
virtual_mailbox_maps = mysql:/etc/postfix/mysql/users.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/aliases.cf


# Quotas limitiations
mailbox_size_limit = 8120000000
message_size_limit = 10240000
virtual_mailbox_limit = 812000000

# List our domains here
mydestination = 
    localhost, 
    $myhostname, 
    localhost.$mydomain,
    mysql:/etc/postfix/mysql/domains.cf
    
local_recipient_maps = 
    $virtual_mailbox_maps, 
    $virtual_alias_maps, 
    $transport_maps,
    unix:passwd.byname		

#Our local users' map    
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases		

# Special settings for a few not RFC email software

broken_sasl_auth_clients = yes


#Offer StartTLS on greeting for SMTP authorization

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous


smtpd_delay_reject = yes 

################## Our restrictrions on SMTP relaying

smtpd_recipient_restrictions =

# allow to relay for StartTLS authorized users
    permit_sasl_authenticated,	

# allow to relay for authorized by pop users    
    check_client_access mysql:/etc/postfix/mysql/pop-before-smtp.cf,

# allow to relay for computers at our network 
    check_client_access mysql:/etc/postfix/mysql/access.cf,

# allow to relay for computers at our network     
    reject_unauth_destination,

# allow to relay our networks ( listed above at default config )
    permit_mynetworks,

# allow to send emails for domains we are backup MX host    
    permit_mx_backup,

# reject sending from hosts listed as opened relays
# fFull list you can take at http://smartcgi.com/dist/rbl.txt
    reject_rbl_client      list.dsbl.org,
    reject_rbl_client      relays.ordb.org,
 

# Permit our networks to relay over our smtp server
smtpd_client_restrictions = permit_mynetworks

#some special settings for DRWEB antivirus 
# read more at drweb's documentation 
drweb_destination_recipient_limit = 1
test_destination_recipient_limit = 1


# StartTLS/SSL settings
smtp_use_tls = yes
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes

smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# A certificate for our StartTLS/SSL transport
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_cert_file = /etc/postfix/postfix.cert