sudo vim /etc/postfix/main.cf
message_size_limit = 10485760
mailbox_size_limit = 0
biff = no
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
recipient_delimiter = +
tls_random_source = dev:/dev/urandom
#smtpd_tls_ciphers = medium

myhostname = mail.hensler.net
mydomain = hensler.net
myorigin = $mydomain
#inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain
mynetworks = 127.0.0.0/8
smtpd_banner = $myhostname
smtpd_use_tls= yes
smtp_use_tls = yes
tls_preempt_cipherlist = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.hensler.net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.hensler.net/privkey.pem

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDH+aRSA+AES256:ECDH+aRSA+AES128:AES256-SHA:AES128+EECDH:AES128+EDH

virtual_alias_maps = hash:/etc/postfix/virtual
inet_protocols = ipv4

 

sudo vim /etc/postfix/virtual
bernhard@hensler.net bhensler@gmail.com

sudo postmap virtual

 

For TLS create apache virtualhost and run certbot (lets encrypt)

<VirtualHost *:80>
ServerAdmin bhensler@gmail.com
DocumentRoot “/Users/bhr/Sites/mail.hensler.net”
ServerName mail.hensler.net
ServerAlias mail.hensler.net
ErrorLog “/private/var/log/apache2/mail.hensler.net-error_log”
CustomLog “/private/var/log/apache2/mail.hensler.net-access_log” common
RewriteEngine on
RewriteCond %{SERVER_NAME} =mail.hensler.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

 

tail -f /var/log/mail.log

 

https://opensource.apple.com/source/postfix/postfix-252/Postfix.LaunchDaemons/org.postfix.master.plist.auto.html
sudo cp org.postfix.master.plist /Library/LaunchDaemons

 

https://ssl-tools.net/mailservers/hensler.net
https://aws.amazon.com/premiumsupport/knowledge-center/route-53-reverse-dns/
http://www.digwebinterface.com/

Leave a Reply

Your email address will not be published. Required fields are marked *