### {{ ansible_managed }}

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
{% if postfix_type == "internet" %}
smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       100     smtpd
    -o cleanup_service_name=smtpd-in
{% else %}
smtp      inet  n       -       y       -       -       smtpd
{% endif %}
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy
{% if postfix_submission is defined and postfix_submission %}
smtps      inet  n       -       y       -      100     smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
    -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
    -o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
    -o smtpd_tls_protocols=!TLSv1,!TLSv1.1
    -o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
    -o smtpd_sasl_auth_enable=yes
{% if postfix_smtpd_sender_login_maps is defined %}
    -o smtpd_sender_login_maps={{ postfix_smtpd_sender_login_maps | join(', ') }}
{% endif %}
    -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o cleanup_service_name=subclean
submission inet  n       -       y       -       -      smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
    -o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
    -o smtpd_tls_dh1024_param_file={{ dhparam_file }}
    -o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
    -o smtpd_sasl_auth_enable=yes
{% if postfix_smtpd_sender_login_maps is defined %}
    -o smtpd_sender_login_maps={{ postfix_smtpd_sender_login_maps | join(', ') }}
{% endif %}
    -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o cleanup_service_name=subclean
{% if postfix_submission_non_tls_port is defined %}
{{ postfix_submission_non_tls_port }}        inet  n       -       y       -       -       smtpd
    -o syslog_name=postfix/submission-local
    -o smtpd_tls_security_level=none
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_sasl_auth_enable=no
    -o cleanup_service_name=subclean
{% endif %}
{% endif %}
dlimit     unix  -       -       n       -       -       smtp
    -o syslog_name=postfix-dlimit
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
smtptor    unix  -       -       n       -       -      smtp_tor
  -o smtp_dns_support_level=disabled
  -o smtp_tls_security_level=none
  -o smtp_tls_policy_maps=
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd

# Outbound: Remove sensible headers
subclean   unix  n       -       y       -       0       cleanup
    -o header_checks=regexp:{{ postfix_conf_dir }}/header_treatment

# Inbound: Remove some headers
smtpd-in  unix  n       -       y       -       0       cleanup
  -o syslog_name=postfix/smtpd-in
  -o header_checks=pcre:{{ postfix_conf_dir }}/header_checks_inbound