# Basic identity — kept in sync with MAILNAME/MY_NETWORKS/MY_DESTINATION env vars # so the tozd startup script's postconf calls are no-ops myhostname = mail.main.unkin.net myorigin = main.unkin.net mydestination = localhost.localdomain, localhost mynetworks = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 inet_protocols = ipv4 inet_interfaces = all # No local delivery — we're a relay-only gateway local_transport = error:no local delivery alias_maps = alias_database = # Relay inbound mail for these domains to Stalwart # texthash: reads plain text without requiring postmap (Alpine has no hash/btree) relay_domains = main.unkin.net unkin.net transport_maps = texthash:/etc/postfix/transport # rspamd milter (same namespace — short DNS name resolves) smtpd_milters = inet:rspamd:11332 non_smtpd_milters = inet:rspamd:11332 milter_default_action = accept milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} # Inbound TLS (cert from cert-manager Certificate resource) smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/tls/tls.crt smtpd_tls_key_file = /etc/postfix/tls/tls.key smtpd_tls_loglevel = 1 # Outbound TLS (opportunistic) smtp_tls_security_level = may smtp_tls_loglevel = 1 # Message size limit (50 MiB) message_size_limit = 52428800 mailbox_size_limit = 0 # Queue retention maximal_queue_lifetime = 5d bounce_queue_lifetime = 1d # Log to stdout for k8s log collection maillog_file = /dev/stdout