---

# Backend-specific configuration

# additional altnames
profiles::pki::vault::alt_names:
  - mail.main.unkin.net

# backend-specific postfix configuration
postfix::mydestination: 'localhost'
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
postfix::smtp_listen: ['0.0.0.0', '::']

# disable postscreen (backend doesn't need it)
profiles::postfix::gateway::enable_postscreen: false
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'

# enable dovecot integration
profiles::postfix::gateway::enable_dovecot: true
profiles::postfix::gateway::virtual_mailbox_domains:
  - 'main.unkin.net'
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'

# use built-in dovecot LDA support
postfix::use_dovecot_lda: true
postfix::mail_user: 'vmail:vmail'

# virtual maps using gateway profile parameters
profiles::postfix::gateway::virtual_mailbox_maps:
  'ben@main.unkin.net': 'main.unkin.net/ben/'
  'root@main.unkin.net': 'main.unkin.net/ben/'
  'postmaster@main.unkin.net': 'main.unkin.net/ben/'
  'abuse@main.unkin.net': 'main.unkin.net/ben/'

profiles::postfix::gateway::virtual_alias_maps: {}

# simplified restrictions for backend (no RBL checks)
profiles::postfix::gateway::smtpd_client_restrictions:
  - 'permit_mynetworks'
  - 'reject_unauth_destination'

profiles::postfix::gateway::smtpd_sender_restrictions:
  - 'permit_mynetworks'
  - 'reject_non_fqdn_sender'

profiles::postfix::gateway::smtpd_recipient_restrictions:
  - 'permit_mynetworks'
  - 'reject_non_fqdn_recipient'
  - 'reject_unauth_destination'