ansible/roles/postfix-mailman3/templates/postfix/main.cf.j2

{{ ansible_header | comment }}
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# This postfix configuration set up a MTA only to send and receive mailing list mails

# When a mail is sent to @localhost, this domain will be used
myorigin = crans.org

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mailman.crans.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mailman.crans.org/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# Limit to 200Mo by message
message_size_limit = 209715200

# Default aliases
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# Only localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

# Listen on IPv4 and IPv6
inet_interfaces = all
inet_protocols = all

# Do not use gethostname
myhostname = {{ ansible_hostname }}.crans.org
mydomain = crans.org

# Softbounce, ask remote mail server to send the mail again if error
# Do not keep it active in production!
soft_bounce = no

# Mailman3 integration
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
owner_request_special = no
transport_maps =
    hash:/var/lib/mailman3/data/postfix_lmtp
local_recipient_maps =
    hash:/var/lib/mailman3/data/postfix_lmtp
relay_domains =
    hash:/var/lib/mailman3/data/postfix_domains