myhostname = mx02.virtit.fr
smtpd_banner = $myhostname ESMTP
mynetworks = 127.0.0.0/24 [::1]/128
maximal_queue_lifetime = 30d

relay_recipient_maps =
relay_domains = hash:/etc/postfix/relaydomains
transport_maps = hash:/etc/postfix/transportmaps

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

#
## TLS settings
#
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/letsencrypt/mx02.virtit.fr/live/private.key
smtpd_tls_cert_file = /etc/letsencrypt/mx02.virtit.fr/live/fullchain.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong

# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW