sasa-maillist/postfix/main.cf.template

# Basic
myhostname = lists.sasalliance.org
myorigin = sasalliance.org
mydestination = $myhostname, localhost.$mydomain, localhost

# Virtual alias domains - domains we handle via virtual_alias_maps
virtual_alias_domains = lists.sasalliance.org

# Relay through SES
relayhost = [${SMTP_HOST}]:${SMTP_PORT}
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes

# SASL auth for SES
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

# Virtual aliases - dynamic MySQL lookup
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

# Sender restrictions - enforce whitelist
smtpd_sender_restrictions = 
    permit_mynetworks,
    check_sender_access hash:/etc/postfix/sender_access,
    reject

# Recipient restrictions - accept mail for our domains
smtpd_recipient_restrictions = 
    permit_mynetworks,
    reject_unauth_destination

# Other recommended settings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# Bounce handling configuration for email-based processing
# Configure bounce notification recipients
bounce_notice_recipient = bounces@lists.sasalliance.org
2bounce_notice_recipient = bounces@lists.sasalliance.org
delay_notice_recipient = 
error_notice_recipient = bounces@lists.sasalliance.org

# Bounce settings
bounce_size_limit = 50000
bounce_queue_lifetime = 5d
maximal_bounce_delay = 1d

# Return path configuration - CRITICAL for bounce handling
# This ensures that when we relay emails via mailing lists through SES, 
# bounces come back to our bounce processing address
# 
# Use smtp_generic_maps instead of sender_canonical_maps because we only want
# to rewrite the return path for outbound SMTP (via SES), not for local delivery
smtp_generic_maps = hash:/etc/postfix/smtp_generic