Seems so, but I don't know what I'm looking for. Previously, I increased the size limit, but that's the only thing I've changed that I recognize in here.
I noticed entries for TLS. Is that required on the client side? I would have expected Profile Manager to set that all up when I issued the profiles.
Uncommented lines only:
queue_directory = /Library/Server/Mail/Data/spool
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /Library/Server/Mail/Data/mta
mail_owner = _postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = _postdrop
html_directory = /usr/share/doc/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/examples
readme_directory = /usr/share/doc/postfix
dovecot_destination_recipient_limit = 1
mailbox_size_limit = 0
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
tls_random_source = dev:/dev/urandom
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
use_sacl_cache = yes
mydomain_fallback = localhost
message_size_limit = 104857600
biff = no
mynetworks = 127.0.0.0/8, [::1]/128
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
recipient_delimiter = +
smtpd_tls_ciphers = medium
inet_protocols = all
inet_interfaces = all
config_directory = /Library/Server/Mail/Config/postfix
smtpd_enforce_tls = no
smtpd_use_pw_server = yes
relayhost =
smtpd_tls_cert_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. cert.pem
mydomain = mydomain.com
smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
smtpd_sasl_auth_enable = yes
smtpd_helo_required = no
smtpd_tls_CAfile = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. chain.pem
content_filter =
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit
header_checks =
myhostname = server.mydomain.com
smtpd_helo_restrictions =
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. key.pem
enable_server_options = yes
recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps
virtual_alias_maps = $virtual_maps
smtpd_sasl_local_domain = server.mydomain.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mailbox_transport = dovecot
postscreen_dnsbl_sites =
maps_rbl_domains =