Postfix:main.cf

This is a sample main.cf, not including the default variables. You can find the official options here. If you like and understand the following, add it to the bottom of your main.cf file and run
 * 1) postfix reload

main.cf: strict_rfc821_envelopes = yes smtpd_helo_required = yes smtpd_etrn_restrictions = reject smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname reject_non_fqdn_hostname permit smtpd_sender_restrictions = permit_mynetworks reject_unknown_sender_domain reject_non_fqdn_sender permit_sasl_authenticated permit_tls_clientcerts warn_if_reject reject_unverified_sender message_size_limit = 1024000 header_checks = regexp:/usr/local/etc/postfix/header_checks mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks html_directory = no syslog_facility = mail syslog_name = postfix disable_vrfy_command = yes smtpd_banner = NO UCE ESMTP smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_tls_auth_only = yes smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_pipelining reject_unknown_recipient_domain reject_unknown_sender_domain reject_non_fqdn_hostname reject_non_fqdn_recipient reject_non_fqdn_sender permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination reject_rbl_client relays.ordb.org reject_rbl_client list.dsbl.org reject_rbl_client sbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client proxies.relays.monkeys.com reject_rbl_client opm.blitzed.org reject_rbl_client blackholes.wirehub.net
 * 1) Incoming email maximum size of one meg:
 * 1) This file needs to exist if you're going to use it.
 * 1) If you don't have the following file, comment this out.
 * 1) SASL
 * 1) This will only allow authentication of users once TLS has been
 * 2) started and information being transferred is encrypted.
 * 1) TLS

Also note these example header_checks