diff --git a/Machines virtuelles/mail.md b/Machines virtuelles/mail.md
index b92a536..6575257 100644
--- a/Machines virtuelles/mail.md
+++ b/Machines virtuelles/mail.md
@@ -27,7 +27,89 @@ Adresse ipv6 publique : 2001:910:1021::201
### Configuration MTA
-*(à compléter)*
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/letsencrypt/live/mail.a-lec.org/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mail.a-lec.org/privkey.pem
+smtpd_tls_security_level = may
+smtpd_tls_auth_only = yes
+smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
+smtpd_tls_protocols=!SSLv2,!SSLv3
+smtpd_tls_loglevel = 1
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+
+smtp_tls_cert_file=/etc/letsencrypt/live/mail.a-lec.org/fullchain.pem
+smtp_tls_key_file=/etc/letsencrypt/live/mail.a-lec.org/privkey.pem
+smtp_tls_security_level = may
+smtp_tls_note_starttls_offer = yes
+smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
+smtp_tls_protocols=!SSLv2,!SSLv3
+smtp_tls_loglevel = 1
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+smtpd_sender_restrictions = reject_unknown_sender_domain
+myhostname = mail.a-lec.org
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, a-lec.org, mail.a-lec.org, localhost, os-k.eu
+relayhost =
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.169.1.0/24
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+home_mailbox = Maildir/
+virtual_alias_maps = hash:/etc/postfix/virtual
+mailbox_command =
+
+## DKIM
+smtpd_milters = unix:var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:var/run/opendkim/opendkim.sock
+
+## Ralentissement pour les serveurs problématiques
+transport_maps = hash:/etc/postfix/transport
+slow_destination_concurrency_limit = 3
+slow_destination_rate_delay = 3s
+
+maximal_queue_lifetime = 1d
+
+## Forwarding pour mails du bureau
+recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
+message_size_limit = 524288000
+
+smtp_helo_name = $mydomain
+
### Configuration serveur web (nginx)