DMS: spoof protection, sender rewriting, rspamd, SSL, size limits

But disable things that are redundant with rspamd.
diff --git a/mail/mailserver.env b/mail/mailserver.env
index c857aff..69ecec5 100644
--- a/mail/mailserver.env
+++ b/mail/mailserver.env
@@ -58,6 +58,9 @@
 # **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
 # `connected-networks` option, can create an open relay
 # https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
+#
+# BECAUSE IPv6 => IPv4 NAT!!!
+#
 # The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns
 # https://github.com/docker-mailserver/docker-mailserver/issues/2377
 #
@@ -88,22 +91,22 @@
 #
 # **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing).
 # 1 => Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
-SPOOF_PROTECTION=
+SPOOF_PROTECTION=1
 
 # Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
 #  - **0** => Disabled
 #  - 1 => Enabled
-ENABLE_SRS=0
+ENABLE_SRS=1
 
 # Enables the OpenDKIM service.
 # **1** => Enabled
 #   0   => Disabled
-ENABLE_OPENDKIM=1
+ENABLE_OPENDKIM=0
 
 # Enables the OpenDMARC service.
 # **1** => Enabled
 #   0   => Disabled
-ENABLE_OPENDMARC=1
+ENABLE_OPENDMARC=0
 
 
 # Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
@@ -111,7 +114,7 @@
 #
 # - 0     => Disabled
 # - **1** => Enabled
-ENABLE_POLICYD_SPF=1
+ENABLE_POLICYD_SPF=0
 
 # 1 => Enables POP3 service
 # empty => disables POP3
@@ -125,13 +128,13 @@
 # Enables Rspamd
 # **0** => Disabled
 #   1   => Enabled
-ENABLE_RSPAMD=0
+ENABLE_RSPAMD=1
 
 # When `ENABLE_RSPAMD=1`, an internal Redis instance is enabled implicitly.
 # This setting provides an opt-out to allow using an external instance instead.
 # 0 => Disabled
 # 1 => Enabled
-ENABLE_RSPAMD_REDIS=
+ENABLE_RSPAMD_REDIS=1
 
 # When enabled,
 #
@@ -140,7 +143,7 @@
 #
 # **0** => disabled
 # 1     => enabled
-RSPAMD_LEARN=0
+RSPAMD_LEARN=1
 
 # Controls whether the Rspamd Greylisting module is enabled.
 # This module can further assist in avoiding spam emails by greylisting
@@ -148,7 +151,7 @@
 #
 # **0** => disabled
 # 1     => enabled
-RSPAMD_GREYLISTING=0
+RSPAMD_GREYLISTING=1
 
 # Can be used to enable or disable the Hfilter group module.
 #
@@ -164,7 +167,7 @@
 # Amavis content filter (used for ClamAV & SpamAssassin)
 # 0 => Disabled
 # 1 => Enabled
-ENABLE_AMAVIS=1
+ENABLE_AMAVIS=0
 
 # -1/-2/-3 => Only show errors
 # **0**    => Show warnings
@@ -209,7 +212,7 @@
 # custom => Enables custom certificates
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
-SSL_TYPE=
+SSL_TYPE=letsencrypt
 
 # These are only supported with `SSL_TYPE=manual`.
 # Provide the path to your cert and key files that you've mounted access to within the container.
@@ -236,7 +239,7 @@
 # Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
 #
 # empty => 0
-POSTFIX_MAILBOX_SIZE_LIMIT=
+POSTFIX_MAILBOX_SIZE_LIMIT=1073741824
 
 # See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
 # 0 => Dovecot quota is disabled
@@ -246,7 +249,7 @@
 # Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
 #
 # empty => 10240000 (~10 MB)
-POSTFIX_MESSAGE_SIZE_LIMIT=
+POSTFIX_MESSAGE_SIZE_LIMIT=268435456
 
 # Mails larger than this limit won't be scanned.
 # ClamAV must be enabled (ENABLE_CLAMAV=1) for this.