Differences

This shows you the differences between two versions of the page.

--- postfix:optimized-configuration [2009/05/01 19:11]
greebo
+++ postfix:optimized-configuration [2013/09/12 15:40] (current)
zagi
@@ Line 1: / Line 1: @@
 **main.cf**
 <code>
-soft_bounce = yes
+#soft_bounce = yes
 smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http://www.rfc.net/rfc2821.html
 biff = no
@@ Line 9: / Line 9: @@
 # Uncomment the next line to generate "delayed mail" warnings
-delay_warning_time = 3h
+#delay_warning_time = 3h
 readme_directory = no
-#sample_directory
+html_directory = no
 myorigin = $myhostname
@@ Line 46: / Line 46: @@
 <code>
 # TLS parameters
-tls_random_source = dev:/dev/urandom
+smtp_tls_security_level=may
-smtpd_tls_cert_file=/etc/ssl/certs/server.crt
+#obsoletes smtp_use_tls smtp_enforce_tls  smtp_tls_enforce_peername
-smtpd_tls_key_file=/etc/ssl/private/server.key
+smtp_tls_note_starttls_offer=yes
+smtp_tls_CApath = /etc/ssl/certs
+smtpd_tls_security_level=may
+#obsoletes  smtpd_use_tls smtpd_enforce_tls
+smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+# debuging tls
+smtp_tls_loglevel = 0
+smtpd_tls_loglevel = 0
+smtpd_tls_auth_only=yes
+smtpd_tls_received_header=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+tls_random_source = dev:/dev/urandom
-smtp_tls_security_level = may
-smtpd_tls_security_level = may
+###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
 ###smtpd_tls_ask_ccert = yes
 ###smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
-# debuging tls
-# smtpd_tls_loglevel = 3
-#obsolete#smtpd_use_tls=yes
 smtp_tls_note_starttls_offer = yes
@@ Line 74: / Line 87: @@
 smtpd_sasl_exceptions_networks = $mynetworks
-smtpd_tls_auth_only = yes
-smtpd_tls_received_header = yes
  smtpd_sasl_authenticated_header = no
@@ Line 88: / Line 99: @@
 recipient_delimiter = +
 inet_interfaces = all
-inet_protocols = ipv4
+inet_protocols = all
-#inet_protocols = all
 smtpd_restriction_classes = permissive, rblcheck, greylisting, nodynamic_client, check_policyd_weight, verify_sender
@@ Line 113: / Line 123: @@
 check_policyd_weight =
+        check_client_access hash:/etc/postfix/whitelist_policydweight_clients
         check_recipient_access hash:/etc/postfix/whitelist_policydweight_recipient,
         check_policy_service inet:127.0.0.1:12525
@@ Line 128: / Line 139: @@
 smtpd_helo_restrictions =
-        check_client_access hash:/etc/postfix/whitelist_helo_checks
+        check_client_access hash:/etc/postfix/whitelist_helo_clients
         hash:/etc/postfix/helo_checks
+        permit_sasl_authenticated
+        permit_mynetworks
+        warn_if_reject reject_invalid_hostname
+        warn_if_reject reject_non_fqdn_hostname
+        warn_if_reject reject_unknown_hostname
 smtpd_etrn_restrictions=
@@ Line 135: / Line 151: @@
         reject
-smtpd_sender_restrictions =
+#smtpd_sender_login_maps =  ldap:ldap_accounts, ldap:ldap_alias
+#smtpd_sender_restrictions = reject_sender_login_mismatch
 smtpd_recipient_restrictions =
@@ Line 170: / Line 188: @@
 address_verify_sender = postar
 address_verify_map = btree:$(data_directory)/verify
 home_mailbox = Maildir/
@@ Line 252: / Line 271: @@
 **/etc/postfix/bogon_networks**
-.0.0.0/8       REJECT IP address of MX host is a bogus address
+<code>
-.0.0.0/8       REJECT IP address of MX host is a bogus address
+# http://www.cymru.com/Documents/bogon-bn-agg.txt
 .0.0.0/8       REJECT IP address of MX host is a bogus address
 .0.0.0/8       REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/7      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/6     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/7     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.254.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.16.0.0/12   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/7     REJECT IP address of MX host is a bogus address
 .0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
 .0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.2.0/24    REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.168.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.18.0.0/15   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.51.100.0/24 REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.113.0/24  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/3     REJECT IP address of MX host is a bogus address
-.254.0.0/16  REJECT IP address of MX host is a bogus address
+</code>
-.16.0.0/12   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.2.0/24    REJECT IP address of MX host is a bogus address
-.168.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.18.0.0/15   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/3     REJECT IP address of MX host is a bogus address
-.0.0.0/12    REJECT IP address of MX host is a reserved address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
 **/etc/postfix/discard_ehelo_map**
@@ Line 312: / Line 310: @@
-**/etc/postfix/whitelist_helo_checks**
+**/etc/postfix/whitelist_helo_clients**
 .0.0.1               OK\\
 localhost               OK\\