Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
postfix:optimized-configuration [2009/03/20 12:43] greebo |
postfix:optimized-configuration [2013/09/12 15:40] (current) zagi |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | soft_bounce = yes\\ | + | **main.cf** |
- | \\ | + | < |
- | smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http:// | + | #soft_bounce = yes |
- | \\ | + | smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http:// |
- | biff = no\\ | + | biff = no |
- | \\ | + | |
- | # appending .domain is the MUA's job.\\ | + | # appending .domain is the MUA's job. |
- | append_dot_mydomain = no\\ | + | append_dot_mydomain = no |
- | \\ | + | |
- | # Uncomment the next line to generate " | + | # Uncomment the next line to generate " |
- | delay_warning_time = 4h\\ | + | #delay_warning_time = 3h |
- | \\ | + | |
- | readme_directory = no\\ | + | readme_directory = no |
+ | html_directory = no | ||
+ | |||
+ | myorigin = $myhostname | ||
+ | # mta MUST accept mail for localhost, localhost.$mydomain | ||
+ | mydestination = $myhostname, | ||
+ | |||
+ | myhostname = host.domain.tld | ||
+ | |||
+ | # Yes...please exchange it :-) | ||
+ | mail_name = Exchange Microsoft | ||
+ | |||
+ | # Use only if you have trouble sending mail. It breaks " | ||
+ | # | ||
+ | |||
+ | alias_maps = hash:/ | ||
+ | alias_database = hash:/ | ||
+ | |||
+ | sender_canonical_maps = hash:/ | ||
+ | recipient_canonical_maps = hash:/ | ||
+ | |||
+ | allow_percent_hack = no | ||
+ | swap_bangpath = no | ||
+ | |||
+ | virtual_maps = hash:/ | ||
+ | |||
+ | local_recipient_maps = proxy: | ||
+ | |||
+ | # | ||
+ | slow_destination-concurrency_limit = 3 | ||
+ | </ | ||
+ | |||
+ | **TLS Sections** | ||
+ | < | ||
+ | # TLS parameters | ||
+ | smtp_tls_security_level=may | ||
+ | #obsoletes smtp_use_tls smtp_enforce_tls | ||
+ | smtp_tls_note_starttls_offer=yes | ||
+ | |||
+ | smtp_tls_CApath = / | ||
+ | |||
+ | smtpd_tls_security_level=may | ||
+ | # | ||
+ | |||
+ | smtp_tls_cert_file=/ | ||
+ | smtp_tls_key_file=/ | ||
+ | |||
+ | smtpd_tls_cert_file=/ | ||
+ | smtpd_tls_key_file=/ | ||
+ | |||
+ | # debuging tls | ||
+ | smtp_tls_loglevel = 0 | ||
+ | smtpd_tls_loglevel = 0 | ||
+ | |||
+ | smtpd_tls_auth_only=yes | ||
+ | smtpd_tls_received_header=yes | ||
+ | |||
+ | smtpd_tls_session_cache_database = btree: | ||
+ | smtp_tls_session_cache_database = btree: | ||
+ | |||
+ | tls_random_source = dev:/ | ||
+ | |||
+ | ### | ||
+ | ### | ||
+ | ### | ||
+ | |||
+ | smtp_tls_note_starttls_offer = yes | ||
+ | # | ||
+ | |||
+ | smtpd_sasl_local_domain = $myhostname | ||
+ | smtpd_sasl_application_name = smtpd | ||
+ | smtpd_sasl_auth_enable = yes | ||
+ | smtpd_sasl_security_options = noanonymous | ||
+ | broken_sasl_auth_clients = yes | ||
+ | smtpd_sasl_exceptions_networks = $mynetworks | ||
+ | |||
+ | |||
+ | | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # | ||
+ | |||
+ | relayhost = | ||
+ | mynetworks = 127.0.0.0/8 192.168.10.0/ | ||
+ | mailbox_size_limit = 0 | ||
+ | recipient_delimiter = + | ||
+ | inet_interfaces = all | ||
+ | inet_protocols = all | ||
+ | |||
+ | smtpd_restriction_classes = permissive, rblcheck, greylisting, | ||
+ | |||
+ | permissive = permit | ||
+ | |||
+ | rblcheck = | ||
+ | check_recipient_access hash:/ | ||
+ | reject_rbl_client zen.spamhaus.org, | ||
+ | reject_rbl_client bl.spamcop.net, | ||
+ | reject_rbl_client psbl.surriel.com, | ||
+ | reject_rhsbl_sender bogusmx.rfc-ignorant.org | ||
+ | |||
+ | greylisting = | ||
+ | permit_mynetworks, | ||
+ | permit_sasl_authenticated, | ||
+ | check_recipient_access hash:/ | ||
+ | check_policy_service inet: | ||
+ | |||
+ | nodynamic_client = | ||
+ | warn_if_reject reject_unknown_client_hostname, | ||
+ | check_client_access pcre:/ | ||
+ | |||
+ | check_policyd_weight = | ||
+ | check_client_access hash:/ | ||
+ | check_recipient_access hash:/ | ||
+ | check_policy_service inet: | ||
+ | |||
+ | verify_sender = | ||
+ | check_sender_access hash:/ | ||
+ | check_recipient_access hash:/ | ||
+ | reject_unverified_sender | ||
+ | |||
+ | # Don't offer ETRN nor VRFY | ||
+ | smtpd_discard_ehlo_keywords = silent-discard, | ||
+ | |||
+ | smtpd_discard_ehlo_keyword_address_maps = | ||
+ | hash:/ | ||
+ | |||
+ | smtpd_helo_restrictions = | ||
+ | check_client_access hash:/ | ||
+ | hash:/ | ||
+ | permit_sasl_authenticated | ||
+ | permit_mynetworks | ||
+ | warn_if_reject reject_invalid_hostname | ||
+ | warn_if_reject reject_non_fqdn_hostname | ||
+ | warn_if_reject reject_unknown_hostname | ||
+ | |||
+ | smtpd_etrn_restrictions= | ||
+ | permit_mynetworks, | ||
+ | reject | ||
+ | |||
+ | # | ||
+ | |||
+ | # | ||
+ | |||
+ | smtpd_recipient_restrictions = | ||
+ | greylisting, | ||
+ | reject_unlisted_recipient, | ||
+ | reject_non_fqdn_sender, | ||
+ | reject_non_fqdn_recipient, | ||
+ | reject_unknown_sender_domain, | ||
+ | reject_unknown_recipient_domain, | ||
+ | check_sender_mx_access cidr:/ | ||
+ | permit_mynetworks, | ||
+ | permit_sasl_authenticated, | ||
+ | reject_unauth_destination, | ||
+ | rblcheck, | ||
+ | check_policyd_weight, | ||
+ | nodynamic_client, | ||
+ | verify_sender | ||
+ | # | ||
+ | |||
+ | smtpd_data_restrictions = | ||
+ | reject_multi_recipient_bounce | ||
+ | reject_unauth_pipelining | ||
+ | permit | ||
+ | |||
+ | content_filter = smtp-amavis: | ||
+ | |||
+ | #already in master.cf: | ||
+ | # | ||
+ | # | ||
+ | |||
+ | hash_queue_depth = 1 | ||
+ | |||
+ | # / | ||
+ | address_verify_sender = postar | ||
+ | address_verify_map = btree: | ||
+ | |||
+ | |||
+ | home_mailbox = Maildir/ | ||
+ | message_size_limit = 70480000 | ||
+ | |||
+ | # ABKO | ||
+ | disable_vrfy_command = yes | ||
+ | smtpd_helo_required = yes | ||
+ | strict_rfc821_envelopes = yes | ||
+ | |||
+ | unverified_recipient_reject_code = 550 | ||
+ | unverified_sender_reject_code = 550 | ||
+ | |||
+ | smtpd_error_sleep_time = 3s | ||
+ | smtpd_soft_error_limit = 5 | ||
+ | smtpd_hard_error_limit = 10 | ||
+ | |||
+ | # Mailman feature | ||
+ | owner_request_special = yes | ||
+ | show_user_unknown_table_name = no | ||
+ | |||
+ | # testing purposed | ||
+ | # smtpd_delay_reject = no | ||
+ | |||
+ | # DEBUG | ||
+ | # debug_peer_level = 1 | ||
+ | # | ||
+ | remote_header_rewrite_domain = domain.invalid | ||
+ | </ | ||
+ | |||
+ | |||
+ | **/ | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | [< | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | **/ | ||
+ | /\.static\./ OK | ||
+ | /\.dynamic\./ | ||
+ | /\-dynamic\./ | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
\\ | \\ | ||
- | myorigin = $myhostname\\ | ||
- | mydestination = $myhostname, | ||
- | \\ | ||
- | myhostname = host.domain.tld\\ | ||
- | mail_name = Exchange Microsoft\\ | ||
- | \\ | ||
- | # | ||
- | \\ | ||
- | alias_maps = hash:/ | ||
- | alias_database = hash:/ | ||
- | \\ | ||
- | virtual_maps = hash:/ | ||
- | \\ | ||
- | local_recipient_maps = proxy: | ||
- | \\ | ||
- | # | ||
- | slow_destination-concurrency_limit = 3\\ | ||
- | \\ | ||
- | # TLS parameters\\ | ||
- | smtpd_tls_cert_file=/ | ||
- | smtpd_tls_key_file=/ | ||
- | smtpd_use_tls=yes\\ | ||
- | smtpd_tls_session_cache_database = btree: | ||
- | smtp_tls_session_cache_database = btree: | ||
- | smtpd_tls_auth_only = yes\\ | ||
- | smtpd_tls_received_header = yes\\ | ||
- | tls_random_source = dev:/ | ||
- | \\ | ||
- | # | ||
- | # | ||
- | # | ||
- | \\ | ||
- | smtpd_sasl_local_domain = $myhostname\\ | ||
- | smtpd_sasl_application_name = smtpd\\ | ||
- | smtpd_sasl_auth_enable = yes\\ | ||
- | smtpd_sasl_security_options = noanonymous\\ | ||
- | broken_sasl_auth_clients = yes\\ | ||
- | smtpd_sasl_exceptions_networks = $mynetworks\\ | ||
- | \\ | ||
- | # | ||
- | \\ | ||
- | relayhost =\\ | ||
- | mynetworks = 127.0.0.0/8 192.168.10.0/ | ||
- | mailbox_size_limit = 0\\ | ||
- | recipient_delimiter = +\\ | ||
- | inet_interfaces = all\\ | ||
- | inet_protocols = ipv4\\ | ||
- | \\ | ||
- | smtpd_restriction_classes = permissive, rblcheck, greylisting, | ||
- | \\ | ||
- | permissive = permit\\ | ||
- | \\ | ||
- | rblcheck =\\ | ||
- | check_recipient_access hash:/ | ||
- | reject_rbl_client zen.spamhaus.org, | ||
- | reject_rhsbl_sender bogusmx.rfc-ignorant.org\\ | ||
- | \\ | ||
- | greylisting =\\ | ||
- | check_recipient_access hash:/ | ||
- | check_policy_service inet: | ||
- | \\ | ||
- | nodynamic_client =\\ | ||
- | warn_if_reject reject_unknown_client_hostname, | ||
- | check_client_access pcre:/ | ||
- | \\ | ||
- | check_policyd_weight =\\ | ||
- | check_recipient_access hash:/ | ||
- | check_policy_service inet: | ||
- | \\ | ||
- | verify_sender =\\ | ||
- | check_sender_access hash:/ | ||
- | check_recipient_access hash:/ | ||
- | reject_unverified_sender\\ | ||
- | \\ | ||
- | smtpd_discard_ehlo_keywords = silent-discard, | ||
- | \\ | ||
- | smtpd_helo_restrictions =\\ | ||
- | hash:/ | ||
- | \\ | ||
- | smtpd_etrn_restrictions=\\ | ||
- | permit_mynetworks, | ||
- | reject\\ | ||
- | \\ | ||
- | smtpd_sender_restrictions =\\ | ||
- | \\ | ||
- | smtpd_recipient_restrictions =\\ | ||
- | greylisting, | ||
- | reject_unlisted_recipient, | ||
- | reject_non_fqdn_sender, | ||
- | reject_non_fqdn_recipient, | ||
- | reject_unknown_sender_domain, | ||
- | reject_unknown_recipient_domain, | ||
- | check_sender_mx_access cidr:/ | ||
- | permit_mynetworks, | ||
- | permit_sasl_authenticated, | ||
- | reject_unauth_destination, | ||
- | rblcheck,\\ | ||
- | check_policyd_weight, | ||
- | nodynamic_client, | ||
- | verify_sender\\ | ||
- | # | ||
- | \\ | ||
- | smtpd_data_restrictions =\\ | ||
- | reject_multi_recipient_bounce\\ | ||
- | reject_unauth_pipelining\\ | ||
- | permit\\ | ||
- | \\ | ||
- | content_filter = smtp-amavis: | ||
- | \\ | ||
- | lmtp_send_xforward_command = yes\\ | ||
- | smtp_send_xforward_command = yes\\ | ||
- | \\ | ||
- | hash_queue_depth = 1\\ | ||
- | \\ | ||
- | # / | ||
- | address_verify_sender = postar\\ | ||
- | address_verify_map = btree: | ||
- | \\ | ||
- | home_mailbox = Maildir/\\ | ||
- | message_size_limit = 70480000\\ | ||
- | \\ | ||
- | # ABKO\\ | ||
- | disable_vrfy_command = yes\\ | ||
- | smtpd_helo_required = yes\\ | ||
- | strict_rfc821_envelopes = yes\\ | ||
- | \\ | ||
- | unverified_recipient_reject_code = 550\\ | ||
- | unverified_sender_reject_code = 550\\ | ||
- | \\ | ||
- | smtpd_error_sleep_time = 0s\\ | ||
- | smtpd_soft_error_limit = 5\\ | ||
- | smtpd_hard_error_limit = 10\\ | ||
- | \\ | ||
- | owner_request_special = yes\\ | ||
- | show_user_unknown_table_name = no\\ | ||
- | \\ | ||
- | # | ||
- | \\ | ||
- | # DEBUG\\ | ||
- | # debug_peer_level = 1\\ | ||
- | # | ||
- | remote_header_rewrite_domain = domain.invalid\\ | ||
- | / | + | **/ |
- | / | + | root@ OK |
- | / | + | admin@ |
- | / | + | postmaster@ |
- | / | + | abuse@ |
- | / | + | postar@ |
- | / | + | |
+ | |||
+ | **/ | ||
+ | root@ OK | ||
+ | admin@ | ||
+ | postmaster@ | ||
+ | abuse@ | ||
+ | postar@ | ||
+ | |||
+ | **/ | ||
+ | FIXME | ||
+ | |||
+ | **/ | ||
+ | nevtron.si OK | ||
+ | | ||
+ | finance-on.net | ||
+ | uni-mb.si | ||
+ | mailer.mojedelo.com | ||
+ | |||
+ | **/ | ||
+ | root@ OK | ||
+ | admin@ | ||
+ | postmaster@ | ||
+ | abuse@ | ||
+ | postar@ | ||
+ | |||
+ | **/ | ||
+ | < | ||
+ | # http:// | ||
+ | 0.0.0.0/ | ||
+ | 5.0.0.0/ | ||
+ | 10.0.0.0/ | ||
+ | 14.0.0.0/ | ||
+ | 23.0.0.0/ | ||
+ | 31.0.0.0/ | ||
+ | 36.0.0.0/ | ||
+ | 39.0.0.0/ | ||
+ | 42.0.0.0/ | ||
+ | 49.0.0.0/ | ||
+ | 100.0.0.0/ | ||
+ | 104.0.0.0/ | ||
+ | 106.0.0.0/ | ||
+ | 127.0.0.0/ | ||
+ | 169.254.0.0/ | ||
+ | 172.16.0.0/ | ||
+ | 176.0.0.0/ | ||
+ | 179.0.0.0/ | ||
+ | 181.0.0.0/ | ||
+ | 185.0.0.0/ | ||
+ | 192.0.2.0/ | ||
+ | 192.168.0.0/ | ||
+ | 198.18.0.0/ | ||
+ | 198.51.100.0/ | ||
+ | 203.0.113.0/ | ||
+ | 223.0.0.0/ | ||
+ | 224.0.0.0/ | ||
+ | </ | ||
+ | |||
+ | **/ | ||
+ | # borken_tls_smtp_host | ||
+ | 193.189.160.1 | ||
+ | |||
+ | **/ | ||
+ | username@mydomain | ||
+ | |||
+ | |||
+ | **/ | ||
+ | 127.0.0.1 | ||
+ | localhost | ||
+ | host.domain.tld | ||
+ | |||
+ | |||
+ | **/ | ||
+ | submission inet n | ||
+ | -o smtpd_tls_security_level=encrypt\\ | ||
+ | -o smtpd_sasl_auth_enable=yes\\ | ||
+ | -o smtpd_client_restrictions=permit_sasl_authenticated, | ||
+ | -o milter_macro_daemon_name=ORIGINATING\\ | ||
+ | ** -o syslog_name=postfix-submission**\\ | ||
+ | smtps | ||
+ | -o smtpd_tls_wrappermode=yes\\ | ||
+ | -o smtpd_sasl_auth_enable=yes\\ | ||
+ | -o smtpd_client_restrictions=permit_sasl_authenticated, | ||
+ | -o milter_macro_daemon_name=ORIGINATING\\ | ||