Differences

This shows you the differences between two versions of the page.

--- postfix:optimized-configuration [2009/03/26 11:02]
a
+++ postfix:optimized-configuration [2013/09/12 15:40] (current)
zagi
@@ Line 1: / Line 1: @@
 **main.cf**
 <code>
-soft_bounce = yes
+#soft_bounce = yes
 smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http://www.rfc.net/rfc2821.html
 biff = no
@@ Line 9: / Line 9: @@
 # Uncomment the next line to generate "delayed mail" warnings
-delay_warning_time = 3h
+#delay_warning_time = 3h
 readme_directory = no
-#sample_directory
+html_directory = no
 myorigin = $myhostname
@@ Line 28: / Line 28: @@
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
+sender_canonical_maps = hash:/etc/postfix/canonical_sender
+recipient_canonical_maps = hash:/etc/postfix/canonical_recipient
+allow_percent_hack = no
+swap_bangpath = no
 virtual_maps = hash:/etc/postfix/virtual
@@ Line 40: / Line 46: @@
 <code>
 # TLS parameters
-tls_random_source = dev:/dev/urandom
+smtp_tls_security_level=may
-smtpd_tls_cert_file=/etc/ssl/certs/server.crt
+#obsoletes smtp_use_tls smtp_enforce_tls  smtp_tls_enforce_peername
-smtpd_tls_key_file=/etc/ssl/private/server.key
+smtp_tls_note_starttls_offer=yes
+smtp_tls_CApath = /etc/ssl/certs
+smtpd_tls_security_level=may
+#obsoletes  smtpd_use_tls smtpd_enforce_tls
+smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+# debuging tls
+smtp_tls_loglevel = 0
+smtpd_tls_loglevel = 0
+smtpd_tls_auth_only=yes
+smtpd_tls_received_header=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+tls_random_source = dev:/dev/urandom
-smtp_tls_security_level = may
-smtpd_tls_security_level = may
+###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
 ###smtpd_tls_ask_ccert = yes
 ###smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
-# debuging tls
-# smtpd_tls_loglevel = 3
-#obsolete#smtpd_use_tls=yes
 smtp_tls_note_starttls_offer = yes
@@ Line 68: / Line 87: @@
 smtpd_sasl_exceptions_networks = $mynetworks
-smtpd_tls_auth_only = yes
-smtpd_tls_received_header = yes
+ smtpd_sasl_authenticated_header = no
 </code>
@@ Line 80: / Line 99: @@
 recipient_delimiter = +
 inet_interfaces = all
-inet_protocols = ipv4
+inet_protocols = all
 smtpd_restriction_classes = permissive, rblcheck, greylisting, nodynamic_client, check_policyd_weight, verify_sender
@@ Line 95: / Line 114: @@
 greylisting =
         permit_mynetworks,
+        permit_sasl_authenticated,
         check_recipient_access hash:/etc/postfix/whitelist_greylist_recipient,
         check_policy_service inet:127.0.0.1:60000
@@ Line 103: / Line 123: @@
 check_policyd_weight =
+        check_client_access hash:/etc/postfix/whitelist_policydweight_clients
         check_recipient_access hash:/etc/postfix/whitelist_policydweight_recipient,
         check_policy_service inet:127.0.0.1:12525
@@ Line 118: / Line 139: @@
 smtpd_helo_restrictions =
+        check_client_access hash:/etc/postfix/whitelist_helo_clients
         hash:/etc/postfix/helo_checks
+        permit_sasl_authenticated
+        permit_mynetworks
+        warn_if_reject reject_invalid_hostname
+        warn_if_reject reject_non_fqdn_hostname
+        warn_if_reject reject_unknown_hostname
 smtpd_etrn_restrictions=
@@ Line 124: / Line 151: @@
         reject
-smtpd_sender_restrictions =
+#smtpd_sender_login_maps =  ldap:ldap_accounts, ldap:ldap_alias
+#smtpd_sender_restrictions = reject_sender_login_mismatch
 smtpd_recipient_restrictions =
@@ Line 150: / Line 179: @@
 content_filter = smtp-amavis:[127.0.0.1]:10024
-lmtp_send_xforward_command = yes
+#already in master.cf:
-smtp_send_xforward_command = yes
+#lmtp_send_xforward_command = yes
+#smtp_send_xforward_command = yes
 hash_queue_depth = 1
@@ Line 158: / Line 188: @@
 address_verify_sender = postar
 address_verify_map = btree:$(data_directory)/verify
 home_mailbox = Maildir/
@@ Line 170: / Line 201: @@
 unverified_sender_reject_code = 550
-smtpd_error_sleep_time = 0s
+smtpd_error_sleep_time = 3s
 smtpd_soft_error_limit = 5
 smtpd_hard_error_limit = 10
@@ Line 240: / Line 271: @@
 **/etc/postfix/bogon_networks**
-.0.0.0/8       REJECT IP address of MX host is a bogus address
+<code>
-.0.0.0/8       REJECT IP address of MX host is a bogus address
+# http://www.cymru.com/Documents/bogon-bn-agg.txt
 .0.0.0/8       REJECT IP address of MX host is a bogus address
 .0.0.0/8       REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/7      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
 .0.0.0/8      REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/6     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/7     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8      REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.254.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.16.0.0/12   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/7     REJECT IP address of MX host is a bogus address
 .0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
 .0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.2.0/24    REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.168.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.18.0.0/15   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.51.100.0/24 REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.113.0/24  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
+.0.0.0/3     REJECT IP address of MX host is a bogus address
-.254.0.0/16  REJECT IP address of MX host is a bogus address
+</code>
-.16.0.0/12   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.2.0/24    REJECT IP address of MX host is a bogus address
-.168.0.0/16  REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.18.0.0/15   REJECT IP address of MX host is a bogus address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
-.0.0.0/3     REJECT IP address of MX host is a bogus address
-.0.0.0/12    REJECT IP address of MX host is a reserved address
-.0.0.0/8     REJECT IP address of MX host is a bogus address
 **/etc/postfix/discard_ehelo_map**
   # borken_tls_smtp_host  starttls, silent-discard
 .189.160.1     starttls, silent-discard
+**/etc/postfix/canonical_recipient**
+  username@mydomain      myemail
+**/etc/postfix/whitelist_helo_clients**
+.0.0.1               OK\\
+localhost               OK\\
+host.domain.tld        OK\\
+**/etc/postfix/master.cf**
+submission inet n       -       -       -       -       smtpd\\
+  -o smtpd_tls_security_level=encrypt\\
+  -o smtpd_sasl_auth_enable=yes\\
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\\
+  -o milter_macro_daemon_name=ORIGINATING\\
+**  -o syslog_name=postfix-submission**\\
+smtps     inet  n       -       -       -       -       smtpd\\
+  -o smtpd_tls_wrappermode=yes\\
+  -o smtpd_sasl_auth_enable=yes\\
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\\
+  -o milter_macro_daemon_name=ORIGINATING\\