Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
postfix:optimized-configuration [2010/01/26 08:52] greebo |
postfix:optimized-configuration [2013/09/12 15:40] (current) zagi |
**main.cf** | **main.cf** |
<code> | <code> |
# #soft_bounce = yes | #soft_bounce = yes |
smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http://www.rfc.net/rfc2821.html | smtpd_banner = $myhostname ESMTP (NO UCE)(NO UBE) http://www.rfc.net/rfc2821.html |
biff = no | biff = no |
| |
# Uncomment the next line to generate "delayed mail" warnings | # Uncomment the next line to generate "delayed mail" warnings |
# #delay_warning_time = 3h | #delay_warning_time = 3h |
| |
readme_directory = no | readme_directory = no |
<code> | <code> |
# TLS parameters | # TLS parameters |
tls_random_source = dev:/dev/urandom | smtp_tls_security_level=may |
smtpd_tls_cert_file=/etc/ssl/certs/server.crt | #obsoletes smtp_use_tls smtp_enforce_tls smtp_tls_enforce_peername |
smtpd_tls_key_file=/etc/ssl/private/server.key | smtp_tls_note_starttls_offer=yes |
| |
| smtp_tls_CApath = /etc/ssl/certs |
| |
| smtpd_tls_security_level=may |
| #obsoletes smtpd_use_tls smtpd_enforce_tls |
| |
| smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem |
| smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key |
| |
| smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem |
| smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key |
| |
| # debuging tls |
| smtp_tls_loglevel = 0 |
| smtpd_tls_loglevel = 0 |
| |
| smtpd_tls_auth_only=yes |
| smtpd_tls_received_header=yes |
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache |
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache |
| |
###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy | tls_random_source = dev:/dev/urandom |
smtp_tls_security_level = may | |
smtpd_tls_security_level = may | |
| |
| ###smtp_tls_policy_maps = hash:/etc/postfix/tls_policy |
###smtpd_tls_ask_ccert = yes | ###smtpd_tls_ask_ccert = yes |
###smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop | ###smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop |
| |
# debuging tls | |
# smtpd_tls_loglevel = 3 | |
| |
#obsolete#smtpd_use_tls=yes | |
| |
smtp_tls_note_starttls_offer = yes | smtp_tls_note_starttls_offer = yes |
smtpd_sasl_exceptions_networks = $mynetworks | smtpd_sasl_exceptions_networks = $mynetworks |
| |
smtpd_tls_auth_only = yes | |
smtpd_tls_received_header = yes | |
| |
smtpd_sasl_authenticated_header = no | smtpd_sasl_authenticated_header = no |
address_verify_sender = postar | address_verify_sender = postar |
address_verify_map = btree:$(data_directory)/verify | address_verify_map = btree:$(data_directory)/verify |
| |
| |
home_mailbox = Maildir/ | home_mailbox = Maildir/ |
| |
**/etc/postfix/bogon_networks** | **/etc/postfix/bogon_networks** |
0.0.0.0/8 REJECT IP address of MX host is a bogus address | <code> |
1.0.0.0/8 REJECT IP address of MX host is a bogus address | # http://www.cymru.com/Documents/bogon-bn-agg.txt |
2.0.0.0/8 REJECT IP address of MX host is a bogus address | 0.0.0.0/8 REJECT IP address of MX host is a bogus address |
5.0.0.0/8 REJECT IP address of MX host is a bogus address | 5.0.0.0/8 REJECT IP address of MX host is a bogus address |
10.0.0.0/8 REJECT IP address of MX host is a bogus address | 10.0.0.0/8 REJECT IP address of MX host is a bogus address |
14.0.0.0/8 REJECT IP address of MX host is a bogus address | 14.0.0.0/8 REJECT IP address of MX host is a bogus address |
23.0.0.0/8 REJECT IP address of MX host is a bogus address | 23.0.0.0/8 REJECT IP address of MX host is a bogus address |
27.0.0.0/8 REJECT IP address of MX host is a bogus address | 31.0.0.0/8 REJECT IP address of MX host is a bogus address |
31.0.0.0/8 REJECT IP address of MX host is a bogus address | 36.0.0.0/7 REJECT IP address of MX host is a bogus address |
36.0.0.0/8 REJECT IP address of MX host is a bogus address | 39.0.0.0/8 REJECT IP address of MX host is a bogus address |
37.0.0.0/8 REJECT IP address of MX host is a bogus address | 42.0.0.0/8 REJECT IP address of MX host is a bogus address |
39.0.0.0/8 REJECT IP address of MX host is a bogus address | 49.0.0.0/8 REJECT IP address of MX host is a bogus address |
42.0.0.0/8 REJECT IP address of MX host is a bogus address | 100.0.0.0/6 REJECT IP address of MX host is a bogus address |
46.0.0.0/8 REJECT IP address of MX host is a bogus address | 104.0.0.0/7 REJECT IP address of MX host is a bogus address |
49.0.0.0/8 REJECT IP address of MX host is a bogus address | 106.0.0.0/8 REJECT IP address of MX host is a bogus address |
50.0.0.0/8 REJECT IP address of MX host is a bogus address | 127.0.0.0/8 REJECT IP address of MX host is a bogus address |
100.0.0.0/8 REJECT IP address of MX host is a bogus address | 169.254.0.0/16 REJECT IP address of MX host is a bogus address |
101.0.0.0/8 REJECT IP address of MX host is a bogus address | 172.16.0.0/12 REJECT IP address of MX host is a bogus address |
102.0.0.0/8 REJECT IP address of MX host is a bogus address | 176.0.0.0/7 REJECT IP address of MX host is a bogus address |
103.0.0.0/8 REJECT IP address of MX host is a bogus address | 179.0.0.0/8 REJECT IP address of MX host is a bogus address |
104.0.0.0/8 REJECT IP address of MX host is a bogus address | 181.0.0.0/8 REJECT IP address of MX host is a bogus address |
105.0.0.0/8 REJECT IP address of MX host is a bogus address | 185.0.0.0/8 REJECT IP address of MX host is a bogus address |
106.0.0.0/8 REJECT IP address of MX host is a bogus address | 192.0.2.0/24 REJECT IP address of MX host is a bogus address |
107.0.0.0/8 REJECT IP address of MX host is a bogus address | 192.168.0.0/16 REJECT IP address of MX host is a bogus address |
108.0.0.0/8 REJECT IP address of MX host is a bogus address | 198.18.0.0/15 REJECT IP address of MX host is a bogus address |
109.0.0.0/8 REJECT IP address of MX host is a bogus address | 198.51.100.0/24 REJECT IP address of MX host is a bogus address |
110.0.0.0/8 REJECT IP address of MX host is a bogus address | 203.0.113.0/24 REJECT IP address of MX host is a bogus address |
111.0.0.0/8 REJECT IP address of MX host is a bogus address | 223.0.0.0/8 REJECT IP address of MX host is a bogus address |
127.0.0.0/8 REJECT IP address of MX host is a bogus address | 224.0.0.0/3 REJECT IP address of MX host is a bogus address |
169.254.0.0/16 REJECT IP address of MX host is a bogus address | </code> |
172.16.0.0/12 REJECT IP address of MX host is a bogus address | |
175.0.0.0/8 REJECT IP address of MX host is a bogus address | |
176.0.0.0/8 REJECT IP address of MX host is a bogus address | |
177.0.0.0/8 REJECT IP address of MX host is a bogus address | |
178.0.0.0/8 REJECT IP address of MX host is a bogus address | |
179.0.0.0/8 REJECT IP address of MX host is a bogus address | |
180.0.0.0/8 REJECT IP address of MX host is a bogus address | |
181.0.0.0/8 REJECT IP address of MX host is a bogus address | |
182.0.0.0/8 REJECT IP address of MX host is a bogus address | |
183.0.0.0/8 REJECT IP address of MX host is a bogus address | |
184.0.0.0/8 REJECT IP address of MX host is a bogus address | |
185.0.0.0/8 REJECT IP address of MX host is a bogus address | |
192.0.2.0/24 REJECT IP address of MX host is a bogus address | |
192.168.0.0/16 REJECT IP address of MX host is a bogus address | |
197.0.0.0/8 REJECT IP address of MX host is a bogus address | |
198.18.0.0/15 REJECT IP address of MX host is a bogus address | |
223.0.0.0/8 REJECT IP address of MX host is a bogus address | |
224.0.0.0/3 REJECT IP address of MX host is a bogus address | |
240.0.0.0/12 REJECT IP address of MX host is a reserved address | |
255.0.0.0/8 REJECT IP address of MX host is a bogus address | |
| |
**/etc/postfix/discard_ehelo_map** | **/etc/postfix/discard_ehelo_map** |