Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
postfix [2006/07/07 18:00] a |
postfix [2012/05/16 11:13] 188.143.232.12 PThVVgpknWKfyEHjx |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Postfix ====== | + | Jean-Marc: If my dicmaliser |
- | + | ||
- | ==== Useful links ==== | + | |
- | * [[http:// | + | |
- | * [[http:// | + | |
- | * [[http:// | + | |
- | * [[http:// | + | |
- | + | ||
- | ===== TODO ===== | + | |
- | * **berljivost clanka** | + | |
- | * **RAZLICNI SCENARIJI** | + | |
- | * vrstni red | + | |
- | * razlicni scenariji | + | |
- | * cyrus | + | |
- | * sender_mx_access | + | |
- | * rshbl check | + | |
- | * sender/ | + | |
- | * multiple <> bounces | + | |
- | * permit_backup_mx_network | + | |
- | * append_at_myorigin = yes | + | |
- | * append_dot_mydomain = yes | + | |
- | * pcre | + | |
- | !* IGNORE deletes lines in headers(? | + | |
- | unverified_recipient_reject_code = 550 | + | |
- | unverified_sender_reject_code = 550 | + | |
- | + | ||
- | ===== Different Setups ===== | + | |
- | * [[postfix: | + | |
- | * [[postfix: | + | |
- | * [[postfix: | + | |
- | * [[postfix: | + | |
- | * [[postfix: | + | |
- | + | ||
- | ===== Cool :) postifx hacks ===== | + | |
- | here are some tips .. | + | |
- | + | ||
- | ==== Hide internal/ | + | |
- | + | ||
- | See [[http:// | + | |
- | + | ||
- | header_checks = regexp:/ | + | |
- | + | ||
- | in that file you put | + | |
- | + | ||
- | # Header checks file | + | |
- | # /^Subject: Internet Sic Codes/ | + | |
- | # /^Subject: ADV / | + | |
- | /^received: / IGNORE | + | |
- | /^X-Sender: / IGNORE | + | |
- | /^Received: .*\[192\.168\.101\..*\]\)/ | + | |
- | /^Received: .*\[127\.0\.0\.1\]\)/ | + | |
- | + | ||
- | keeping only the headers that you want: | + | |
- | + | ||
- | / | + | |
- | /./ IGNORE | + | |
- | + | ||
- | + | ||
- | + | ||
- | ==== LMTP and over-quota ==== | + | |
- | '' | + | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | ---------------- | + | |
- | + | ||
- | ===== Unsorted stuff ===== | + | |
- | + | ||
- | owner_request_special = no | + | |
- | show_user_unknown_table_name = no | + | |
- | + | ||
- | # | + | |
- | reject_rhsbl_sender | + | |
- | + | ||
- | === | + | |
- | smtpd_error_sleep_time | + | |
- | + | ||
- | Time to wait in seconds before sending a 4xx or 5xx server error response. | + | |
- | + | ||
- | smtpd_soft_error_limit | + | |
- | + | ||
- | When an SMTP client has made this number of errors, wait error_count seconds before responding to any client request. | + | |
- | + | ||
- | smtpd_hard_error_limit | + | |
- | + | ||
- | Disconnect after a client has made this number of errors. | + | |
- | + | ||
- | smtpd_junk_command_limit | + | |
- | + | ||
- | Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. | + | |
- | === | + | |
- | + | ||
- | ============= | + | |
- | Also read this: | + | |
- | http:// | + | |
- | Quota with postfix/ | + | |
- | Postfix+Courier-IMAP+MySQL for multiple domains HOWTO | + | |
- | + | ||
- | ============ | + | |
- | #postfix on ircnet | + | |
- | + | ||
- | ''for testing purposes i need a complete catch-all setup that reroutes all incoming mails to /dev/null | + | |
- | + | ||
- | + | ||
- | tail .. master.cf: | + | |
- | devnull unix - | + | |
- | flags=R user=nobody argv=/ | + | |
- | where bin/devnull is something like | + | |
- | #!/bin/sh | + | |
- | cat > /dev/null | + | |
- | then set local_transport to devnull'' | + | |
- | + | ||
- | ============== | + | |
- | How to change sender/ | + | |
- | + | ||
- | canonical_maps = hash:/ | + | |
- | recipient_canonical_maps = | + | |
- | sender_canonical_maps = hash:/ | + | |
- | + | ||
- | / | + | |
- | @thisisfakedomain.foo | + | |
- | + | ||
- | / | + | |
- | # this server is sending, but not receiving e-mail | + | |
- | # so we reroute the error msgs to the postmaster :] | + | |
- | eVecer@[195.246.18.38] | + | |
- | + | ||
- | =========== | + | |
- | How to get all the e-mail that got from/to this server | + | |
- | always_bcc = root | + | |
- | ========== | + | |
- | smtpd_delay_reject delays all rejects to the RCPT TO: phase. It turned | + | |
- | out that many clients won't accept a REJECT after the (HELO|MAIL | + | |
- | FROM: | + | |
- | + | ||
- | ===== ABKO ==== | + | |
- | + | ||
- | check_*_mx_access cidr:/ | + | |
- | + | ||
- | 0.0.0.0/ | + | |
- | 10.0.0.0/ | + | |
- | 127.0.0.0/ | + | |
- | 169.254.0.0/ | + | |
- | 172.16.0.0/ | + | |
- | 192.0.2.0/ | + | |
- | 192.168.0/ | + | |
- | 224.0.0.0/ | + | |
- | 240.0.0.0/ | + | |
- | 248.0.0.0/ | + | |
- | + | ||
- | ========== | + | |
- | / | + | |
- | + | ||
- | alias_maps = hash:/ | + | |
- | alias_database = $alias_maps | + | |
- | + | ||
- | smtpd_banner = $myhostname ESMTP http://www.rfc.net/ | + | |
- | mail_name = smtpd | + | |
- | + | ||
- | # what kind of errors should postmaster receive | + | |
- | # notify_classes = resource, | + | |
- | # default is: notify_classes = resource, | + | |
- | + | ||
- | # postfix tries to get hostname from the system, but it usually failes, because the hostname | + | |
- | # is not FQDN | + | |
- | myhostname = host.domain.org | + | |
- | + | ||
- | # default is: | + | |
- | # myorigin = $myhostname | + | |
- | # mydomain = domain part of $myhostname | + | |
- | + | ||
- | # what domains are LOCAL to this server | + | |
- | # DO NOT list virtual domains here! | + | |
- | # Use virtual_maps for virtual domains | + | |
- | mydestination = $myhostname, | + | |
- | + | ||
- | + | ||
- | # | + | |
- | + | ||
- | # | + | |
- | # for Mailman Mailing-list | + | |
- | + | ||
- | # virtual domains | + | |
- | virtual_maps = hash:/ | + | |
- | + | ||
- | # Reject unknown local/ | + | |
- | # proxy (v2.x) local_recipient_maps = proxy: | + | |
- | local_recipient_maps = unix: | + | |
- | + | ||
- | mynetworks = 127.0.0.0/8 192.168.0.0/ | + | |
- | mynetworks_style = host | + | |
- | + | ||
- | mailbox_size_limit = 0 | + | |
- | recipient_delimiter = + | + | |
- | + | ||
- | # Maildir format | + | |
- | # if you use Courier IMAP/POP | + | |
- | home_mailbox = Maildir/ | + | |
- | + | ||
- | #if you use maildrop | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | delay_warning_time = 3h | + | |
- | + | ||
- | smtpd_helo_required = yes | + | |
- | biff = no | + | |
- | disable_vrfy_command = yes | + | |
- | strict_rfc821_envelopes = no | + | |
- | + | ||
- | transport_maps = hash:/ | + | |
- | message_size_limit = 40960000 | + | |
- | + | ||
- | maps_rbl_domains = | + | |
- | list.dsbl.org, | + | |
- | relays.ordb.org | + | |
- | + | ||
- | body_checks = regexp:/ | + | |
- | header_checks = regexp:/ | + | |
- | + | ||
- | # smart-relay server | + | |
- | # probably smtp server of your ISP | + | |
- | #relayhost = [smtp.isp.com] | + | |
- | + | ||
- | # smtp server to use if we get errors sending directly | + | |
- | # | + | |
- | + | ||
- | # use it to TEST(!) your new config | + | |
- | # smtp will issue 4xx (temporary error) instead of 5xx (permanent) thus allowing | + | |
- | # transmission later | + | |
- | # | + | |
- | + | ||
- | #broken PIX/cisco firewall | + | |
- | # | + | |
- | + | ||
- | smtpd_client_restrictions = hash:/ | + | |
- | + | ||
- | smtpd_helo_restrictions = hash:/ | + | |
- | + | ||
- | smtpd_sender_restrictions = | + | |
- | regexp:/ | + | |
- | + | ||
- | smtpd_recipient_restrictions = | + | |
- | # | + | |
- | reject_non_fqdn_sender, | + | |
- | reject_non_fqdn_recipient, | + | |
- | reject_unknown_sender_domain, | + | |
- | reject_unknown_recipient_domain, | + | |
- | permit_mynetworks, | + | |
- | # | + | |
- | reject_rbl_client relays.ordb.org | + | |
- | reject_rbl_client list.dsbl.org | + | |
- | reject_rbl_client dnsbl.sorbs.net | + | |
- | reject_unauth_destination | + | |
- | + | ||
- | smtpd_data_restrictions = | + | |
- | reject_unauth_pipelining | + | |
- | + | ||
- | # | + | |
- | + | ||
- | + | ||
- | # Make domain resolving errors permanent....fatal X-) | + | |
- | # | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | + | ||
- | #### | + | |
- | / | + | |
- | # amis | + | |
- | 212.18.32.4 | + | |
- | 212.18.32.14 | + | |
- | # triera | + | |
- | 213.161.0.24 | + | |
- | 213.161.0.25 | + | |
- | # volja | + | |
- | 217.72.64.59 | + | |
- | 217.72.64.60 | + | |
- | # softnet | + | |
- | 212.103.128.68 | + | |
- | # mojnet | + | |
- | 212.93.226.6 | + | |
- | # telemach | + | |
- | 213.143.65.10 | + | |
- | # netsi | + | |
- | 212.72.100.100 | + | |
- | # siol | + | |
- | 193.189.160.25 | + | |
- | 193.189.160.18 | + | |
- | # perftech | + | |
- | 195.246.0.20 | + | |
- | 195.246.0.21 | + | |
- | 195.246.0.22 | + | |
- | # arnes | + | |
- | 193.2.1.74 | + | |
- | 193.2.1.75 | + | |
- | # | + | |
- | BSN-77-157-5.dsl.siol.net | + | |
- | 193.77.157.5 | + | |
- | # | + | |
- | dsl.siol.net | + | |
- | dial-up.siol.net | + | |
- | dial-up.volja.net | + | |
- | dial.netsi.net | + | |
- | dial-up.arnes.si | + | |
- | dial-up.moj.net | + | |
- | dialup.amis.net | + | |
- | adsl.amis.net | + | |
- | cable.triera.net | + | |
- | + | ||
- | dsl.net | + | |
- | + | ||
- | / | + | |
- | / | + | |
- | / | + | |
- | / | + | |
- | / | + | |
- | + | ||
- | / | + | |
- | your_fqdn_hostname_here | + | |
- | A.B.C.D | + | |
- | [A.B.C.D] | + | |
- | + | ||
- | + | ||
- | / | + | |
- | virtual_domain.com whatever_that_is_not_used | + | |
- | abuse@virtual_domain.com root | + | |
- | postmaster@virtual_domain.com root | + | |
- | hostmaster@virtual_domain.com root | + | |
- | fu@virtual_domain.com other@email.com | + | |
- | fuu@virtual_domain.com local_user | + | |
- | + | ||
- | # all e-mails go into one/single mbox | + | |
- | v_domain.org whatever_that_is_not_used | + | |
- | @v_domain.org hegetsallmailfor@domena.org | + | |
- | + | ||
- | / | + | |
- | # NIMDA | + | |
- | / | + | |
- | / | + | |
- | # | + | |
- | / | + | |
- | # | + | |
- | / | + | |
- | # SIRCAM | + | |
- | #/ | + | |
- | # HYBRIS | + | |
- | #/ | + | |
- | # ALIZ | + | |
- | #/ | + | |
- | # SPAM | + | |
- | #/ | + | |
- | #NextPart | + | |
- | #/ | + | |
- | + | ||
- | + | ||
- | / | + | |
- | + | ||
- | / | + | |
- | /^begin [0-9]+*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse)/ | + | |
- | / | + | |
- | / | + | |
- | # Win32.Klez.Worm.H | + | |
- | / | + | |
- | /< | + | |
- | + | ||
- | #or even more restrictive: | + | |
- | /< | + | |
- | / | + |