[[postfix]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
postfix [2006/03/08 09:05]
greebo 		postfix [2012/07/31 12:45] (current)
greebo old revision restored
Line 1: Line 1:
 ====== Postfix ====== ====== Postfix ======
 +
 +
 ==== Useful links ==== ==== Useful links ====
   * [[http://www.securitysage.com/antispam/]]   * [[http://www.securitysage.com/antispam/]]
 +  * [[http://openrbl.org/|OpenRBL check]]
 +  * [[http://www.rfc-ignorant.org/]]
 +  * [[http://www.acme.com/mail_filtering/]]
 +  * [[http://www.pantz.org/os/openbsd/postfix-spamd-dovecot.shtml|Some useful postfix rules]]
 +  * [[http://blog.dkorunic.net/|Spam Ninjas - Dinko Korunic’s blog]]
 +
  
 ===== TODO ===== ===== TODO =====
   * **berljivost clanka**   * **berljivost clanka**
 +  * **RAZLICNI SCENARIJI**
   * vrstni red   * vrstni red
   * razlicni scenariji   * razlicni scenariji
Line 19: Line 28:
   unverified_recipient_reject_code = 550   unverified_recipient_reject_code = 550
   unverified_sender_reject_code = 550   unverified_sender_reject_code = 550
 +
 +
 +
 +smtpd_discard_ehlo_keywords = silent-discard, ETRN  VRFY
 +
 +===== Different Setups =====
 +  * [[postfix:mx|Postfix as MX server]]
 +  * [[postfix:smtp|Postfix as SMTP relay]]
 +  * [[postfix:smtp-auth|Postfix with SMTP-auth]]
 +  * [[postfix:asrelay|Postfix as relaying server (to Exchaneg/Domino)]]
 +  * [[postfix:advance|Advance postfix hacks]]
  
  
 ===== Cool :) postifx hacks ===== ===== Cool :) postifx hacks =====
 here are some tips .. here are some tips ..
 +
 +==== Making postfix only send through 'smart relayhost' when direct connection is not available ====
 +
 +I use this construction to have a fallback option when the direct connected ADSL-line is down: replace '**''relayhost''**' in '**main.cf**' by '**''smtp_fallback_relay''**'.
  
 ==== Hide internal/intranet address ==== ==== Hide internal/intranet address ====
Line 44: Line 68:
     /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK     /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK
     /./ IGNORE     /./ IGNORE
 +
  
  
Line 50: Line 75:
 ''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.'' ''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.''
  
 +2008-02-06 (b) Not necessarily. If you use reject_unverified_recipient, cyrus LMTP rejects mail for over-quota mailbox and Postfix rejects them at SMTP stage.
  
 +----------------
  
  
----------------- 
  
 ===== Unsorted stuff ===== ===== Unsorted stuff =====
Line 80: Line 106:
 Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays.
 === ===
 +tired of  "postfix/smtpd : OTP unavailable because can't read/write key database"
 +
 +add to /etc/postfix/sasl/smtp.conf 
 +
 +mechlist: plain login crammd5 digestmd5
 +
 +or try this:
 +cd /usr/lib/sasl2
 +mkdir deactivated
 +mv *otp* deactivated
 +# for good measure
 +mv *ntlm* deactivated
 +
  
 ============= =============
Line 123: Line 162:
 out that many clients won't accept a REJECT after the (HELO|MAIL out that many clients won't accept a REJECT after the (HELO|MAIL
 FROM:connect) and would return every second. FROM:connect) and would return every second.
 +
 +===== ABKO ====
 +
 +check_*_mx_access cidr:/etc/postfix/sender_mx_access.cidr
 +
 + 0.0.0.0/8 REJECT Domain MX in broadcast network
 + 10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
 + 127.0.0.0/8 REJECT Domain MX in loopback network
 + 169.254.0.0/16 REJECT Domain MX in link local network
 + 172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
 + 192.0.2.0/24 REJECT Domain MX in TEST-NET network
 + 192.168.0/16 REJECT Domain MX in RFC 1918 private network
 + 224.0.0.0/4 REJECT Domain MX in class D multicast network
 + 240.0.0.0/5 REJECT Domain MX in class E reserved network
 + 248.0.0.0/5 REJECT Domain MX in reserved network
 +
 +source - IPv4 bogon list - http://www.cymru.com/Documents/bogon-bn-agg.txt
  
 ========== ==========
Line 217: Line 273:
  
 smtpd_recipient_restrictions = smtpd_recipient_restrictions =
- reject_unauth_pipelining,+# reject_unauth_pipelining, http://www.irbs.net/internet/postfix/0311/1455.html
  reject_non_fqdn_sender,  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,  reject_non_fqdn_recipient,
Line 228: Line 284:
  reject_rbl_client dnsbl.sorbs.net  reject_rbl_client dnsbl.sorbs.net
  reject_unauth_destination  reject_unauth_destination
 +
 +smtpd_data_restrictions = 
 + reject_unauth_pipelining
  
 #mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp #mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
Line 282: Line 341:
  
   dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!   dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!
 +
 +
 +**B wrote**
 +To matchne vsak hostname, v katerem se pojavi ".dsl."
 +
 +ali ce hoces bit natancen:
 +/^.*\.dsl\..*$/ (^ in $ sta zacetek in konec stringa, na zacetku in koncu stringa je lahko karkoli (.*), nekje v stringu pa je tudi ".dsl.")
 +
  
 /etc/postfix/sender_checks /etc/postfix/sender_checks
postfix.1141805123.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready