Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
postfix [2006/03/07 06:48] greebo |
postfix [2012/07/31 12:45] (current) greebo old revision restored |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Postfix ====== | ====== Postfix ====== | ||
+ | |||
+ | |||
==== Useful links ==== | ==== Useful links ==== | ||
* [[http:// | * [[http:// | ||
- | + | * [[http:// | |
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
===== TODO ===== | ===== TODO ===== | ||
* **berljivost clanka** | * **berljivost clanka** | ||
+ | * **RAZLICNI SCENARIJI** | ||
* vrstni red | * vrstni red | ||
* razlicni scenariji | * razlicni scenariji | ||
Line 19: | Line 25: | ||
* append_dot_mydomain = yes | * append_dot_mydomain = yes | ||
* pcre | * pcre | ||
- | * IGNORE deletes lines in headers(?) | + | |
unverified_recipient_reject_code = 550 | unverified_recipient_reject_code = 550 | ||
unverified_sender_reject_code = 550 | unverified_sender_reject_code = 550 | ||
+ | |||
+ | smtpd_discard_ehlo_keywords = silent-discard, | ||
+ | |||
+ | ===== Different Setups ===== | ||
+ | * [[postfix: | ||
+ | * [[postfix: | ||
+ | * [[postfix: | ||
+ | * [[postfix: | ||
+ | * [[postfix: | ||
Line 29: | Line 44: | ||
here are some tips .. | here are some tips .. | ||
- | ==== Hide internal address ==== | + | ==== Making postfix only send through 'smart relayhost' |
+ | |||
+ | I use this construction to have a fallback option when the direct connected ADSL-line is down: replace ' | ||
+ | |||
+ | ==== Hide internal/ | ||
See [[http:// | See [[http:// | ||
Line 42: | Line 61: | ||
/^received: / IGNORE | /^received: / IGNORE | ||
/^X-Sender: / IGNORE | /^X-Sender: / IGNORE | ||
+ | /^Received: .*\[192\.168\.101\..*\]\)/ | ||
+ | /^Received: .*\[127\.0\.0\.1\]\)/ | ||
+ | |||
+ | keeping only the headers that you want: | ||
+ | |||
+ | / | ||
+ | /./ IGNORE | ||
+ | |||
+ | |||
- | **Still looking for a better way?!** | ||
==== LMTP and over-quota ==== | ==== LMTP and over-quota ==== | ||
'' | '' | ||
+ | 2008-02-06 (b) Not necessarily. If you use reject_unverified_recipient, | ||
+ | ---------------- | ||
- | ---------------- | ||
===== Unsorted stuff ===== | ===== Unsorted stuff ===== | ||
Line 78: | Line 106: | ||
Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. | Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. | ||
=== | === | ||
+ | tired of " | ||
+ | |||
+ | add to / | ||
+ | |||
+ | mechlist: plain login crammd5 digestmd5 | ||
+ | |||
+ | or try this: | ||
+ | cd / | ||
+ | mkdir deactivated | ||
+ | mv *otp* deactivated | ||
+ | # for good measure | ||
+ | mv *ntlm* deactivated | ||
+ | |||
============= | ============= | ||
Line 121: | Line 162: | ||
out that many clients won't accept a REJECT after the (HELO|MAIL | out that many clients won't accept a REJECT after the (HELO|MAIL | ||
FROM: | FROM: | ||
+ | |||
+ | ===== ABKO ==== | ||
+ | |||
+ | check_*_mx_access cidr:/ | ||
+ | |||
+ | 0.0.0.0/ | ||
+ | 10.0.0.0/ | ||
+ | 127.0.0.0/ | ||
+ | 169.254.0.0/ | ||
+ | 172.16.0.0/ | ||
+ | 192.0.2.0/ | ||
+ | 192.168.0/ | ||
+ | 224.0.0.0/ | ||
+ | 240.0.0.0/ | ||
+ | 248.0.0.0/ | ||
+ | |||
+ | source - IPv4 bogon list - http:// | ||
========== | ========== | ||
Line 215: | Line 273: | ||
smtpd_recipient_restrictions = | smtpd_recipient_restrictions = | ||
- | reject_unauth_pipelining, | + | # reject_unauth_pipelining, |
reject_non_fqdn_sender, | reject_non_fqdn_sender, | ||
reject_non_fqdn_recipient, | reject_non_fqdn_recipient, | ||
Line 226: | Line 284: | ||
reject_rbl_client dnsbl.sorbs.net | reject_rbl_client dnsbl.sorbs.net | ||
reject_unauth_destination | reject_unauth_destination | ||
+ | |||
+ | smtpd_data_restrictions = | ||
+ | reject_unauth_pipelining | ||
# | # | ||
Line 238: | Line 299: | ||
#### | #### | ||
/ | / | ||
- | # amis | + | |
- | 212.18.32.4 | + | 212.18.32.4 |
- | 212.18.32.14 | + | 212.18.32.14 |
- | # triera | + | # triera |
- | 213.161.0.24 | + | 213.161.0.24 |
- | 213.161.0.25 | + | 213.161.0.25 |
- | # volja | + | # volja |
- | 217.72.64.59 | + | 217.72.64.59 |
- | 217.72.64.60 | + | 217.72.64.60 |
- | # softnet | + | # softnet |
- | 212.103.128.68 | + | 212.103.128.68 |
- | # mojnet | + | # mojnet |
- | 212.93.226.6 | + | 212.93.226.6 |
- | # telemach | + | # telemach |
- | 213.143.65.10 | + | 213.143.65.10 |
- | # netsi | + | # netsi |
- | 212.72.100.100 | + | 212.72.100.100 |
- | # siol | + | # siol |
- | 193.189.160.25 | + | 193.189.160.25 |
- | 193.189.160.18 | + | 193.189.160.18 |
- | # perftech | + | # perftech |
- | 195.246.0.20 | + | 195.246.0.20 |
- | 195.246.0.21 | + | 195.246.0.21 |
- | 195.246.0.22 | + | 195.246.0.22 |
- | # arnes | + | # arnes |
- | 193.2.1.74 | + | 193.2.1.74 |
- | 193.2.1.75 | + | 193.2.1.75 |
- | # | + | # |
- | BSN-77-157-5.dsl.siol.net | + | BSN-77-157-5.dsl.siol.net |
- | 193.77.157.5 | + | 193.77.157.5 |
- | # | + | # |
- | dsl.siol.net | + | dsl.siol.net |
- | dial-up.siol.net | + | dial-up.siol.net |
- | dial-up.volja.net | + | dial-up.volja.net |
- | dial.netsi.net | + | dial.netsi.net |
- | dial-up.arnes.si | + | dial-up.arnes.si |
- | dial-up.moj.net | + | dial-up.moj.net |
- | dialup.amis.net | + | dialup.amis.net |
- | adsl.amis.net | + | adsl.amis.net |
- | cable.triera.net | + | cable.triera.net |
+ | |||
+ | dsl.net | ||
+ | |||
+ | |||
+ | **B wrote** | ||
+ | To matchne vsak hostname, v katerem se pojavi " | ||
+ | |||
+ | ali ce hoces bit natancen: | ||
+ | / | ||
- | dsl.net | ||
/ | / | ||
- | / | + | |
- | / | + | / |
- | / | + | / |
- | / | + | / |
/ | / | ||
- | your_fqdn_hostname_here | + | |
+ | A.B.C.D | ||
+ | [A.B.C.D] | ||
- | / | ||
- | virtual_domain.com whatever_that_is_not_used | ||
- | abuse@virtual_domain.com root | ||
- | postmaster@virtual_domain.com root | ||
- | hostmaster@virtual_domain.com root | ||
- | fu@virtual_domain.com other@email.com | ||
- | fuu@virtual_domain.com local_user | ||
- | # all e-mails go into one/single mbox | + | / |
- | v_domain.org whatever_that_is_not_used | + | virtual_domain.com whatever_that_is_not_used |
- | @v_domain.org hegetsallmailfor@domena.org | + | abuse@virtual_domain.com root |
+ | postmaster@virtual_domain.com root | ||
+ | hostmaster@virtual_domain.com root | ||
+ | fu@virtual_domain.com other@email.com | ||
+ | fuu@virtual_domain.com local_user | ||
+ | |||
+ | | ||
+ | v_domain.org whatever_that_is_not_used | ||
+ | @v_domain.org hegetsallmailfor@domena.org | ||
/ | / | ||
- | # NIMDA | + | |
- | / | + | / |
- | / | + | / |
- | # | + | # |
- | / | + | / |
- | # | + | # |
- | / | + | / |
- | # SIRCAM | + | # SIRCAM |
- | #/ | + | #/ |
- | # HYBRIS | + | # HYBRIS |
- | #/ | + | #/ |
- | # ALIZ | + | # ALIZ |
- | #/ | + | #/ |
- | # SPAM | + | # SPAM |
- | #/ | + | #/ |
- | #NextPart | + | #NextPart |
- | #/ | + | #/ |
/ | / | ||
- | / | + | / |
/^begin [0-9]+*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse)/ | /^begin [0-9]+*\.(scr|pif|exe|com|bat|shs|shb|vxd|rm|chm|vbs|ini|cmd|hta|reg|lnk|js|jse)/ | ||
/ | / | ||
Line 333: | Line 405: | ||
#or even more restrictive: | #or even more restrictive: | ||
- | /< | + | |
+ | / |