Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
postfix [2006/03/11 12:02]
greebo
postfix [2012/07/31 12:45] (current)
greebo old revision restored
Line 1: Line 1:
 ====== Postfix ====== ====== Postfix ======
 +
 +
 ==== Useful links ==== ==== Useful links ====
   * [[http://www.securitysage.com/antispam/]]   * [[http://www.securitysage.com/antispam/]]
 +  * [[http://openrbl.org/|OpenRBL check]]
 +  * [[http://www.rfc-ignorant.org/]]
 +  * [[http://www.acme.com/mail_filtering/]]
 +  * [[http://www.pantz.org/os/openbsd/postfix-spamd-dovecot.shtml|Some useful postfix rules]]
 +  * [[http://blog.dkorunic.net/|Spam Ninjas - Dinko Korunic’s blog]]
 +
  
 ===== TODO ===== ===== TODO =====
   * **berljivost clanka**   * **berljivost clanka**
 +  * **RAZLICNI SCENARIJI**
   * vrstni red   * vrstni red
   * razlicni scenariji   * razlicni scenariji
Line 19: Line 28:
   unverified_recipient_reject_code = 550   unverified_recipient_reject_code = 550
   unverified_sender_reject_code = 550   unverified_sender_reject_code = 550
 +
 +
 +
 +smtpd_discard_ehlo_keywords = silent-discard, ETRN  VRFY
 +
 +===== Different Setups =====
 +  * [[postfix:mx|Postfix as MX server]]
 +  * [[postfix:smtp|Postfix as SMTP relay]]
 +  * [[postfix:smtp-auth|Postfix with SMTP-auth]]
 +  * [[postfix:asrelay|Postfix as relaying server (to Exchaneg/Domino)]]
 +  * [[postfix:advance|Advance postfix hacks]]
  
  
 ===== Cool :) postifx hacks ===== ===== Cool :) postifx hacks =====
 here are some tips .. here are some tips ..
 +
 +==== Making postfix only send through 'smart relayhost' when direct connection is not available ====
 +
 +I use this construction to have a fallback option when the direct connected ADSL-line is down: replace '**''relayhost''**' in '**main.cf**' by '**''smtp_fallback_relay''**'.
  
 ==== Hide internal/intranet address ==== ==== Hide internal/intranet address ====
Line 44: Line 68:
     /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK     /^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK
     /./ IGNORE     /./ IGNORE
 +
  
  
Line 50: Line 75:
 ''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.'' ''Be aware that if your IMAP server receives messages over LMTP, over-quota situations won't be discovered until after Postfix has accepted the message, so it will have to be bounced. If you want to reject mail for users over their quotas, you'll have to use an access table listing users who are over their quotas.''
  
 +2008-02-06 (b) Not necessarily. If you use reject_unverified_recipient, cyrus LMTP rejects mail for over-quota mailbox and Postfix rejects them at SMTP stage.
  
 +----------------
  
  
----------------- 
  
 ===== Unsorted stuff ===== ===== Unsorted stuff =====
Line 80: Line 106:
 Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays. Limit the number of times a client can issue a junk command such as NOOP, VRFY, ETRN or RSET in one SMTP session before it is penalized with tarpit delays.
 === ===
 +tired of  "postfix/smtpd : OTP unavailable because can't read/write key database"
 +
 +add to /etc/postfix/sasl/smtp.conf 
 +
 +mechlist: plain login crammd5 digestmd5
 +
 +or try this:
 +cd /usr/lib/sasl2
 +mkdir deactivated
 +mv *otp* deactivated
 +# for good measure
 +mv *ntlm* deactivated
 +
  
 ============= =============
Line 138: Line 177:
  240.0.0.0/5 REJECT Domain MX in class E reserved network  240.0.0.0/5 REJECT Domain MX in class E reserved network
  248.0.0.0/5 REJECT Domain MX in reserved network  248.0.0.0/5 REJECT Domain MX in reserved network
 +
 +source - IPv4 bogon list - http://www.cymru.com/Documents/bogon-bn-agg.txt
  
 ========== ==========
Line 300: Line 341:
  
   dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!   dsl.net                 554 Use smtp.dsl.net as outgoing e-mail server!
 +
 +
 +**B wrote**
 +To matchne vsak hostname, v katerem se pojavi ".dsl."
 +
 +ali ce hoces bit natancen:
 +/^.*\.dsl\..*$/ (^ in $ sta zacetek in konec stringa, na zacetku in koncu stringa je lahko karkoli (.*), nekje v stringu pa je tudi ".dsl.")
 +
  
 /etc/postfix/sender_checks /etc/postfix/sender_checks
postfix.1142074965.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready