On 10.06.24 12:27, Gilgongo via Postfix-users wrote:
Hi - I've got a small mail server (~50 users) and our Postfix (3.6.4)
config is pretty old and confusing, and may not be doing things we want. So
I'd like to re-jig it. Here's how I think I'd like to have it:
1. Incoming mail (not from $mynetworks or sasl auth): RBL, SPF/DKIM
verification and SA (and maybe DMARC as not doing so currently).
2. Mail originating from $mynetworks and also from sasl-auth clients: DKIM
signing, SA, Rate/IP limiting (and maybe RBL checks? Not sure).
I think I can do that by having all our "global" settings in main.cf
https://pastebin.com/VKfNW0hu
and then specifying various extra bits and overrides in master.cf:
https://pastebin.com/Qcpt29PV
1.
I would put smtp restrictions to main.cf as smtpd_*_restrictions and
mua_*_restrictions
so I don't have to repeat them in master.cf
BTW I'm using a script (policyd.pl) that does weighted scoring for RBLs (as
well as SPF), which I'd prefer rather than doing that with Postfix directly.
2.
postscreen supports there and a few more, which helps against bots.
Just note that nobody should use port 25 for sending mail out.
3.
smtpd_recipient_restrictions = permit_mx_backup
avoid this whenever possible. Or at least define permit_mx_backup_networks
I've put a couple of questions in as comments in the configs - any
thoughts/suggestions very much appreciated! :-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
