Hi list.
I am a novice postmaster that started a email server last year.
There is nothing wrong that I can currently tell but I am the only user
and there is only so much that I can test.
Here are my config files, I am curious to know what seasoned postmasters
think.
MAIN.CF---------------------------------
|# General server settings
myhostname = EMAIL.BROKER
mydomain = EMAIL.BROKER
myorigin = EMAIL.BROKER
mydestination = localhost
mynetworks = 127.0.0.1
inet_interfaces = all
inet_protocols = ipv4
compatibility_level=3.6
# SMTPd SERVER Settings
smtpd_banner = EMAIL.BROKER ESMTP
# Error reporting
error_notice_recipient = postmaster@email.broker
notify_classes = bounce, delay, policy, protocol, resource, software
# SMTP CLIENT SETTINGS
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtp_tls_loglevel = 1
# https://www.postfix.org/header_checks.5.html
# FILTERS WHILE DELIVERING MAIL
smtp_header_checks = regexp:/etc/postfix/outgoing_header_checks
smtp_mime_header_checks = regexp:/etc/postfix/outgoing_header_checks
# LMTP settings
lmtp_sasl_security_options= noanonymous
# SMTPd SERVER TLS/SSL Settings
tls_daemon_random_bytes = 64
tls_random_bytes = 64
smtpd_tls_cert_file = /etc/letsencrypt/live/email.broker/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/email.broker/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = >=TLSv1.2
# SASL settings
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
# Moved to master.cf
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = no
# http://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline
smtpd_forbid_bare_newline = yes
# COMMENTED OUT: Supposed to be handled by RSPAMD.
#rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map
# INCOMING connection restrictions
# Client restrictions
smtpd_client_auth_rate_limit = 1
smtpd_client_restrictions =
reject_unauth_pipelining,
# Supposed to be handled by RSPAMD.
# reject_rhsbl_sender <api_key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
# reject_rhsbl_helo <api_key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
# reject_rhsbl_reverse_client
<api_key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
# reject_rhsbl_sender <api_key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
# reject_rhsbl_helo <api_key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
# reject_rhsbl_reverse_client
<api_key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
# reject_rbl_client <api_key>.zen.dq.spamhaus.net=127.0.0.[2..255]
reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining,
check_reverse_client_hostname_access
mysql:/etc/postfix/mysql-ptr_rejections.cf,
check_client_access mysql:/etc/postfix/mysql-ptr_rejections.cf
# HELO restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
check_helo_access mysql:/etc/postfix/mysql-helo_access.cf
# DELAYS
# Limit errors allowed by clients before slowing down server responses.
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 5
smtpd_error_sleep_time = 10
# Wait until the RCPT TO command before evaluating
$smtpd_client_restrictions, $smtpd_helo_restrictions and
$smtpd_sender_restrictions, or wait until the ETRN command before
evaluating $sm>
smtpd_delay_reject = no
# Postpone the start of an SMTP mail transaction until a valid RCPT TO
command is received.
smtpd_delay_open_until_valid_rcpt = no
# The maximal number of connection attempts any client is allowed to
make to this service per time unit.
smtpd_client_connection_rate_limit = 10
# The maximal number of new (i.e., uncached) TLS sessions that a remote
SMTP client is allowed to negotiate with this service per time unit.
smtpd_client_new_tls_session_rate_limit = 5
# Alias settings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
# Virtual Mailbox settings
virtual_mailbox_base = /var/vmail/
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
mysql:/etc/postfix/mysql-email2email.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-email2email.cf,
mysql:/etc/postfix/mysql-virtual-alias-maps.cf
# RSPAMD Intergration
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# Increase the maximal number of error/delivery retries
maximal_queue_lifetime = 7d
bounce_queue_lifetime = 7d
maximal_backoff_time = 4h
minimal_backoff_time = 15m
# Leave enabled.
enable_long_queue_ids = yes
|
||
|# Other
show_user_unknown_table_name = no
helpful_warnings = yes
smtp_line_length_limit = 0
unknown_client_reject_code = 550|
|
|
|
|
|MASTER.CF|---------------------------------
|smtp inet n - y - - smtpd
-o syslog_name=postfix/$service_name
submissions inet n - y - - smtpd
-o syslog_name=postfix/$service_name
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
# -o
smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject
-o { smtpd_helo_restrictions = permit_sasl_authenticated, reject }
-o { smtpd_recipient_restrictions = permit_sasl_authenticated, reject }
-o { smtpd_sender_restrictions = permit_sasl_authenticated, reject }
-o { smtpd_client_restrictions = permit_sasl_authenticated, reject }
-o smtpd_client_auth_rate_limit=0
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_delay_reject=yes
-o smtpd_peername_lookup=no
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
