Jon wrote:
Sahil Tandon wrote:
Show all 'postconf -n' instead of snippets for more thorough debugging.
Sorry, figured the shorthand would give enough detail without being too
wordy. Here's the rest:
mailbox_size_limit = 0
Not recommended. Better to set a really big limit.
mydestination = smtp1.myDomainOne myDomainOne myDomainTwo
relay_domains = myDomainOne, myDomainTwo
Same domain listed in both mydestination and relay_domains?
Generally best to list domains only in one category.
http://www.postfix.org/ADDRESS_CLASS_README.html
relay_recipient_maps = hash:/etc/postfix/exchange_recipients
Since it looks as if these are relay_domains, best to remove
them from mydestination.
show_user_unknown_table_name = no
OK, but makes debugging harder.
smtpd_banner = $myhostname Microsoft ESMTP MAIL Service, Version:
6.0.3790.1830 ready
Only confuses the n00bs.
smtpd_client_restrictions =
Usually one should have "permit_mynetworks" before you start
rejecting mail so you don't reject your own mail by mistake.
check_client_access hash:/etc/postfix/access_hash,
check_client_access regexp:/etc/postfix/access_regexp,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
again no permit_mynetworks.
check_helo_access hash:/etc/postfix/access_hash,
Generally uncool to reuse maps for multiple purposes. While
postfix doesn't care, it can cause confusion and user errors.
Ok, I do it too.
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname
smtpd_sender_restrictions =
again no permit_mynetworks.
check_sender_access hash:/etc/postfix/access_hash,
I don't see any RBL lookups. Adding some "trustworthy" RBLs
to your setup will probably make a big difference. While
there is great debate of the definition of trustworthy, I
would suggest zen.spamhaus.org - see their usage policy.
http://www.spamhaus.org/organization/dnsblusage.html
Even if you don't qualify for "free" usage, I think the paid
feed is well worth the reasonable price.
-- Noel Jones
