Re: Backup mx config

Mon, 13 Jul 2009 12:42:05 -0700 

Hi Noel, List,
Thanks for your reply! I changed things according to your settings but I guess I overlooked a thing? Still they backup mailserver relays everything for *...@validdomain.org. Invalid domains are not relayed. 

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 15d
minimal_backoff_time = 1000s
mydestination = marcus.youngguns.nl, localhost.youngguns.nl, localhost
myhostname = marcus.youngguns.nl
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relaydomains_for_stevie
relay_recipient_maps = hash:/etc/postfix/relayaddresses_for_stevie
smtp_helo_timeout = 60s
smtp_skip_quit_response = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 10
smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org,  permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_hard_error_limit = 12
smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, 	warn_if_reject  
reject_non_fqdn_hostname, 	reject_invalid_hostname, 	permit
smtpd_recipient_restrictions = permit_mynetworks,	 
reject_unlisted_recipient,	reject_non_fqdn_recipient,	 
reject_non_fqdn_hostname,	reject_non_fqdn_sender,	 
reject_invalid_hostname,  	reject_rbl_client zen.spamhaus.org,	 
reject_rbl_client bl.spamcop.net,	reject_rbl_client psbl.surriel.com,	 
reject_unauth_destination,	reject_unknown_recipient_domain,	 
check_policy_service inet:127.0.0.1:2525	permit
smtpd_sender_restrictions = permit_mynetworks, 	 
reject_unknown_sender_domain, 	permit

smtpd_soft_error_limit = 3
soft_bounce = yes
unknown_local_recipient_reject_code = 450

On Jul 13, 2009, at 7:57 PM, Noel Jones wrote:


Martijn de Munnik wrote:

Hi List,

A script just screwed my main.cf of a backup mx. Unfortunately I  
don't

have a backup of the main.cf. I restored the main.cf but one thing is
still not working as before. The relay*_for_stevie files contain the
domains and emailaddresses which accept mail on stevie.youngguns.nl.

When I test the backup mx with an invalid domain I get an 5**  
error, but
if I test the backup mx an invalid address but valid domain I see  
they

messages is greylisted. Off course this should also be denied 5**.
What is wrong in this config?


Comments below...


receive_override_options = no_address_mappings


Not recommended unless you also have content_filter set.


relay_domains = hash:/etc/postfix/relaydomains_for_stevie


OK.


relay_recipient_maps = hash:/etc/postfix/relayaddresses_for_stevie



Good, you appear to have a list of valid recipients for your  
relay_domains.



smtp_send_xforward_command = yes



This is usually set in specific master.cf services, not main.cf.   
You don't usually want to send XFORWARD information to the whole  
world.



smtpd_banner = Welkom bij $myhostname, stuur ook eens een kaartje!


This should be
 = $myhostname ESTMP your text here


smtpd_client_connection_count_limit = 10



WARNING: The purpose of this feature is to limit abuse. It must not  
be used to regulate legitimate mail traffic.



smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org,
reject_rbl_client
blackholes.easynet.nl,        reject_unauth_pipelining,
reject_unknown_client,  permit



The easynet blacklist has been dead for years. reject_unknown_client  
is a very strict check and is known to reject legit mail.   
reject_unauth_pipelining probably doesn't do any good here, but it  
won't hurt anything.



smtpd_data_restrictions = reject_unauth_pipelining


OK.


smtpd_delay_reject = yes


yes is the default.  Don't change it.


smtpd_helo_restrictions = permit_mynetworks,    warn_if_reject

reject_non_fqdn_hostname,       reject_invalid_hostname,         
permit


OK.


smtpd_recipient_limit = 25


only if you have 25 or fewer users.


smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,


add here:
 reject_unlisted_recipient


reject_unauth_pipelining,
reject_non_fqdn_recipient,      reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_invalid_hostname,
reject_unknown_recipient_domain,        reject_rbl_client
zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,       reject_rbl_client
psbl.surriel.com,
check_policy_service inet:127.0.0.1:2525        permit


reject_unauth_pipelining is not effective here.


smtpd_sender_restrictions = permit_mynetworks,  warn_if_reject
reject_non_fqdn_sender,         reject_unknown_sender_domain,
reject_unauth_pipelining,       permit



reject_unauth_pipelining is not effective here.  I notice you have  
several duplicated restrictions.  No need to list things such as  
reject_non_fqdn_sender more than once.



smtpd_soft_error_limit = 3
soft_bounce = no
unknown_local_recipient_reject_code = 450


Change this to 550 once postfix correctly recognizes valid recipients.

 -- Noel Jones

























					Reply via email to