Hi all,
I'm new to postfix coming from another MTA. I just want some feedback on
the configuration I use at the moment and get some reponse for improving
that configuration.
Setup Debian (Lenny) all packages from the standard repository.
postfix 2.5.5-1.1
postfix-mysql 2.5.5-1.1
postfixadmin 2.3rc4
maildrop 2.0.4-3
spamassassin 3.2.5-2
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
canonical_maps = proxy:mysql:/etc/postfix/mysql/email-translate.cf
config_directory = /etc/postfix
content_filter = spamfilter
disable_vrfy_command = yes
inet_interfaces = 188.40.61.184
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = localhost.mydomain.tld, localhost
myhostname = niagara.mydomain.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/mysql/relay-domains.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP server ready
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, reject_invalid_hostname, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 5
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql/virtual-transports.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual-alias-maps.cf,
proxy:mysql:/etc/postfix/mysql/virtual-alias-alias-maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql/virtual-domains.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql/virtual-mailbox-maps.cf,
proxy:mysql:/etc/postfix/mysql/virtual-mailbox-alias-maps.cf
virtual_transport = maildrop
virtual_uid_maps = static:500
master.cf (relevant changes)
smtp inet n - - - - smtpd
-o receive_override_options=
-o smtpd_sasl_auth_enable=no
127.0.0.1:smtp inet n - - - - smtpd
-o receive_override_options=
-o content_filter=
submission inet n - - - - smtpd
-o receive_override_options=
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
-o receive_override_options=
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - - 60 1 pickup
-o receive_override_options=
-o content_filter=
maildrop unix - n n - - pipe
flags=DRhqu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
spamfilter unix - n n - - pipe
-o receive_override_options=no_address_mappings
flags=ROhqu user=vmail argv=/usr/local/bin/spamfilter.sh ${domain}
${sender} ${recipient}
127.0.0.1:10025 inet n - - - - smtpd
-o smtpd_tls_security_level=none
-o smtp_tls_security_level=none
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender}
-- ${recipient}
--
Simple things make people happy.
Willy De la Court
