On Wed, 29 Jul 2009 13:39:06 -0400, Brian Evans - Postfix List <grkni...@scent-team.com> wrote: > Willy De la Court wrote: >> Hi all, >> >> I'm new to postfix coming from another MTA. I just want some feedback on >> the configuration I use at the moment and get some reponse for improving >> that configuration. >> >> Setup Debian (Lenny) all packages from the standard repository. >> >> postfix 2.5.5-1.1 >> postfix-mysql 2.5.5-1.1 >> postfixadmin 2.3rc4 >> maildrop 2.0.4-3 >> spamassassin 3.2.5-2 >> >> postconf -n >> >> alias_database = hash:/etc/aliases >> alias_maps = hash:/etc/aliases >> > > Not used, remove/comment them if you like (removes confusion later). > Only local(8) will use these and you disabled this below. > (Unless your transport_maps includes local)
Yep removed them everything for aliases is done with the virtual stuff >> local_recipient_maps = $virtual_mailbox_maps >> local_transport = virtual >> > > This is not recommended because it doesn't follow the Address Class > definitions. > http://www.postfix.org/ADDRESS_CLASS_README.html > This may break in the future. I'm not sure I understand this. Is this not the way to make sure local accounts are also process via the virtual map translations? >> mailbox_command = procmail -a "$EXTENSION" >> mailbox_size_limit = 0 >> > Only local(8) will use these two. Yep since the delivery is done by maildrop so is it safe to remove them? Especially the mailbox_size_limit? >> receive_override_options = no_address_mappings >> > > Is this necessary? You continually override it in master.cf. > It is *easier* to read if you remove it from here and only put it in > master.cf where needed. Your right the config has grown as i tried to figure out all the possibilities and learned more about all the possibilities. I cleaned it up a bit. >> recipient_delimiter = + >> relay_domains = proxy:mysql:/etc/postfix/mysql/relay-domains.cf >> > > No relay_recipient_maps? Possible BackScatter source. > [snip] Hmm these should really be remove as I don't have any relay domains or secondary MX. >> smtpd_helo_restrictions = permit_mynetworks, >> permit_sasl_authenticated, >> reject_non_fqdn_hostname, reject_invalid_hostname, permit >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_unauth_pipelining, >> reject_non_fqdn_recipient, reject_unknown_recipient_domain, >> reject_unauth_destination, reject_invalid_hostname, >> reject_rbl_client >> bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit >> smtpd_sender_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_non_fqdn_sender, >> reject_unknown_sender_domain, permit > I hope you have a caching DNS server locally. > DNS failures will cause delays of mail delivery. > permits on the end are "nice" to the eye. > They are also implied if you remove them too. Yep caching dns is in place and it works great as spam blocker before the real spam scanner goes into effect. Some statistics In a period of 24 hours there where 40000 connections/destinations(RCPT TO) blocked for about 700 legitime mails and from those about 20% was spam that wass caught by the spam scanner. >> smtpd_use_tls = yes >> > > Deprecated, prefer 'smtpd_tls_security_level = may' > Need to look into this further. Thanks to Brian Evans for taking the time to answer a newbe. I'm starting to like postfix a lot especially the hunderds of ways to configure it. Much better than the Other MTA I had before. Still in the migrating phase need to migrate another 60 mail domains to the new infrastructure. -- Simple things make people happy. Willy De la Court PGP Public Key at http://www.linux-lovers.be/download/public_key.asc PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
