Hello,
I've just set up a new postfix 2.x server on CentOS 5. As some
directives have changed and it's been a while since i've done this i'd
appreciate anyone looking over this configuration and commenting on what is
good, needs changing, etc.
The server is suppose to support only virtual mailbox domains, uses
antispam and antivirus measures, smtp auth server and client through dovecot
not sure about this, tls, and hooks in to mailman for list management.
Thanks.
Dave.
address_verify_map = btree:/var/spool/postfix/verified_senders
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 127.0.0.1, 74.208.64.129
invalid_hostname_reject_code = 554
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20971520
multi_recipient_bounce_reject_code = 554
mydestination = localhost, lists.$mydomain
mydomain = davemehler.com
myhostname = mail.davemehler.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_helo_timeout = 60s
smtp_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtp.crt
smtp_tls_key_file = /etc/postfix/ssl/smtp.key
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_cache
smtp_use_tls = yes
smtpd_banner = $myhostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unverified_recipient
reject_multi_recipient_bounce, check_helo_access
pcre:/etc/postfix/helo_checks.pcre check_sender_mx_access
cidr:/etc/postfix/bogus_mx check_recipient_access
hash:/etc/postfix/recipient_access check_sender_access
hash:/etc/postfix/common_spam_senderdomains reject_rhsbl_sender
dsn.rfc-ignorant.org reject_rbl_client zen.spamhaus.org,
reject_rbl_client multi.uribl.com, reject_rbl_client images.rbl.msrbl.net,
reject_rbl_client list.dsbl.org check_policy_service inet:127.0.0.1:10023
reject_unauth_pipelining, check_policy_service unix:private/spfpolicy
policy_time_limit = 3600 reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_restriction_classes = has_our_domain_as_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining
reject_sender_login_mismatch check_recipient_access
pcre:/etc/postfix/listcheck
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.crt smtpd_tls_CAfile =
/etc/postfix/ssl/ca-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
