Walter Pinto put forth on 1/21/2011 10:57 PM:
> I used the following command to determine what needed to be removed
> from my main.cf:
>
> postconf -d > defaultcfg && postconf -n > customcfg && perl -ne 'print
> if ($seen{$_} .= @ARGV) =~ /10$/' customcfg defaultcfg
>
> Then I made the suggested changes and I'm left with:
That method doesn't seem to strip all the default junk, such as some of my
markups below:
> anvil_rate_time_unit = 180s
> body_checks = regexp:/etc/postfix/body_checks
> bounce_size_limit = 1500
> broken_sasl_auth_clients = yes
config_directory = /etc/postfix <-- **remove this, default
> default_destination_concurrency_limit = 10
> disable_vrfy_command = yes
> header_checks = regexp:/etc/postfix/header_checks
html_directory = /var/www/html/postfix <-- **Is this _needed_ in main.cf?
inet_protocols = all <-- **Remove this unless you're using IPv6
initial_destination_concurrency = 10 <-- **Are these two _needed_
local_destination_concurrency_limit = 10 default settings didn't work?
> local_recipient_maps = error:local mail delivery disabled
> local_transport = error:local mail delivery disabled
maximal_backoff_time = 90m <-- **Same here, _needed_ ?
> message_size_limit = 14500000
> mydomain = mx.example.net
> myhostname = mx.example.net
> mynetworks = 127.0.0.0/8
> myorigin = example.net
readme_directory = /var/www/html/postfix <-- **Is this needed in main.cf?
> relay_domains = mysql:/etc/postfix/sql/relay_transport_map.conf
> relay_recipient_maps = mysql:/etc/postfix/sql/relay_recipient_map.conf
> relocated_maps = hash:/etc/postfix/relocated
smtp_connect_timeout = 45s <-- **unless this is _needed_ remove the line,
default is 30s
> smtpd_data_restrictions = reject_multi_recipient_bounce
> reject_unauth_pipelining
smtpd_error_sleep_time = 0 <-- The default is 1s. Do you _need_ this at zero?
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_hostname
> reject_invalid_hostname
> smtpd_recipient_restrictions = permit_mynetworks
> reject_unauth_destination reject_invalid_hostname
> reject_non_fqdn_hostname reject_non_fqdn_sender
> reject_non_fqdn_recipient reject_unknown_sender_domain
> reject_unknown_recipient_domain reject_unlisted_recipient
> check_recipient_access hash:/etc/postfix/whitelist reject_rbl_client
> zen.spamhaus.org reject_rbl_client b.barracudacentral.org
> reject_rbl_client bl.spamcop.net check_policy_service
> inet:127.0.0.1:10031 check_policy_service inet:127.0.0.1:10023
> smtpd_reject_unlisted_sender = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_tls_CAfile = /etc/postfix/certs/ca-bundle.crt
> smtpd_tls_cert_file = /etc/postfix/certs/mx.example.net.cert
> smtpd_tls_key_file = /etc/postfix/certs/mx.example.net.key
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
> smtpd_tls_session_cache_timeout = 7200s
> smtpd_use_tls = yes
> transport_maps = mysql:/etc/postfix/sql/relay_transport_map.conf
> virtual_alias_maps = hash:/etc/postfix/domains/localhost
> hash:/etc/postfix/domains/example.com
> hash:/etc/postfix/domains/example.net
> hash:/etc/postfix/domains/example.org
> How does that look now?
A little more consolidated, looks better. Note my markups. You can go a little
further. As a general rule, don't change anything or add anything that's not
_necessary_ to make Postfix function correctly in your environment. Having more
than necessary simply clutters main.cf/postconf -n output making it more
difficult to read/troubleshoot down the road, as Noel mentioned.
--
Stan
