Dear Venema i would like to thank you for postfix, the best MTA in my opinion i am happy and think you can't hear this often enough for provide such a great software for free!
not only for the app, especially for the way of your development making
even major-upgrades easy without any config-changes in complex setups
over years and i am on board since 2006
it is really impressive to see this in setups like below without touch
anything as replace tarball and rebuild the RPM before execute some
autotests, see it working like a charme and global deployment
what a wonderful world could this be if any update would run so smooth....
postfix-2.9.0-2.fc15.20120205.rh.x86_64
_______________
disclaimer:
yes, the reject codes are well thought because a spamfirewall in front
and normally no unauthenticated message is delivered directly to the MTA
_______________
myhostname = hostname
smtpd_banner = $myhostname ESMTP
smtp_helo_name = $myhostname
inet_protocols = ipv4
inet_interfaces = all
mydomain = ourdomain
myorigin = our-admin-domain
double_bounce_sender = double-bounce@ourdomain
address_verify_sender = postmaster@ourdomain
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unknown_hostname_reject_code = 501
unknown_address_reject_code = 550
bounce_template_file = /etc/postfix/bounce.cf
fast_flush_domains =
mailbox_size_limit = 0
recipient_delimiter = +
broken_sasl_auth_clients = yes
anvil_rate_time_unit = 1800s
smtpd_client_connection_rate_limit = 50
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_proxy_options = speed_adjust
smtpd_reject_footer = as customer please use
smtp-authentication
smtpd_helo_required = yes
smtpd_discard_ehlo_keywords = silent-discard, etrn,
dsn, vrfy
smtpd_recipient_limit = 500
disable_vrfy_command = yes
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_security_options = noanonymous
proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
proxy:mysql:/etc/postfix/mysql-mydestination.cf
proxy:mysql:/etc/postfix/mysql-recipients.cf
proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
proxy:mysql:/etc/postfix/mysql-transport.cf
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
proxy:mysql:/etc/postfix/mysql-aliases.cf
proxy:mysql:/etc/postfix/mysql-senderaccess.cf
proxy:mysql:/etc/postfix/mysql-spamfilter.cf
proxy:mysql:/etc/postfix/mysql-forwarders.cf
smtpd_helo_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unlisted_sender
reject_authenticated_sender_login_mismatch
permit_sasl_authenticated
reject_unauth_destination
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_invalid_hostname
reject_unknown_reverse_client_hostname
reject_unauth_pipelining
reject_rbl_client dnsbl-1.uceprotect.net
check_policy_service unix:/var/spool/postfix/postgrey/socket
check_recipient_access proxy:mysql:/etc/postfix/mysql-spamfilter.cf
barracuda_smtpd_recipient_restrictions = permit_mynetworks, reject
mynetworks = 127.0.0.0/8,
proxy:mysql:/etc/postfix/mysql-mynetworks.cf
mydestination =
proxy:mysql:/etc/postfix/mysql-mydestination.cf
local_recipient_maps =
proxy:mysql:/etc/postfix/mysql-recipients.cf
recipient_canonical_maps =
proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
sender_canonical_maps =
proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
transport_maps =
proxy:mysql:/etc/postfix/mysql-transport.cf
sender_dependent_relayhost_maps =
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
smtp_sasl_password_maps =
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
alias_maps =
proxy:mysql:/etc/postfix/mysql-aliases.cf
smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql-senderaccess.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-forwarders.cf
body_checks_size_limit = 65535
queue_run_delay = 240
maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d
minimal_backoff_time = 900
maximal_backoff_time = 5400
message_size_limit = 36700160
max_idle = 60
in_flow_delay = ${stress?2}${stress:0}s
smtp_destination_recipient_limit = 15
smtp_initial_destination_concurrency = 5
smtp_destination_concurrency_limit = 5
smtp_destination_concurrency_failed_cohort_limit = 5
smtp_destination_rate_delay = 1
smtp_helo_timeout = ${stress?45}${stress:180}s
smtp_mail_timeout = ${stress?45}${stress:180}s
smtp_connect_timeout = ${stress?15}${stress:45}s
smtpd_error_sleep_time = ${stress?1}${stress:2}s
smtpd_soft_error_limit = ${stress?2}${stress:5}
smtpd_hard_error_limit = ${stress?5}${stress:10}
smtpd_peername_lookup = yes
lmtp_max_idle = 600
lmtp_connection_cache_time_limit = 600
lmtp_connection_reuse_time_limit = 600
lmtp_destination_concurrency_limit = 30
dbmail-lmtp_destination_concurrency_limit = 30
dbmail-lmtp_destination_rate_delay = 0
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_cert_file =
/etc/postfix/certs/mail.pem
smtpd_tls_key_file =
/etc/postfix/certs/mail.pem
smtpd_tls_CAfile =
/etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_scache
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_cipherlist =
HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_cert_file =
/etc/postfix/certs/mail.pem
smtp_tls_key_file =
/etc/postfix/certs/mail.pem
smtp_tls_CAfile =
/etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
smtp_tls_received_header = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_scache
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
