On 3/21/2012 2:31 PM, Mark S wrote: > there is one comma missing after reject_rbl_client bl.spamcop.net, that's > fixed of course. Commas are treated the same as whitespace to Postfix. They are not required.
> > > ----- Original Message ----- > From: Mark S <marksmarks...@yahoo.com> > To: "postfix-users@postfix.org" <postfix-users@postfix.org> > Cc: > Sent: Wednesday, March 21, 2012 7:28 PM > Subject: postfix configuration verification > > Hi all, > > I am totally new to the mail server business. I read a lot about Postfix and > finally succeeded in setting up a working installation on my GNU/Linux VPS. > So far mail delivery works fine, and even most Spam is filtered. Nontheless I > would like to have an expert (or two ;) to have a look at my configuration. I > am confident that I did everything right, but in the end I am not sure and I > do not want my VPS end up as an open relay. > > Long story short, heres my main.cf: This list prefers 'postconf -n' because of mistakes people make, including spelling and listing a parameter twice. The command shows what Postfix is running and in alphabetical order for easy reading. > > disable_vrfy_command = yes > > myorigin = mysubdomain.mydomain.com > mydomain = mysubdomain.mydomain.com > mydestination = mysubdomain.mydomain.com, mydomain.com, > localhost.mydomain.com, localhost > mynetworks = 127.0.0.1/32 [::1]/128 > virtual_alias_maps = hash:/etc/postfix/my-valiases > alias_maps = hash:/etc/aliases > > home_mailbox = Maildir/ > mailbox_size_limit = 0 > biff = no > always_add_missing_headers = yes > > milter_default_action = accept > milter_protocol = 2 > smtpd_milters = inet:localhost:8891 > non_smtpd_milters = inet:localhost:8891 > > smtpd_sender_restrictions = > permit_mynetworks, > reject This rejects all mail not from localhost, your mynetworks, regardless of what is in smtpd_recipient_restrictions. > > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, reject_unauth_destination is your open relay blocker. > reject_unknown_sender_domain, > reject_unknown_client_hostname, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net > check_policy_service inet:127.0.0.1:10023 > > > I wanted to keep it as simple as possible, so I decided to ditch the numerous > options that can be used for spam detection based on SMTP protocol quirks > (EHLO etc.) I think those spam sender will get filtered lateron by postgray > and zen.spamhaus.org anyway. (If there is something I can do better in this > regard, just say so!) > > I ssh to my server and use sendmail to send mails, that's why I set up that > odd smtpd_sender_restrictions. smtpd_sender_restrictions is necessary, > because otherwise I would end up as an open relay, right? The sendmail(1) command does not use smtpd options what so ever. It uses the pickup daemon. Brian
