If I made any errors/mistakes or my configuration contains any
unnecessary settings/variables, can someone point them out?
Thanks!
======
postconf -n:
best_mx_transport = virtual
biff = no
bounce_queue_lifetime = 3d
compatibility_level = 2
default_process_limit = 150
delay_warning_time = 12h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = .maildir/
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_transport = $virtual_transport
manpage_directory = /usr/share/man
maximal_backoff_time = 2h
maximal_queue_lifetime = 3d
milter_default_action = quarantine
minimal_backoff_time = 15m
mydestination = localhost, mail.domain.com
myhostname = mail.domain.com
mynetworks_style = host
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/opendmarc/opendmarc.sock
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = enforce
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3, b.barracudacentral.org*2,
bl.spameatingmonkey.net*2, dnsbl.ahbl.org*2, bl.spamcop.net,
dnsbl.sorbs.net, psbl.surriel.com, bl.mailspike.net,
swl.spamhaus.org*-4, list.dnswl.org=127.[0..255].[0..255].0*-2,
list.dnswl.org=127.[0..255].[0..255].1*-3,
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
queue_run_delay = 60m
recipient_delimiter = +-
smtp_aol_destination_concurrency_limit = 4
smtp_aol_destination_recipient_limit = 5
smtp_aol_initial_destination_concurrency = 1
smtp_att_destination_concurrency_limit = 4
smtp_att_destination_recipient_limit = 5
smtp_att_initial_destination_concurrency = 1
smtp_dns_support_level = dnssec
smtp_fastmail_destination_concurrency_limit = 4
smtp_fastmail_destination_recipient_limit = 5
smtp_fastmail_initial_destination_concurrency = 1
smtp_gmail_destination_concurrency_limit = 4
smtp_gmail_destination_recipient_limit = 5
smtp_gmail_initial_destination_concurrency = 1
smtp_hotmail_destination_concurrency_limit = 4
smtp_hotmail_destination_recipient_limit = 5
smtp_hotmail_initial_destination_concurrency = 1
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_use_tls = yes
smtp_yahoo_destination_concurrency_limit = 4
smtp_yahoo_destination_recipient_limit = 5
smtp_yahoo_initial_destination_concurrency = 1
smtpd_banner = $myhostname ESMTP NO UCE
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, permit_dnswl_client
list.dnswl.org=127.0.[2..14].[2..3],
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
reject_unknown_reverse_client_hostname
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_milters = unix:/var/run/opendkim/opendkim.sock,
unix:/var/run/opendmarc/opendmarc.sock
smtpd_recipient_limit = 128
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_recipient_access
regexp:/etc/postfix/recipient_access_list, reject_non_fqdn_recipient,
reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo
dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
regexp:/etc/postfix/sender_access_list, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/ssl/postfix/domain.com.rsa.ca
smtpd_tls_cert_file = /etc/ssl/postfix/domain.com.rsa.crt
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparam_2048.pem
smtpd_tls_dh512_param_file = /etc/ssl/postfix/dhparam_512.pem
smtpd_tls_key_file = /etc/ssl/postfix/domain.com.rsa.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
strict_rfc821_envelopes = yes
tls_random_exchange_name = /var/lib/postfix/prng_exch
tls_random_source = dev:/dev/urandom
tls_ssl_options = no_compression, no_ticket
transport_maps = regexp:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:207
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:207
------
master.cf
anvil unix - - n - 1 anvil
bounce unix - - n - 0 bounce
cleanup unix n - n - 0 cleanup
defer unix - - n - 0 bounce
discard unix - - n - - discard
dnsblog unix - - n - 0 dnsblog
dovecot unix - n n - - pipe
flags=DRhu user=postfix:postfix argv=/usr/libexec/dovecot/deliver -d
$(recipient)
error unix - - n - - error
flush unix n - n 1000? 0 flush
lmtp unix - - n - - lmtp
local unix - n n - - local
pickup unix n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
qmgr unix n - n 300 1 qmgr
relay unix - - n - - smtp
retry unix - - n - - error
rewrite unix - - n - - trivial-rewrite
scache unix - - n - 1 scache
showq unix n - n - - showq
smtp inet n - n - 1 postscreen
smtp unix - - n - - smtp
smtp_aol unix - - n - - smtp
-o syslog_name=smtp_aol
smtp_att unix - - n - - smtp
-o syslog_name=smtp_att
smtp_fastmail unix - - n - - smtp
-o syslog_name=smtp_fastmail
smtp_gmail unix - - n - - smtp
-o syslog_name=smtp_gmail
smtp_hotmail unix - - n - - smtp
-o syslog_name=smtp_hotmail
smtp_yahoo unix - - n - - smtp
-o syslog_name=smtp_yahoo
smtpd pass - - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_milters=unix:/var/run/opendkim/opendkim.sock
tlsmgr unix - - n 1000? 1 tlsmgr
tlsproxy unix - - n - 0 tlsproxy
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
virtual unix - n n - - virtual
=====
P.S.
Postscreen is the greatest thing since the invention of sliced bread. If
not for looking for Mr. Venema on Youtube and viewing several of his
talks, I would have never gave it a second though.
