Hi lists:


My needs:



1. serving as a mail server of a friend's web site.

2. TLS encrypt only, auth plain

3. 587 for client sending mails, 995 pop3s for client receiving mails, 25 for 
server sending and receiving mails

4. amavis-new

5. spamassassin

6. spf check

7. dmarc

8. opendkim



Are there any configuration errors below, 

and could you give me some suggestion to enhance the mail server, such as 
security?



Here is my postconf -n :



alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

append_dot_mydomain = no

biff = no

body_checks = regexp:/etc/postfix/body_checks

compatibility_level = 2

content_filter = smtp-amavis:[127.0.0.1]:10024

disable_vrfy_command = yes

header_checks = pcre:/etc/postfix/header_checks.pcre

inet_interfaces = all

inet_protocols = ipv4

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

mailbox_size_limit = 0

milter_default_action = reject

milter_protocol = 6

mime_header_checks = $header_checks

mydestination = localhost, $mydomain

mydomain = example.com

myhostname = mail.example.com

mynetworks = host

myorigin = $mydomain

nested_header_checks = $header_checks

non_smtpd_milters = inet:localhost:12301, inet:localhost:54321

policyd-spf_time_limit = 3600

readme_directory = no

recipient_delimiter = +

relay_domains =

relayhost =

smtp-amavis_destination_concurrency_limit = 1

smtp_tls_note_starttls_offer = yes

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp_use_tls = yes

smtpd_banner = $myhostname

smtpd_helo_required = yes

smtpd_helo_restrictions = 
reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname,reject_unknown_helo_hostname

smtpd_junk_command_limit = 4

smtpd_milters = inet:localhost:12301, inet:localhost:54321

smtpd_recipient_restrictions = 
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service
 
unix:private/policyd-spf,reject_invalid_hostname,reject_unauth_pipelining,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,check_recipient_access
 hash:/etc/postfix/recipient_access

smtpd_relay_restrictions = permit_mynetworks, 
permit_sasl_authenticated,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = 
permit_sasl_authenticated,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch,reject_unverified_sender,check_sender_access
 hash:/etc/postfix/sender_access

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/commando/live/mail.example.com/fullchain.pem

smtpd_tls_key_file = /etc/commando/live/mail.example.com/privkey.pem

smtpd_tls_loglevel = 1

smtpd_tls_protocols = !SSLv2, !SSLv3

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_tls_session_cache_timeout = 3600s

smtpd_use_tls = yes



################



Thanks,



yours sincerely.






Reply via email to