Hi lists:
My needs: 1. serving as a mail server of a friend's web site. 2. TLS encrypt only, auth plain 3. 587 for client sending mails, 995 pop3s for client receiving mails, 25 for server sending and receiving mails 4. amavis-new 5. spamassassin 6. spf check 7. dmarc 8. opendkim Are there any configuration errors below, and could you give me some suggestion to enhance the mail server, such as security? Here is my postconf -n : alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks.pcre inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = proxy:unix:passwd.byname $alias_maps mailbox_size_limit = 0 milter_default_action = reject milter_protocol = 6 mime_header_checks = $header_checks mydestination = localhost, $mydomain mydomain = example.com myhostname = mail.example.com mynetworks = host myorigin = $mydomain nested_header_checks = $header_checks non_smtpd_milters = inet:localhost:12301, inet:localhost:54321 policyd-spf_time_limit = 3600 readme_directory = no recipient_delimiter = + relay_domains = relayhost = smtp-amavis_destination_concurrency_limit = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname,reject_unknown_helo_hostname smtpd_junk_command_limit = 4 smtpd_milters = inet:localhost:12301, inet:localhost:54321 smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policyd-spf,reject_invalid_hostname,reject_unauth_pipelining,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,check_recipient_access hash:/etc/postfix/recipient_access smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch,reject_unverified_sender,check_sender_access hash:/etc/postfix/sender_access smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/commando/live/mail.example.com/fullchain.pem smtpd_tls_key_file = /etc/commando/live/mail.example.com/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes ################ Thanks, yours sincerely.