>From Viktor Dukhovni:
> I don't recall whether you have as yet posted the requested (sans any
> reformatting of line breaks) outputs of:
>
> $ postconf -Mf
> $ postconf -nf
See the attached text files.
I'll mention here that I'm still trying tweaks here and there to my
Postfix configuration. Most recently, I modified amavisd-new to send
its post-scan output to 127.0.0.55 (instead of the default 127.0.0.1),
in an attempt to make it clearer which "localhost" traffic is coming
from and going to where. So if my current configuration doesn't seem to
match the info I've been posting up till now about my server, that may
be why.
Rich Wales
[email protected]
submission inet n - n - - smtpd -v
-o smtpd_enforce_tls=yes
-o soft_bounce=no
-o cleanup_service_name=msa-cleanup
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o disable_mime_output_conversion=yes
-o postscreen_access_list=permit
-o postscreen_dnsbl_sites=
-o smtpd_banner=$smtpd_banner_submission
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=$submission_restrictions
-o smtpd_reject_footer=
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_sender_login_maps=hash:/etc/postfix/sender_login
msa-cleanup unix n - n - 0 cleanup
-o always_add_missing_headers=yes
-o header_checks=pcre:/etc/postfix/ignore_tb_msgid
-o sender_bcc_maps=hash:/etc/postfix/sender_bcc
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
-o content_filter=smtp-amavis:[127.0.0.1]:10024
0.0.0.0:28 inet n - n - 1 smtpd
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o smtpd_banner=$smtpd_banner_fallback
-o transport_maps=hash:/etc/postfix/transport-fallback
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
127.0.0.1:10023 inet n - n - - smtpd
-o soft_bounce=yes
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o postscreen_access_list=permit
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=reject_unauth_destination
-o smtpd_data_restrictions=
-o smtpd_reject_footer=
smtp-amavis unix - - n - 5 smtp
-o disable_dns_lookups=yes
-o max_use=20
-o postscreen_access_list=permit
-o smtp_data_done_timeout=600
-o smtp_fallback_relay=
-o smtp_send_xforward_command=yes
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=
-o soft_bounce=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mail_name=from-amavis
-o mynetworks=127.0.0.0/8
-o postscreen_access_list=permit
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o relay_recipient_maps=
-o smtp_fallback_relay=
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_soft_error_limit=1001
-o soft_bounce=yes
-o strict_rfc821_envelopes=yes
127.0.0.55:10025 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mail_name=from-amavis
-o mynetworks=127.0.0.0/8
-o postscreen_access_list=permit
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o relay_recipient_maps=
-o smtp_fallback_relay=
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_error_sleep_time=0
-o smtpd_hard_error_limit=1000
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_soft_error_limit=1001
-o soft_bounce=yes
-o strict_rfc821_envelopes=yes
dovecot unix - n n - - pipe flags=DRhu
user=delivery argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}
relay unix - - n - - smtp
-o smtp_fallback_relay=
anvil unix - - n - 1 anvil
bounce unix - - n - 0 bounce
cleanup unix n - n - 0 cleanup
defer unix - - n - 0 bounce
discard unix - - n - - discard
error unix - - n - - error
flush unix n - n 1000? 0 flush
lmtp unix - - n - - lmtp
local unix - n n - - local
pickup fifo n - n 60 1 pickup
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
qmgr fifo n - n 300 1 qmgr
retry unix - - n - - error
rewrite unix - - n - - trivial-rewrite
scache unix - - n - 1 scache
showq unix n - n - - showq
smtp unix - - n - - smtp
tlsmgr unix - - n 1000? 1 tlsmgr
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
virtual unix - n n - - virtual
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
compatibility_level = 2
default_destination_concurrency_limit = 1
default_destination_recipient_limit = 1
disable_vrfy_command = yes
enable_long_queue_ids = yes
fast_flush_domains =
hopcount_limit = 150
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
local_destination_concurrency_limit = 1
local_destination_recipient_limit = 1
local_recipient_maps = $alias_maps
mail_owner = postfix
mailbox_transport = lmtp:[127.0.0.1]
maximal_queue_lifetime = 30d
message_size_limit = 50000000
message_strip_characters = \0
milter_default_action = accept
milter_protocol = 2
mydestination = richw.org, richw.ca, pcre:/etc/postfix/richw_subdomains,
localhost, marywalesloomis.com
mydomain = richw.org
myhostname = memoryalpha.richw.org
mynetworks = 127.0.0.0/8, 10.0.229.0/24, 96.82.71.8/29,
mynetworks_style = subnet
myorigin = $myhostname
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_max_ttl = 3h
postscreen_dnsbl_min_ttl = 30m
postscreen_dnsbl_sites = whitelist.richw.org=127.0.0.1*-100,
hostkarma.junkemailfilter.com=127.0.0.1*-30,
score.senderscore.com=127.0.4.[91..100]*-30,
score.senderscore.com=127.0.4.[71..90]*-24,
list.dnswl.org=127.0.[0..255].3*-16, list.dnswl.org=127.0.[0..255].2*-8,
list.dnswl.org=127.0.[0..255].1*-4, list.dnswl.org=127.0.[0..255].0*-2,
blacklist.richw.org=127.0.0.2*100, zen.spamhaus.org=127.0.0.[2..255]*40,
dnsbl.justspam.org=127.0.0.[2..255]*20,
hostkarma.junkemailfilter.com=127.0.0.2*10, dyna.spamrats.com=127.0.0.36*9,
b.barracudacentral.org=127.0.0.2*8, truncate.gbudb.net=127.0.0.[2..255]*6,
hostkarma.junkemailfilter.com=127.0.0.4*3,
psbl.surriel.com=127.0.0.[2..255]*2, dnsbl.sorbs.net=127.0.0.[2..255]*2,
bl.spamcop.net=127.0.0.[2..255]*2, multi.surbl.org=127.0.0.[2..255]*2
postscreen_dnsbl_threshold = 7
postscreen_dnsbl_whitelist_threshold = -16
postscreen_greet_action = drop
postscreen_greet_banner = $myhostname Please stand by . . .
postscreen_pipelining_action = drop
relay_destination_recipient_limit = 1
relay_domains = indigo.richw.org, goldsmurf.randerzo.net
smtp_address_preference = ipv4
smtp_destination_concurrency_limit = 1
smtp_destination_recipient_limit = 1
smtp_reply_filter = pcre:/etc/postfix/reply_filter
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = PLAIN LOGIN
smtp_sasl_password_maps = hash:/etc/postfix/sasl_fallback
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = no
smtp_tls_ciphers = medium
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_banner = $smtpd_banner_regular
smtpd_banner_fallback = $smtpd_banner_regular (fallback)
smtpd_banner_regular = $myhostname ESMTP
smtpd_banner_submission = $smtpd_banner_regular (Postfix $mail_version --
submission)
smtpd_client_restrictions = permit_mynetworks, permit_dnswl_client
whitelist.richw.org=127.0.0.1, permit_rhswl_client
whitelist.richw.org=127.0.0.1, reject_rbl_client
blacklist.richw.org=127.0.0.2, reject_rhsbl_client
blacklist.richw.org=127.0.0.2, reject_rhsbl_client
dbl.spamhaus.org=127.0.1.[0..255]
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_discard_ehlo_keywords = dsn etrn size vrfy silent-discard
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_rhswl_client
whitelist.richw.org=127.0.0.1, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname,
reject_rhsbl_helo blacklist.richw.org=127.0.0.2, reject_rhsbl_helo
dbl.spamhaus.org=127.0.1.[0..255]
smtpd_recipient_restrictions = permit_mynetworks, reject_rhsbl_recipient
blacklist.richw.org=127.0.0.2, reject_rhsbl_recipient
dbl.spamhaus.org=127.0.1.[0..255], reject_unknown_recipient_domain,
reject_unlisted_recipient, reject_unauth_destination, permit
smtpd_reject_footer = Please report any delivery problems to [email protected]
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions = reject_rhsbl_recipient blacklist.richw.org=127.0.0.2,
reject_rhsbl_recipient dbl.spamhaus.org=127.0.1.[0..255],
reject_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_rhswl_client
whitelist.richw.org=127.0.0.1, reject_rhsbl_sender
blacklist.richw.org=127.0.0.2, reject_rhsbl_sender
dbl.spamhaus.org=127.0.1.[0..255]
smtpd_tls_CAfile = /etc/postfix/ssl/richw-org.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/richw-org.pem
smtpd_tls_ciphers = medium
smtpd_tls_key_file = /etc/postfix/ssl/richw-org-key.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_use_tls = yes
smtputf8_enable = no
soft_bounce = yes
submission_restrictions = reject_sender_login_mismatch,
reject_unlisted_recipient, permit_auth_destination, permit_rhswl_client
whitelist.richw.org=127.0.0.1, reject_rhsbl_recipient
blacklist.richw.org=127.0.0.2, reject_rhsbl_recipient
dbl.spamhaus.org=127.0.1.[0..255], permit_sasl_authenticated, reject
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_map
virtual_destination_recipient_limit = 1
