Postfix: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(init) |
K (main.cf) |
||
Zeile 1: | Zeile 1: | ||
What is Postfix? It is Wietse Venema's mail server that started life at IBM research as an alternative to the widely-used Sendmail program. | What is Postfix? It is Wietse Venema's mail server that started life at IBM research as an alternative to the widely-used Sendmail program. | ||
Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different. | Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different. | ||
= Config = | |||
<syntaxhighlight lang="ini"> | |||
#/etc/postfix/main.cf | |||
# via postconf -n | |||
2bounce_notice_recipient = postmaster | |||
address_verify_map = btree:/var/spool/postfix/data/verify | |||
alias_database = hash:/etc/aliases | |||
alias_maps = hash:/etc/aliases | |||
anvil_rate_time_unit = 60s | |||
anvil_status_update_time = 600s | |||
append_dot_mydomain = no | |||
biff = no | |||
bounce_queue_lifetime = 2d | |||
config_directory = /etc/postfix | |||
default_database_type = btree | |||
disable_vrfy_command = yes | |||
dovecot_destination_recipient_limit = 1 | |||
inet_interfaces = 5.xx.xx.xx 127.0.0.1 [2a01:xx.xxx.xxx] | |||
inet_protocols = all | |||
mail_name = Mailserver | |||
mailarchive_destination_recipient_limit = 1 | |||
mailbox_size_limit = 0 | |||
mailman_destination_recipient_limit = 1 | |||
maximal_queue_lifetime = 3d | |||
message_size_limit = 26214400 | |||
milter_default_action = accept | |||
milter_protocol = 6 | |||
mydestination = localhost, mail.domain.com, othermail.domain.com | |||
myhostname = mail.domain.com | |||
mynetworks = 127.0.0.0/8 168.100.xx.xx/28 [::1]/128 5.xx.xx.xx [2a01:xxx.xxx.xx] | |||
myorigin = /etc/mailname | |||
non_smtpd_milters = inet:localhost:8891 | |||
policy-spf_time_limit = 3600 | |||
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps proxy:mysql:/etc/postfix/maps/access_recipient_roles.cf | |||
readme_directory = no | |||
recipient_delimiter = + | |||
relay_recipient_maps = btree:/var/lib/mailman/data/aliases | |||
relayhost = | |||
smtp_tls_CAfile = $smtpd_tls_CAfile | |||
smtp_tls_cert_file = $smtpd_tls_cert_file | |||
smtp_tls_key_file = $smtpd_tls_key_file | |||
smtp_tls_loglevel = 1 | |||
smtp_tls_note_starttls_offer = yes | |||
smtp_tls_security_level = may | |||
smtpd_banner = $myhostname ESMTP $mail_name | |||
smtpd_client_connection_count_limit = 25 | |||
smtpd_client_connection_rate_limit = 60 | |||
smtpd_client_message_rate_limit = 1000 | |||
smtpd_client_recipient_rate_limit = 1000 | |||
smtpd_data_restrictions = reject_unauth_pipelining, permit | |||
smtpd_helo_required = yes | |||
smtpd_milters = inet:localhost:8891 | |||
smtpd_recipient_restrictions = check_recipient_access proxy:mysql:/etc/postfix/maps/access_recipient_roles.cf, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_client_access btree:/etc/postfix/maps/access_client, check_helo_access btree:/etc/postfix/maps/access_helo, check_sender_access btree:/etc/postfix/maps/access_sender, check_recipient_access btree:/etc/postfix/maps/access_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_client_hostname, reject_unknown_reverse_client_hostname, permit_dnswl_client list.dnswl.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client zen.spamhaus.org, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_unlisted_recipient, check_policy_service unix:private/policy-spf, permit | |||
smtpd_sasl_auth_enable = yes | |||
smtpd_sasl_path = private/auth | |||
smtpd_sasl_type = dovecot | |||
smtpd_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem | |||
smtpd_tls_cert_file = /etc/ssl/private/mailserver.pem | |||
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem | |||
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem | |||
smtpd_tls_eecdh_grade = strong | |||
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA | |||
smtpd_tls_key_file = /etc/ssl/private/mail4.pem | |||
smtpd_tls_loglevel = 1 | |||
smtpd_tls_mandatory_ciphers = high | |||
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | |||
smtpd_tls_protocols = !SSLv2, !SSLv3 | |||
smtpd_tls_received_header = yes | |||
smtpd_tls_security_level = may | |||
tls_preempt_cipherlist = yes | |||
transport_maps = btree:/etc/postfix/maps/transport | |||
unverified_recipient_reject_code = 577 | |||
vacation_destination_recipient_limit = 1 | |||
virtual_alias_maps = proxy:mysql:/etc/postfix/maps/virtual_alias_maps_combined.cf | |||
virtual_gid_maps = static:119 | |||
virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/virtual_domain_maps.cf, proxy:mysql:/etc/postfix/maps/virtual_domain_alias_maps.cf | |||
virtual_mailbox_limit = proxy:mysql:/etc/postfix/maps/virtual_mailbox_limit_maps.cf | |||
virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/virtual_mailbox_maps.cf | |||
virtual_minimum_uid = 112 | |||
virtual_transport = lmtp:unix:private/dovecot-lmtp | |||
virtual_uid_maps = static:112 | |||
</syntaxhighlight> | |||
Zeile 15: | Zeile 99: | ||
* http://dokuwiki.nausch.org/doku.php/centos:mailserver:start | * http://dokuwiki.nausch.org/doku.php/centos:mailserver:start | ||
* [http://jimsun.linxnet.com/postfix_contrib.html|Postfix Log Entry Summarizer] | * [http://jimsun.linxnet.com/postfix_contrib.html|Postfix Log Entry Summarizer] | ||
[[Kategorie:Linux]] | [[Kategorie:Linux]] |
Aktuelle Version vom 9. Dezember 2015, 22:38 Uhr
What is Postfix? It is Wietse Venema's mail server that started life at IBM research as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different.
Config
#/etc/postfix/main.cf
# via postconf -n
2bounce_notice_recipient = postmaster
address_verify_map = btree:/var/spool/postfix/data/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 2d
config_directory = /etc/postfix
default_database_type = btree
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
inet_interfaces = 5.xx.xx.xx 127.0.0.1 [2a01:xx.xxx.xxx]
inet_protocols = all
mail_name = Mailserver
mailarchive_destination_recipient_limit = 1
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
maximal_queue_lifetime = 3d
message_size_limit = 26214400
milter_default_action = accept
milter_protocol = 6
mydestination = localhost, mail.domain.com, othermail.domain.com
myhostname = mail.domain.com
mynetworks = 127.0.0.0/8 168.100.xx.xx/28 [::1]/128 5.xx.xx.xx [2a01:xxx.xxx.xx]
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
policy-spf_time_limit = 3600
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps proxy:mysql:/etc/postfix/maps/access_recipient_roles.cf
readme_directory = no
recipient_delimiter = +
relay_recipient_maps = btree:/var/lib/mailman/data/aliases
relayhost =
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 25
smtpd_client_connection_rate_limit = 60
smtpd_client_message_rate_limit = 1000
smtpd_client_recipient_rate_limit = 1000
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_recipient_access proxy:mysql:/etc/postfix/maps/access_recipient_roles.cf, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_client_access btree:/etc/postfix/maps/access_client, check_helo_access btree:/etc/postfix/maps/access_helo, check_sender_access btree:/etc/postfix/maps/access_sender, check_recipient_access btree:/etc/postfix/maps/access_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_client_hostname, reject_unknown_reverse_client_hostname, permit_dnswl_client list.dnswl.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client zen.spamhaus.org, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_unlisted_recipient, check_policy_service unix:private/policy-spf, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem
smtpd_tls_cert_file = /etc/ssl/private/mailserver.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/mail4.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
transport_maps = btree:/etc/postfix/maps/transport
unverified_recipient_reject_code = 577
vacation_destination_recipient_limit = 1
virtual_alias_maps = proxy:mysql:/etc/postfix/maps/virtual_alias_maps_combined.cf
virtual_gid_maps = static:119
virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/virtual_domain_maps.cf, proxy:mysql:/etc/postfix/maps/virtual_domain_alias_maps.cf
virtual_mailbox_limit = proxy:mysql:/etc/postfix/maps/virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/virtual_mailbox_maps.cf
virtual_minimum_uid = 112
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:112
Links
- http://www.postfix.org/
- http://de.wikipedia.org/wiki/Postfix_%28Mail_Transfer_Agent%29
- http://www.arschkrebs.de/postfix/
- http://workaround.org/ispmail
- http://www.postfix.org/postconf.5.html
- http://www.pitt-pladdy.com/blog/_20100422-220006_0100_Basic_Postfix_config_guide_for_Cacti_Spam_Blocking_TLS_etc_/
- https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto#Enhanced_Mail_Services
- https://help.ubuntu.com/community/Postfix/SPF
- http://www.warmenhoven.co/2012/03/28/spf-dkim-dmarc-and-gpg-first-line-defense-against-phishing-andspam/
- http://dokuwiki.nausch.org/doku.php/centos:mailserver:start
- Log Entry Summarizer