Difference between revisions of "User:Paul/sandbox/Sample main.cf"
Jump to navigation
Jump to search
Line 160: | Line 160: | ||
== External links == | == External links == | ||
+ | |||
+ | [http://www.postfix.org/postconf.5.html Postfix Configuration Parameters] | ||
[https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL | Ex Ratione] | [https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL | Ex Ratione] | ||
[[category:Mail server]][[Category:Fully-functional mail server]] | [[category:Mail server]][[Category:Fully-functional mail server]] |
Revision as of 21:33, 29 May 2014
WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # The first text sent to a connecting process. smtpd_banner = $myhostname ESMTP biff = no # appending .domain is the MUA's job. append_dot_mydomain = no readme_directory = no # SASL parameters # --------------------------------- # Use Dovecot to authenticate. smtpd_sasl_type = dovecot # Referring to /var/spool/postfix/private/auth smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes # TLS parameters # --------------------------------- # Replace this with your SSL certificate path if you are using one. smtpd_tls_cert_file=/etc/ssl/private/example.com/server.crt smtpd_tls_key_file=/etc/ssl/private/example.com/server.key # The snakeoil self-signed certificate has no need for a CA file. But # if you are using your own SSL certificate, then you probably have # a CA certificate bundle from your provider. The path to that goes # here. smtpd_tls_CAfile=/etc/ssl/private/startssl/startssl-ca-bundle.pem smtp_tls_ciphers = high tls_ssl_options = NO_COMPRESSION smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # Enable (but don't force) all incoming smtp connections to use TLS. smtpd_tls_security_level = may # Enable (but don't force) all outgoing smtp connections to use TLS. smtp_tls_security_level = may # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. # SMTPD parameters # --------------------------------- # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # will it be a permanent error or temporary unknown_local_recipient_reject_code = 450 # how long to keep message on queue before return as failed. # some have 3 days, I have 16 days as I am backup server for some people # whom go on holiday with their server switched off. maximal_queue_lifetime = 7d # max and min time in seconds between retries if connection failed minimal_backoff_time = 1000s maximal_backoff_time = 8000s # how long to wait when servers connect before receiving rest of data smtp_helo_timeout = 60s # how many address can be used in one message. # effective stopper to mass spammers, accidental copy in whole address list # but may restrict intentional mail shots. smtpd_recipient_limit = 16 # how many error before back off. smtpd_soft_error_limit = 3 # how many max errors before blocking it. smtpd_hard_error_limit = 12 # This next set are important for determining who can send mail and relay mail # to other servers. It is very important to get this right - accidentally producing # an open relay that allows unauthenticated sending of mail is a Very Bad Thing. # # You are encouraged to read up on what exactly each of these options accomplish. # Requirements for the HELO statement smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit # Requirements for the sender details smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit # Requirements for the connecting server smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org # Requirement for the recipient address. smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:postgrey/postgrey.sock, check_policy_service unix:private/policy-spf, permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:postgrey/postgrey.sock, check_policy_service unix:private/policy-spf, permit # require proper helo at connections smtpd_helo_required = yes # waste spammers time before rejecting them smtpd_delay_reject = yes disable_vrfy_command = yes # General host and delivery info # ---------------------------------- myhostname = mail.example.com myorigin = /etc/hostname # Some people see issues when setting mydestination explicitly to the server # subdomain, while leaving it empty generally doesn't hurt. So it is left empty here. # mydestination = mail.example.com, localhost mydestination = # If you have a separate web server that sends outgoing mail through this # mailserver, you may want to add its IP address to the space-delimited list in # mynetworks, e.g. as 111.222.333.444/32. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mynetworks_style = host # This specifies where the virtual mailbox folders will be located. virtual_mailbox_base = /var/vmail # This is for the mailbox location for each user. The domainaliases # map allows us to make use of Postfix Admin's domain alias feature. virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf # and their user id virtual_uid_maps = static:150 # and group id virtual_gid_maps = static:8 # This is for aliases. The domainaliases map allows us to make # use of Postfix Admin's domain alias feature. virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf # This is for domain lookups. virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf # Integration with other packages # --------------------------------------- # Tell postfix to hand off mail to the definition for dovecot in master.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # Used with amavis (not installed currently) #content_filter = amavis:[127.0.0.1]:10024 # Header manipulation # -------------------------------------- # Getting rid of unwanted headers. See: https://posluns.com/guides/header-removal/ header_checks = regexp:/etc/postfix/header_checks # getting rid of x-original-to enable_original_recipient = no milter_default_action = accept smtpd_milters = unix:opendkim/opendkim.sock unix:opendmarc/opendmarc.sock unix:spamass/spamass.sock policy-spf_time_limit = 3600s
External links
Postfix Configuration Parameters
A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL | Ex Ratione