Revision of main.cf

1

+

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

2

+

3

+

# Debian specific: Specifying a file name will cause the first

4

+

# line of that file to be used as the name. The Debian default

5

+

# is /etc/mailname.

6

+

#myorigin = /etc/mailname

7

+

8

+

smtpd_banner = peppermint.node.swee.codes

9

+

biff = no

10

+

11

+

# appending .domain is the MUA's job.

12

+

append_dot_mydomain = no

13

+

14

+

# Uncomment the next line to generate "delayed mail" warnings

15

+

#delay_warning_time = 4h

16

+

17

+

readme_directory = no

18

+

19

+

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on

20

+

# fresh installs.

21

+

compatibility_level = 2

22

+

23

+

# TLS parameters

24

+

smtpd_tls_cert_file=/etc/letsencrypt/live/peppermint.node.swee.codes/fullchain.pem

25

+

smtpd_tls_key_file=/etc/letsencrypt/live/peppermint.node.swee.codes/privkey.pem

26

+

smtpd_use_tls=yes

27

+

smtpd_tls_auth_only = yes

28

+

smtp_tls_security_level = may

29

+

smtpd_tls_security_level = may

30

+

smtpd_sasl_security_options = noanonymous, noplaintext

31

+

smtpd_sasl_tls_security_options = noanonymous

32

+

33

+

# Authentication

34

+

smtpd_sasl_type = dovecot

35

+

smtpd_sasl_path = private/auth

36

+

smtpd_sasl_auth_enable = yes

37

+

38

+

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

39

+

# information on enabling SSL in the smtp client.

40

+

41

+

# Restrictions

42

+

smtpd_helo_restrictions =

43

+

permit_mynetworks,

44

+

permit_sasl_authenticated,

45

+

reject_invalid_helo_hostname,

46

+

reject_non_fqdn_helo_hostname

47

+

smtpd_recipient_restrictions =

48

+

permit_mynetworks,

49

+

permit_sasl_authenticated,

50

+

reject_non_fqdn_recipient,

51

+

reject_unknown_recipient_domain,

52

+

reject_unlisted_recipient,

53

+

reject_unauth_destination

54

+

smtpd_sender_restrictions =

55

+

permit_mynetworks,

56

+

permit_sasl_authenticated,

57

+

reject_non_fqdn_sender,

58

+

reject_unknown_sender_domain

59

+

smtpd_relay_restrictions =

60

+

permit_mynetworks,

61

+

permit_sasl_authenticated,

62

+

defer_unauth_destination

63

+

64

+

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

65

+

# information on enabling SSL in the smtp client.

66

+

67

+

myhostname = peppermint.node.swee.codes

68

+

alias_maps = hash:/etc/aliases

69

+

alias_database = hash:/etc/aliases

70

+

mydomain = swee.codes

71

+

myorigin = swee.codes

72

+

mydestination = localhost

73

+

relayhost =

74

+

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

75

+

mailbox_size_limit = 0

76

+

recipient_delimiter = +

77

+

inet_interfaces = all

78

+

inet_protocols = all

79

+

80

+

# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail

81

+

virtual_transport = lmtp:unix:private/dovecot-lmtp

82

+

83

+

# Virtual domains, users, and aliases

84

+

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

85

+

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

86

+

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,

87

+

mysql:/etc/postfix/mysql-virtual-email2email.cf

88

+

89

+

# Even more Restrictions and MTA params

90

+

disable_vrfy_command = yes

91

+

strict_rfc821_envelopes = yes

92

+

#smtpd_etrn_restrictions = reject

93

+

#smtpd_reject_unlisted_sender = yes

94

+

#smtpd_reject_unlisted_recipient = yes

95

+

smtpd_delay_reject = yes

96

+

smtpd_helo_required = yes

97

+

smtp_always_send_ehlo = yes

98

+

#smtpd_hard_error_limit = 1

99

+

smtpd_timeout = 30s

100

+

smtp_helo_timeout = 15s

101

+

smtp_rcpt_timeout = 15s

102

+

smtpd_recipient_limit = 40

103

+

minimal_backoff_time = 180s

104

+

maximal_backoff_time = 3h

105

+

106

+

# Reply Rejection Codes

107

+

invalid_hostname_reject_code = 550

108

+

non_fqdn_reject_code = 550

109

+

unknown_address_reject_code = 550

110

+

unknown_client_reject_code = 550

111

+

unknown_hostname_reject_code = 550

112

+

unverified_recipient_reject_code = 550

113

+

unverified_sender_reject_code = 550

114

+

milter_protocol = 2

115

+

milter_default_action = accept

116

+

smtpd_milters = inet:localhost:12301

117

+

non_smtpd_milters = inet:localhost:12301

118

+

spamassassin_destination_recipient_limit = 1

swee / main.cf

swee revisou este gist 4 months ago. Ir para a revisão

		@@ -0,0 +1,118 @@
1	+	# See /usr/share/postfix/main.cf.dist for a commented, more complete version
2	+
3	+	# Debian specific: Specifying a file name will cause the first
4	+	# line of that file to be used as the name. The Debian default
5	+	# is /etc/mailname.
6	+	#myorigin = /etc/mailname
7	+
8	+	smtpd_banner = peppermint.node.swee.codes
9	+	biff = no
10	+
11	+	# appending .domain is the MUA's job.
12	+	append_dot_mydomain = no
13	+
14	+	# Uncomment the next line to generate "delayed mail" warnings
15	+	#delay_warning_time = 4h
16	+
17	+	readme_directory = no
18	+
19	+	# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
20	+	# fresh installs.
21	+	compatibility_level = 2
22	+
23	+	# TLS parameters
24	+	smtpd_tls_cert_file=/etc/letsencrypt/live/peppermint.node.swee.codes/fullchain.pem
25	+	smtpd_tls_key_file=/etc/letsencrypt/live/peppermint.node.swee.codes/privkey.pem
26	+	smtpd_use_tls=yes
27	+	smtpd_tls_auth_only = yes
28	+	smtp_tls_security_level = may
29	+	smtpd_tls_security_level = may
30	+	smtpd_sasl_security_options = noanonymous, noplaintext
31	+	smtpd_sasl_tls_security_options = noanonymous
32	+
33	+	# Authentication
34	+	smtpd_sasl_type = dovecot
35	+	smtpd_sasl_path = private/auth
36	+	smtpd_sasl_auth_enable = yes
37	+
38	+	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
39	+	# information on enabling SSL in the smtp client.
40	+
41	+	# Restrictions
42	+	smtpd_helo_restrictions =
43	+	permit_mynetworks,
44	+	permit_sasl_authenticated,
45	+	reject_invalid_helo_hostname,
46	+	reject_non_fqdn_helo_hostname
47	+	smtpd_recipient_restrictions =
48	+	permit_mynetworks,
49	+	permit_sasl_authenticated,
50	+	reject_non_fqdn_recipient,
51	+	reject_unknown_recipient_domain,
52	+	reject_unlisted_recipient,
53	+	reject_unauth_destination
54	+	smtpd_sender_restrictions =
55	+	permit_mynetworks,
56	+	permit_sasl_authenticated,
57	+	reject_non_fqdn_sender,
58	+	reject_unknown_sender_domain
59	+	smtpd_relay_restrictions =
60	+	permit_mynetworks,
61	+	permit_sasl_authenticated,
62	+	defer_unauth_destination
63	+
64	+	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
65	+	# information on enabling SSL in the smtp client.
66	+
67	+	myhostname = peppermint.node.swee.codes
68	+	alias_maps = hash:/etc/aliases
69	+	alias_database = hash:/etc/aliases
70	+	mydomain = swee.codes
71	+	myorigin = swee.codes
72	+	mydestination = localhost
73	+	relayhost =
74	+	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
75	+	mailbox_size_limit = 0
76	+	recipient_delimiter = +
77	+	inet_interfaces = all
78	+	inet_protocols = all
79	+
80	+	# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
81	+	virtual_transport = lmtp:unix:private/dovecot-lmtp
82	+
83	+	# Virtual domains, users, and aliases
84	+	virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
85	+	virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
86	+	virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
87	+	mysql:/etc/postfix/mysql-virtual-email2email.cf
88	+
89	+	# Even more Restrictions and MTA params
90	+	disable_vrfy_command = yes
91	+	strict_rfc821_envelopes = yes
92	+	#smtpd_etrn_restrictions = reject
93	+	#smtpd_reject_unlisted_sender = yes
94	+	#smtpd_reject_unlisted_recipient = yes
95	+	smtpd_delay_reject = yes
96	+	smtpd_helo_required = yes
97	+	smtp_always_send_ehlo = yes
98	+	#smtpd_hard_error_limit = 1
99	+	smtpd_timeout = 30s
100	+	smtp_helo_timeout = 15s
101	+	smtp_rcpt_timeout = 15s
102	+	smtpd_recipient_limit = 40
103	+	minimal_backoff_time = 180s
104	+	maximal_backoff_time = 3h
105	+
106	+	# Reply Rejection Codes
107	+	invalid_hostname_reject_code = 550
108	+	non_fqdn_reject_code = 550
109	+	unknown_address_reject_code = 550
110	+	unknown_client_reject_code = 550
111	+	unknown_hostname_reject_code = 550
112	+	unverified_recipient_reject_code = 550
113	+	unverified_sender_reject_code = 550
114	+	milter_protocol = 2
115	+	milter_default_action = accept
116	+	smtpd_milters = inet:localhost:12301
117	+	non_smtpd_milters = inet:localhost:12301
118	+	spamassassin_destination_recipient_limit = 1