Loading ...
Sorry, an error occurred while loading the content.

server configuration

Expand Messages
  • Dave
    Hello, I ve just set up a new postfix 2.x server on CentOS 5. As some directives have changed and it s been a while since i ve done this i d appreciate anyone
    Message 1 of 1 , Jul 30, 2009
    • 0 Attachment
      Hello,
      I've just set up a new postfix 2.x server on CentOS 5. As some
      directives have changed and it's been a while since i've done this i'd
      appreciate anyone looking over this configuration and commenting on what is
      good, needs changing, etc.
      The server is suppose to support only virtual mailbox domains, uses
      antispam and antivirus measures, smtp auth server and client through dovecot
      not sure about this, tls, and hooks in to mailman for list management.
      Thanks.
      Dave.

      address_verify_map = btree:/var/spool/postfix/verified_senders
      alias_database = hash:/etc/postfix/aliases
      alias_maps = hash:/etc/postfix/aliases
      append_dot_mydomain = no
      biff = no
      body_checks = pcre:/etc/postfix/body_checks
      broken_sasl_auth_clients = yes
      canonical_maps = hash:/etc/postfix/canonical
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      disable_vrfy_command = yes
      empty_address_recipient = MAILER-DAEMON
      header_checks = pcre:/etc/postfix/header_checks
      home_mailbox = Maildir/
      html_directory = no
      inet_interfaces = 127.0.0.1, 74.208.64.129
      invalid_hostname_reject_code = 554
      local_recipient_maps = proxy:unix:passwd.byname $alias_maps
      mail_owner = postfix
      mail_spool_directory = /var/spool/mail
      mailbox_size_limit = 104857600
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      message_size_limit = 20971520
      multi_recipient_bounce_reject_code = 554
      mydestination = localhost, lists.$mydomain
      mydomain = davemehler.com
      myhostname = mail.davemehler.com
      mynetworks = 127.0.0.0/8
      myorigin = $mydomain
      newaliases_path = /usr/bin/newaliases.postfix
      non_fqdn_reject_code = 554
      owner_request_special = no
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
      recipient_delimiter = +
      relay_domains_reject_code = 554
      sample_directory = /usr/share/doc/postfix-2.3.3/samples
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      show_user_unknown_table_name = no
      smtp_helo_timeout = 60s
      smtp_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
      smtp_tls_cert_file = /etc/postfix/ssl/smtp.crt
      smtp_tls_key_file = /etc/postfix/ssl/smtp.key
      smtp_tls_note_starttls_offer = yes
      smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_cache
      smtp_use_tls = yes
      smtpd_banner = $myhostname
      smtpd_data_restrictions = reject_unauth_pipelining
      smtpd_delay_reject = yes
      smtpd_error_sleep_time = 5s
      smtpd_hard_error_limit = 20
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks,
      reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
      smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
      reject_unauth_destination, reject_invalid_hostname,
      reject_non_fqdn_hostname, reject_non_fqdn_sender,
      reject_non_fqdn_recipient, reject_unknown_sender_domain,
      reject_unknown_recipient_domain, reject_unverified_recipient
      reject_multi_recipient_bounce, check_helo_access
      pcre:/etc/postfix/helo_checks.pcre check_sender_mx_access
      cidr:/etc/postfix/bogus_mx check_recipient_access
      hash:/etc/postfix/recipient_access check_sender_access
      hash:/etc/postfix/common_spam_senderdomains reject_rhsbl_sender
      dsn.rfc-ignorant.org reject_rbl_client zen.spamhaus.org,
      reject_rbl_client multi.uribl.com, reject_rbl_client images.rbl.msrbl.net,
      reject_rbl_client list.dsbl.org check_policy_service inet:127.0.0.1:10023
      reject_unauth_pipelining, check_policy_service unix:private/spfpolicy
      policy_time_limit = 3600 reject_rbl_client zen.spamhaus.org,
      reject_rbl_client bl.spamcop.net,
      smtpd_restriction_classes = has_our_domain_as_sender
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_local_domain =
      smtpd_sasl_path = private/auth
      smtpd_sasl_security_options = noanonymous
      smtpd_sasl_type = dovecot
      smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
      permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender,
      reject_unknown_sender_domain, reject_unauth_pipelining
      reject_sender_login_mismatch check_recipient_access
      pcre:/etc/postfix/listcheck
      smtpd_soft_error_limit = 10
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/postfix/ssl/smtp.crt smtpd_tls_CAfile =
      /etc/postfix/ssl/ca-cert.pem
      smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
      smtpd_tls_session_cache_timeout = 3600s
      strict_rfc821_envelopes = yes
      tls_random_source = dev:/dev/urandom
      unknown_address_reject_code = 554
      unknown_client_reject_code = 554
      unknown_hostname_reject_code = 554
      unknown_local_recipient_reject_code = 550
      unknown_relay_recipient_reject_code = 554
      unknown_virtual_alias_reject_code = 554
      unknown_virtual_mailbox_reject_code = 554
      unverified_recipient_reject_code = 554
      unverified_sender_reject_code = 554
      virtual_alias_maps = hash:/etc/postfix/virtual_alias
      virtual_gid_maps = static:5000
      virtual_mailbox_base = /home/vmail
      virtual_mailbox_domains = /etc/postfix/vhosts
      virtual_mailbox_maps = hash:/etc/postfix/vmaps
      virtual_minimum_uid = 1000
      virtual_uid_maps = static:5000
    Your message has been successfully submitted and would be delivered to recipients shortly.