Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix Mac Aministration

Expand Messages
  • Stan Hoeppner
    ... This is likely your default. Check with postconf -d command_directory and remove this line if it is. Don t re-specify default values in main.cf. It
    Message 1 of 18 , Jan 7, 2012
    • 0 Attachment
      On 1/6/2012 8:35 PM, Eric Lemings wrote:

      > Current 'postconf -n' output:
      >
      > command_directory = /usr/sbin

      This is likely your default. Check with 'postconf -d command_directory'
      and remove this line if it is. Don't re-specify default values in
      main.cf. It simply clutters things up making sleuthing more difficult
      than need be.

      > config_directory = /etc/postfix

      Same as above.

      > daemon_directory = /usr/libexec/postfix

      Possibly here as well. On Debian it's /usr/lib/postfix but on OSX it
      may be libexec. If the default is libexec, remove this line.

      > debug_peer_level = 2

      This is the default value. Remove this line. Unless of course Apple
      changed the default to another value, which they should not have.

      > enable_server_options = yes

      This doesn't seem to be a valid main.cf parameter. An Apple add-on I
      assume.

      > imap_submit_cred_file = /private/etc/postfix/submit.cred

      Same here.

      > inet_interfaces = all

      Again, default. Remove this line.

      > local_recipient_maps = proxy:unix:passwd.byname $alias_maps

      Default. Remove.

      > mail_owner = _postfix

      Default. Remove.

      > mailq_path = /usr/bin/mailq

      Default. Remove.

      > manpage_directory = /usr/share/man

      Default. Remove.

      > maps_rbl_domains =

      Deprecated parameter. Remove.

      > mydestination = $myhostname, localhost.$mydomain, localhost, myhost, $mydomain, mail

      Are you sure you need all 6 of these?

      > mydomain_fallback = localhost

      Another Apple add on, seems useless.

      > newaliases_path = /usr/bin/newaliases

      Default. Remove.

      > postscreen_dnsbl_sites = zen.spamhaus.org*2 rbl-plus.mail-abuse.org bl.spamcop.net

      Again, MAPS is a paid service. If you don't have a subscription remove.

      > readme_directory = /usr/share/doc/postfix

      Default. Remove.

      > relayhost =

      Default. Remove.

      > sendmail_path = /usr/sbin/sendmail

      Default. Remove.

      > smtp_sasl_auth_enable = no
      > smtp_sasl_password_maps =
      > smtpd_enforce_tls = no

      All 3 are defaults. Remove them.

      > smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit

      Consolidate your helo restrictions into recipient restrictions.

      > smtpd_pw_server_security_options = cram-md5,gssapi,login,plain

      Yet another Apple add on...

      > smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client rbl-plus.mail-abuse.org, reject_rbl_client bl.spamcop.net, check_policy_service unix:private/policy, permit

      You may want to move these first 3 after reject_unauth_destination.
      Also, there's no need for an explicit permit at the end as that is the
      default behavior.

      > smtpd_use_pw_server = yes

      Yet another Apple add on.

      > tls_random_source = dev:/dev/urandom

      Default. Remove.

      > unknown_local_recipient_reject_code = 550

      Default. Remove.

      > use_sacl_cache = yes

      Another Apple add on.

      > virtual_alias_maps = $virtual_maps

      Default. Remove.


      I'm guessing a lot of the redundant default junk in your main.cf was
      inserted by Apple (IIRC the CentOS/Red Hat people are horrible about
      this as well). Thus your next package upgrade may put them right back in.

      > Still quite a bit of spam getting through.

      The spam making it in is probably not related to some of the changes you
      should make above. Post the "connect from:" lines in your mail log of a
      dozen or so of these spam connections so we can identify the sources and
      recommend tools/methods to put a dent in it.

      --
      Stan
    Your message has been successfully submitted and would be delivered to recipients shortly.