Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # See /usr/share/postfix/main.cf.dist for a commented, more complete version
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- myorigin = /etc/mailname
- smtpd_banner = SMTPD Ready.
- biff = no
- recipient_delimiter = +
- luser_relay =
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- append_at_myorigin = yes
- readme_directory = no
- # Si vous avez plusieurs interfaces des réseaux différents
- #smtp_bind_address=A.B.C.D
- #smtp_bind_address6=AAAA:BBBB:CCCC:DDDD
- # important dans le cas de résolutions local via /etc/hosts (et la présence de denyhost)
- #smtp_host_lookup = native, dns
- # TLS SMTP
- smtp_tls_security_level = may
- smtp_tls_ciphers = high
- smtp_tls_protocols = !SSLv2, !SSLv3
- #smtp_tls_CAfile = /etc/ssl/certs/cacert.org.pem # Utilisez CACERT ! http://www.cacert.org
- smtp_tls_key_file = /etc/nginx/cert.key
- smtp_tls_cert_file = /etc/nginx/cert.crt
- smtp_tls_session_cache_timeout = 3600s
- smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
- myhostname = maildude.be
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- mydestination = nextu.be, localhost.nextu.be, localhost
- relayhost =
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_command = procmail -a "$EXTENSION"
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- inet_protocols = all
- # CONTROL DELIVER
- default_destination_concurrency_limit = 20
- local_destination_concurrency_limit = 2
- in_flow_delay = 1s
- message_size_limit = 102400000
- bounce_size_limit = 1000
- # CONTROL DELIVRANCE
- allow_untrusted_routing = no
- smtp_recipient_limit = 25
- disable_vrfy_command = yes
- strict_rfc821_envelopes = yes
- show_user_unknown_table_name = no
- allow_percent_hack = no
- swap_bangpath = no
- ### Tarpit jusqu'au RCPT TO:
- smtpd_delay_reject = yes
- ### Tarpit bots/clients/spammers
- smtpd_error_sleep_time = 15
- smtpd_soft_error_limit = 1
- smtpd_hard_error_limit = 3
- smtpd_junk_command_limit = 2
- ### Reject codes == 554
- access_map_reject_code = 554
- invalid_hostname_reject_code = 554
- maps_rbl_reject_code = 554
- multi_recipient_bounce_reject_code = 554
- non_fqdn_reject_code = 554
- plaintext_reject_code = 554
- reject_code = 554
- relay_domains_reject_code = 554
- unknown_address_reject_code = 554
- unknown_client_reject_code = 450
- unknown_hostname_reject_code = 450
- unknown_local_recipient_reject_code = 554
- unknown_relay_recipient_reject_code = 554
- unknown_virtual_alias_reject_code = 554
- unknown_virtual_mailbox_reject_code = 554
- unverified_recipient_reject_code = 554
- unverified_sender_reject_code = 554
- # header_checks = regexp:/etc/postfix/maps/header_checks
- # body_checks = regexp:/etc/postfix/maps/body_checks
- smtpd_client_restrictions = permit_mynetworks
- reject_invalid_hostname
- reject_unknown_client
- permit
- smtpd_helo_required = yes
- # Obligation pour l'emetteur
- smtpd_sender_restrictions = permit_sasl_authenticated
- permit_mynetworks
- reject_unauth_destination
- reject_non_fqdn_sender
- reject_unknown_sender_domain
- reject_unknown_address
- reject_rhsbl_sender dsn.rfc-ignorant.org
- permit
- smtpd_etrn_restrictions = permit_mynetworks
- reject
- smtpd_data_restrictions = reject_unauth_pipelining
- reject_multi_recipient_bounce
- permit
- smtpd_recipient_restrictions = reject_invalid_hostname
- reject_non_fqdn_sender
- reject_non_fqdn_recipient
- permit_mynetworks
- permit_sasl_authenticated
- reject_unauth_pipelining
- reject_unknown_sender_domain
- reject_unknown_recipient_domain
- reject_unauth_destination
- reject_unknown_client
- reject_rbl_client zen.spamhaus.org
- reject_rbl_client cbl.abuseat.org
- reject_rhsbl_client multi.surbl.org
- reject_rhsbl_sender multi.surbl.org
- reject_rhsbl_sender dbl.spamhaus.org
- reject_rhsbl_client dbl.spamhaus.org
- reject_rhsbl_sender dsn.rfc-ignorant.org
- permit
- # SASL
- smtpd_use_tls=yes
- smtpd_tls_security_level = may
- smtpd_tls_mandatory_ciphers = high
- smtpd_tls_mandatory_protocols = !SSLv2
- #smtpd_tls_ask_ccert = yes
- #smtpd_tls_CAfile = /etc/nginx/cert.crt
- smtpd_tls_key_file = /etc/nginx/cert.key
- smtpd_tls_cert_file = /etc/nginx/cert.crt
- smtpd_tls_loglevel = 0
- smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
- smtpd_tls_session_cache_timeout = 3600s
- broken_sasl_auth_clients = yes
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_local_domain = $myhostname
- #smtpd_sasl_application_name = smtpd
- #smtpd_sasl_security_options = noanonymous, noplaintext
- #smtpd_sasl_tls_security_options = noanonymous
- #smtpd_tls_auth_only = yes
- #smtpd_sasl_authenticated_header = no
- relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf
- virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
- virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf
- virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
- virtual_mailbox_base = /srv/vmail
- virtual_mailbox_limit = 512000000
- virtual_minimum_uid = 1999
- virtual_transport = virtual
- virtual_uid_maps = static:2000
- virtual_gid_maps = static:2000
- local_transport = virtual
- local_recipient_maps = $virtual_mailbox_maps
- # Plutard pour la gestion du répondeur même si le répondeur est une très mauvaise idée, sauf pour les spammeurs.
- # transport_maps = hash:/etc/postfix/transport
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement