API tools faq
paste
Advertisement
Guest User

main.cf

a guest
Nov 2nd, 2016
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.57 KB | None | 0 0
raw download clone embed print report
  1. ##
  2. ## Netzwerkeinstellungen
  3. ##
  4.  
  5. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  6. inet_interfaces = 127.0.0.1, ::1, MyIP
  7. myhostname = Mydomain.tld
  8.  
  9.  
  10. ##
  11. ## Mail-Queue Einstellungen
  12. ##
  13.  
  14. maximal_queue_lifetime = 1h
  15. bounce_queue_lifetime = 1h
  16. maximal_backoff_time = 15m
  17. minimal_backoff_time = 5m
  18. queue_run_delay = 5m
  19.  
  20.  
  21. ##
  22. ## TLS Einstellungen
  23. ###
  24.  
  25. tls_ssl_options = NO_COMPRESSION
  26. tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
  27.  
  28. ### Ausgehende SMTP-Verbindungen (Postfix als Sender)
  29.  
  30. smtp_tls_security_level = dane
  31. smtp_dns_support_level = dnssec
  32. smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
  33. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  34. smtp_tls_protocols = !SSLv2, !SSLv3
  35. smtp_tls_ciphers = high
  36. smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
  37.  
  38.  
  39. ### Eingehende SMTP-Verbindungen
  40.  
  41. smtpd_tls_security_level = may
  42. smtpd_tls_protocols = !SSLv2, !SSLv3
  43. smtpd_tls_ciphers = high
  44. smtpd_tls_dh1024_param_file = /etc/myssl/dh2048.pem
  45. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  46.  
  47. smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.tld/fullchain.pem
  48. smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.tld/privkey.pem
  49.  
  50.  
  51. ##
  52. ## Lokale Mailzustellung an Dovecot
  53. ##
  54.  
  55. virtual_transport = lmtp:unix:private/dovecot-lmtp
  56.  
  57.  
  58. ##
  59. ## Milter: DKIM-Signaturen durch OpenDKIM-Milter
  60. ## und Mail-Filter mit Amavis (via amavisd-milter)
  61. ##
  62.  
  63. milter_default_action = accept
  64. milter_protocol = 2
  65. smtpd_milters = unix:/var/run/amavis/amavisd-milter.sock,
  66. unix:/var/run/opendkim/opendkim.sock
  67. non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
  68.  
  69. ##
  70. ## Server Restrictions für Clients, Empfänger und Relaying
  71. ## (im Bezug auf S2S-Verbindungen. Mailclient-Verbindungen werden in master.cf im Submission-Bereich konfiguriert)
  72. ##
  73.  
  74. ### Bedingungen, damit Postfix als Relay arbeitet (für Clients)
  75. smtpd_relay_restrictions = reject_non_fqdn_recipient
  76. reject_unknown_recipient_domain
  77. permit_mynetworks
  78. reject_unauth_destination
  79.  
  80.  
  81. ### Bedingungen, damit Postfix ankommende E-Mails als Empfängerserver entgegennimmt (zusätzlich zu relay-Bedingungen)
  82. ### check_recipient_access prüft, ob ein account sendonly ist
  83. smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/sql/recipient-access.cf
  84.  
  85.  
  86. ### Bedingungen, die SMTP-Clients erfüllen müssen (sendende Server)
  87. smtpd_client_restrictions = permit_mynetworks
  88. check_client_access hash:/etc/postfix/without_ptr
  89. reject_unknown_client_hostname
  90.  
  91.  
  92. ### Wenn fremde Server eine Verbindung herstellen, müssen sie einen gültigen Hostnamen im HELO haben.
  93. smtpd_helo_required = yes
  94. smtpd_helo_restrictions = permit_mynetworks
  95. reject_invalid_helo_hostname
  96. reject_non_fqdn_helo_hostname
  97. reject_unknown_helo_hostname
  98.  
  99. # Clients blockieren, wenn sie versuchen zu früh zu senden
  100. smtpd_data_restrictions = reject_unauth_pipelining
  101.  
  102.  
  103.  
  104. ##
  105. ## Postscreen Filter
  106. ##
  107.  
  108. ### Postscreen Whitelist / Blocklist
  109. postscreen_access_list = permit_mynetworks
  110. cidr:/etc/postfix/postscreen_access
  111. postscreen_blacklist_action = drop
  112.  
  113.  
  114. # Verbindungen beenden, wenn der fremde Server es zu eilig hat
  115. postscreen_greet_action = drop
  116.  
  117.  
  118. ### DNS blocklists
  119. postscreen_dnsbl_threshold = 2
  120. postscreen_dnsbl_sites = dnsbl.sorbs.net*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*2, zen.spamhaus.org*2
  121. postscreen_dnsbl_action = drop
  122.  
  123.  
  124. ##
  125. ## MySQL Abfragen
  126. ##
  127.  
  128. virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
  129. virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
  130. virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
  131. local_recipient_maps = $virtual_mailbox_maps
  132.  
  133.  
  134. ##
  135. ## Sonstiges
  136. ##
  137.  
  138. ### Maximale Größe der gesamten Mailbox (soll von Dovecot festgelegt werden, 0 = unbegrenzt)
  139. mailbox_size_limit = 0
  140.  
  141. ### Maximale Größe eingehender E-Mails in Bytes (50 MB)
  142. message_size_limit = 52428800
  143.  
  144. ### Keine System-Benachrichtigung für Benutzer bei neuer E-Mail
  145. biff = no
  146.  
  147. ### Nutzer müssen immer volle E-Mail Adresse angeben - nicht nur Hostname
  148. append_dot_mydomain = no
  149.  
  150. ### Trenn-Zeichen für "Address Tagging"
  151. recipient_delimiter = +
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!