daily pastebin goal
66%
SHARE
TWEET

Untitled

a guest Oct 17th, 2017 400 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Oct 17 06:06:04 mail postfix/submission/smtpd[20879]: connect from unknown[138.0.151.15]:52395
  2. Oct 17 06:06:04 mail postfix/submission/smtpd[20879]: NOQUEUE: reject: RCPT from unknown[138.0.151.15]:52395: 554 5.7.1 <someone@gmail.com>: Recipient address rejected: Access denied; from=<teste@mywebsite.com> to=<someone@gmail.com> proto=ESMTP helo=<[100.64.250.167]>
  3. Oct 17 06:06:24 mail postfix/submission/smtpd[20879]: lost connection after DATA from unknown[138.0.151.15]:52395
  4. Oct 17 06:06:24 mail postfix/submission/smtpd[20879]: disconnect from unknown[138.0.151.15]:52395 ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 commands=4/6
  5.    
  6. #
  7. # Postfix master process configuration file.  For details on the format
  8. # of the file, see the master(5) manual page (command: "man 5 master" or
  9. # on-line: http://www.postfix.org/master.5.html).
  10. #
  11. # Do not forget to execute "postfix reload" after editing this file.
  12. #
  13. # ==========================================================================
  14. # service type  private unpriv  chroot  wakeup  maxproc command + args
  15. #               (yes)   (yes)   (no)    (never) (100)
  16. # ==========================================================================
  17. smtp        inet    n   -   n   -   -   smtpd
  18.      -o receive_override_options=no_address_mappings
  19. #    -o smtpd_client_connect_count_limit=100
  20. #    -o smtpd_sasl_auth_enable=yes
  21.      -o smtp_tls_security_level=may
  22. # SSL 465
  23. smtps       inet    n   -   n   -   -   smtpd
  24. #    -o smtpd_client_connect_count_limit=10
  25.      -o smtpd_tls_wrappermode=yes
  26.      -o smtpd_sasl_auth_enable=yes
  27.      -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  28.      -o smtpd_client_restrictions=permit_sasl_authenticated,permit_auth_destinations,reject
  29. #smtp       inet    n   -   n   -   1   postscreen
  30. #smtpd      pass    -   -   n   -   -   smtpd
  31. dnsblog     unix    -   -   n   -   0   dnsblog
  32. tlsproxy    unix    -   -   n   -   0   tlsproxy
  33.  
  34. # TLS 587
  35. submission  inet    n   -   n   -   -   smtpd
  36.      -o syslog_name=postfix/submission
  37.      -o smtpd_tls_security_level=encrypt
  38.      -o smtpd_etrn_restrictions=reject
  39.      -o smtpd_sasl_auth_enable=yes
  40.      -o receive_override_options=no_address_mappings
  41.      -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  42.      -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
  43.  
  44.  
  45. #  -o smtpd_tls_security_level=encrypt
  46. #  -o smtpd_sasl_auth_enable=yes
  47. #  -o smtpd_tls_auth_only=yes
  48. #  -o smtpd_reject_unlisted_recipient=no
  49. #  -o smtpd_client_restrictions=$mua_client_restrictions
  50. #  -o smtpd_helo_restrictions=$mua_helo_restrictions
  51. #  -o smtpd_sender_restrictions=$mua_sender_restrictions
  52. #  -o smtpd_recipient_restrictions=
  53. #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  54.      -o milter_macro_daemon_name=ORIGINATING
  55. #smtps      inet    n   -   n   -   -   smtpd
  56. #  -o syslog_name=postfix/smtps
  57. #  -o smtpd_tls_wrappermode=yes
  58. #  -o smtpd_sasl_auth_enable=yes
  59. #  -o smtpd_reject_unlisted_recipient=no
  60. #  -o smtpd_client_restrictions=$mua_client_restrictions
  61. #  -o smtpd_helo_restrictions=$mua_helo_restrictions
  62. #  -o smtpd_sender_restrictions=$mua_sender_restrictions
  63. #  -o smtpd_recipient_restrictions=
  64. #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  65. #  -o milter_macro_daemon_name=ORIGINATING
  66. #628        inet    n   -   n   -   -   qmqpd
  67. pickup      unix    n   -   n   60  1   pickup
  68. cleanup     unix    n   -   n   -   0   cleanup
  69. qmgr        unix    n   -   n   300 1   qmgr
  70. #qmgr       unix    n   -   n   300 1   oqmgr
  71. tlsmgr      unix    -   -   n   1000?   1   tlsmgr
  72. rewrite     unix    -   -   n   -   -   trivial-rewrite
  73. bounce      unix    -   -   n   -   0   bounce
  74. defer       unix    -   -   n   -   0   bounce
  75. trace       unix    -   -   n   -   0   bounce
  76. verify      unix    -   -   n   -   1   verify
  77. flush       unix    n   -   n   1000?   0   flush
  78. proxymap    unix    -   -   n   -   -   proxymap
  79. proxywrite  unix    -   -   n   -   1   proxymap
  80. smtp        unix    -   -   n   -   -   smtp
  81. relay       unix    -   -   n   -   -   smtp
  82. #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  83. showq       unix    n   -   n   -   -   showq
  84. error       unix    -   -   n   -   -   error
  85. retry       unix    -   -   n   -   -   error
  86. discard     unix    -   -   n   -   -   discard
  87. local       unix    -   n   n   -   -   local
  88. virtual     unix    -   n   n   -   -   virtual
  89. lmtp        unix    -   -   n   -   -   lmtp
  90. anvil       unix    -   -   n   -   1   anvil
  91. scache      unix    -   -   n   -   1   scache
  92. #
  93. # ====================================================================
  94. # Interfaces to non-Postfix software. Be sure to examine the manual
  95. # pages of the non-Postfix software to find out what options it wants.
  96. #
  97. # Many of the following services use the Postfix pipe(8) delivery
  98. # agent.  See the pipe(8) man page for information about ${recipient}
  99. # and other message envelope options.
  100. # ====================================================================
  101. #
  102. # maildrop. See the Postfix MAILDROP_README file for details.
  103. # Also specify in main.cf: maildrop_destination_recipient_limit=1
  104. #
  105. #maildrop   unix    -   n   n   -   -   pipe
  106. #  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
  107. #
  108. # ====================================================================
  109. #
  110. # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
  111. #
  112. # Specify in cyrus.conf:
  113. #   lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
  114. #
  115. # Specify in main.cf one or more of the following:
  116. #  mailbox_transport = lmtp:inet:localhost
  117. #  virtual_transport = lmtp:inet:localhost
  118. #
  119. # ====================================================================
  120. #
  121. # Cyrus 2.1.5 (Amos Gouaux)
  122. # Also specify in main.cf: cyrus_destination_recipient_limit=1
  123. #
  124. #cyrus      unix    -   n   n   -   -   pipe
  125. #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
  126. #
  127. # ====================================================================
  128. #
  129. # Old example of delivery via Cyrus.
  130. #
  131. #old-cyrus  unix    -   n   n   -   -   pipe
  132. #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
  133. #
  134. # ====================================================================
  135. #
  136. # See the Postfix UUCP_README file for configuration details.
  137. #
  138. #uucp       unix    -   n   n   -   -   pipe
  139. #  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  140. #
  141. # ====================================================================
  142. #
  143. # Other external delivery methods.
  144. #
  145. #ifmail     unix    -   n   n   -   -   pipe
  146. #  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  147. #
  148. #bsmtp      unix    -   n   n   -   -   pipe
  149. #  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
  150. #
  151. #scalemail-backend unix -       n       n       -       2       pipe
  152. #  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
  153. #  ${nexthop} ${user} ${extension}
  154. #
  155. #mailman    unix    -   n   n   -   -   pipe
  156. #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  157. #  ${nexthop} ${user}
  158. dovecot     unix    -   n   n   -   -   pipe
  159.     flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@{nexthop}
  160.  
  161. amavisd-new unix    -   -   n   -   2   lmtp
  162.      -o lmtp_data_done_timeout=1200s
  163.      -o lmtp_send_xforward_command=yes
  164.      -o disable_dns_lookups=yes
  165.      -o max_use=20
  166.  
  167. 127.0.0.1:10025 inet    n   -   n   -   -   smtpd
  168.      -o content_filter=
  169.      -o local_recipient_maps=
  170.      -o relay_recipient_maps=
  171.      -o smtpd_restriction_classes=
  172.      -o smtpd_delay_reject=no
  173.      -o smtpd_client_restrictions=permit_mynetworks,reject
  174.      -o smtpd_helo_restrictions=
  175.      -o smtpd_sender_restrictions=
  176.      -o smtpd_recipient_restrictions=permit_mynetworks,reject
  177.      -o smtpd_data_restrictions=reject_unauth_pipelining
  178.      -o mynetworks=127.0.0.0/8
  179.      -o strict_rfc821_envelopes=yes
  180.    
  181. compatibility_level = 2
  182. queue_directory = /var/spool/postfix
  183. command_directory = /usr/local/sbin
  184. daemon_directory = /usr/local/libexec/postfix
  185. data_directory = /var/db/postfix
  186. mail_owner = postfix
  187. myhostname = mail.$mydomain
  188. mydomain = mywebsite.com
  189. myorigin = $mydomain
  190. inet_interfaces = all
  191. mydestination = $myhostname, localhost.$mydomain, localhost
  192. unknown_local_recipient_reject_code = 550
  193. mynetworks = 127.0.0.0/8, 10.0.0.0/24, 192.168.0.0/24
  194. alias_maps = hash:/etc/aliases
  195. recipient_delimiter = +
  196. mail_spool_directory = /usr/local/vhosts
  197. smtpd_banner = $myhostname ESMTP $mail_name
  198. debug_peer_level = 3
  199. sendmail_path = /usr/local/sbin/sendmail
  200. newaliases_path = /usr/local/bin/newaliases
  201. mailq_path = /usr/local/bin/mailq
  202. setgid_group = maildrop
  203. html_directory = no
  204. manpage_directory = /usr/local/man
  205. sample_directory = /usr/local/etc/postfix
  206. readme_directory = no
  207. inet_protocols = all
  208.  
  209. # Authentication
  210. smtpd_sasl_auth_enable = yes
  211. #smtp_sasl_mechanism_filter = plain, login
  212.  
  213. # Forbids anonymous and plaintext authentication mechanisms over an
  214. # unencrypted transport layer
  215. smtp_sasl_security_options = noanonymous, noplaintext, noactive, nodictionary
  216. # Allows plaintext mechanisms when talking to the server with TLS
  217. smtpd_sasl_tls_security_options = noanonymous
  218.  
  219. smtpd_sasl_local_domain = $myhostname
  220. broken_sasl_auth_clients = yes
  221. smtpd_sasl_type = dovecot
  222. smtpd_sasl_path = private/auth
  223.  
  224. smtpd_sasl_authenticated_header = yes
  225. smtpd_sender_login_maps = proxy:mysql:/usr/local/etc/postfix/mysql-sender-logins-maps.cf
  226. lmtp_tls_fingerprint_digest = sha1
  227. local_header_rewrite_clients = permit_mynetworks permit_sasl_authenticated
  228.  
  229. # Virtual mailboxes
  230. local_transport = virtual
  231. virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf
  232. virtual_mailbox_base = /usr/local/vhosts
  233. virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf
  234. virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf
  235. virtual_minimum_uid = 5000
  236. virtual_transport = lmtp:unix:private/dovecot-lmtp
  237. virtual_gid_maps = static:5000
  238. virtual_uid_maps = static:5000
  239. mailbox_size_limit = 0
  240. virtual_mailbox_limit = 0
  241.  
  242. # The maximal size in bytes of a message, including envelope
  243. # information.
  244. message_size_limit = 104857600
  245.  
  246. # The maximal number of recipients per message for the smtp message
  247. # delivery transport.
  248. smtp_destination_recipient_limit = 10
  249.  
  250. # How many simultaneous connections any remote SMTP client is
  251. # allowed to have
  252. smtpd_client_connection_count_limit = 10
  253.  
  254. # The maximal number of message delivery requests that any client is
  255. # allowed to make to this server per time unit.
  256. smtpd_client_message_rate_limit = 25
  257.  
  258. # Limit the number of times RSET can be used
  259. smtpd_junk_command_limit = 1
  260.  
  261. # Limit number of destination address per message
  262. smtpd_recipient_limit = 50
  263.  
  264. # Decrease the client limit for sending the HOor EHLO command
  265. smtp_helo_timeout = 60s
  266.  
  267. always_add_missing_headers = yes
  268. biff = no
  269. enable_long_queue_ids = yes
  270.  
  271. ###### Restrictions 2
  272.  
  273. # Require HELO or EHLO before commencing a MAIL transaction - RFC 821
  274. smtpd_helo_required = yes
  275.  
  276. # Disable the SMTPD VRFY command
  277. # Reduces chance of spammer look for valid address
  278. postscreen_disable_vrfy_command = yes
  279. disable_vrfy_command = yes
  280.  
  281. # Disable rewrite from user%domain to user@domain
  282. allow_percent_hack = no
  283.  
  284. # Disable rewrite from site!user to user@site
  285. swap_bangpath = no
  286.  
  287. ###### Slowdown Bad Clients
  288.  
  289. # The maximal number of errors code 500 a remote client is allowed to
  290. # make without delivering mail.
  291. smtpd_hard_error_limit = 3
  292.  
  293. # The maximal number or errors code 400, server will delay all responses
  294. # using the value from smtpd_error_sleep_time
  295. smtpd_soft_error_limit = 1
  296.  
  297. # Server response delay in seconds  after errors
  298. smtpd_error_sleep_time = 20
  299.  
  300. # Mime Header Checks
  301. mime_header_checks = pcre:${config_directory}/mime_header_checks
  302.  
  303. # Amavis
  304. content_filter = amavisd-new:[127.0.0.1]:10024
  305.  
  306. ###### Restrictions
  307. smtpd_relay_restrictions =  permit_mynetworks
  308.                 permit_sasl_authenticated
  309.                 reject_unauth_destination
  310.                 defer_unauth_destination
  311.                 permit
  312.  
  313. smtpd_recipient_restrictions =  permit_mynetworks,
  314.                 permit_sasl_authenticated,
  315.                 reject_non_fqdn_recipient,
  316.                 reject_non_fqdn_sender,
  317.                 reject_unknown_sender_domain,
  318.                 reject_unknown_recipient_domain,
  319. #               check_recipient_access pcre:${config_directory}/recipient_checks.pcre,
  320.                 reject_unauth_destination,
  321.                 reject_unauth_pipelining,
  322. # Old versions of Microsoft Outlook only send local hostname.
  323.                 reject_non_fqdn_hostname,
  324.                 reject_invalid_hostname,
  325.                 check_helo_access pcre:${config_directory}/helo_checks.pcre,
  326.                 check_sender_mx_access cidr:${config_directory}/bogus_mx,
  327. #               reject_rbl_client zen.spamhaus.org,
  328.                 reject_rbl_client bl.spamcop.net,
  329. # Blocking Google Mails.
  330. #               reject_rbl_client dnsbl.sorbs.net,
  331. #DNS StUFF site
  332. #               reject_unverified_sender,
  333.                 permit
  334.  
  335. smtpd_data_restrictions =   reject_multi_recipient_bounce
  336. #               reject_unauth_pipelining
  337. #               permit
  338.  
  339. masquerade_domains = $mydomain
  340. masquerade_exceptions = root mailer-daemon
  341. notify_classes = data protocol resource software
  342.  
  343. show_user_unknown_table_name = no
  344. smtp_dns_support_level = enabled
  345.  
  346. # TLS Settings
  347. smtp_enforce_tls = yes
  348. smtpd_use_tls = yes
  349. smtpd_tls_auth_only = yes
  350. smtp_tls_note_starttls_offer = yes
  351.  
  352. # Mandatory (high-grade) TLS encryption
  353. #smtp_tls_security_level = encrypt
  354. # Allow servers from Internet without encryption devliver mail
  355. # Configurado no master.cf
  356. smtpd_tls_security_level = may
  357.  
  358. smtp_tls_mandatory_protocols = TLSv1.2 TLSv1.1
  359. smtpd_tls_protocols = TLSv1.2
  360.  
  361. smtp_tls_ciphers = high
  362. smtpd_tls_ciphers = high
  363.  
  364.  
  365. smtp_tls_mandatory_ciphers = high
  366. smtpd_tls_mandatory_ciphers = high
  367.  
  368. smtpd_tls_eecdh_grade = ultra
  369. tls_eecdh_strong_curve = prime256v1
  370. tls_eecdh_ultra_curve = secp384r1
  371.  
  372. smtp_tls_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL aECDH eNULL EDH-DSS-DES-CBC3-EDH-RSA-DES-CBC3-SHA KRB5-DES CBC3-SHA SHA MEDIUM LOW EXPORT DES MD5 PSK
  373. smtp_tls_mandatory_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL aECDH eNULL EDH-DSS-DES-CBC3-EDH-RSA-DES-CBC3-SHA KRB5-DES CBC3-SHA SHA MEDIUM LOW EXPORT DES MD5 PSK
  374. smtpd_tls_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL aECDH eNULL EDH-DSS-DES-CBC3-EDH-RSA-DES-CBC3-SHA KRB5-DES CBC3-SHA SHA MEDIUM LOW EXPORT DES MD5 PSK
  375. smtpd_tls_mandatory_exclude_ciphers = CAMELLIA SEED IDEA RC2 RC4 kSRP kGOST kECDHr kECDHe kDHr kDHd aDSS aPSK aNULL aECDH eNULL EDH-DSS-DES-CBC3-EDH-RSA-DES-CBC3-SHA KRB5-DES CBC3-SHA SHA MEDIUM LOW EXPORT DES MD5 PSK
  376.  
  377. smtpd_tls_dh1024_param_file = ${config_directory}/dh_2048_params.pem
  378.  
  379. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  380. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  381. smtpd_tls_session_cache_timeout = 6h
  382.  
  383. smtp_tls_fingerprint_digest = sha1
  384. smtpd_tls_fingerprint_digest = sha1
  385.  
  386. smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
  387. smtp_tls_secure_cert_match = nexthop
  388.  
  389. smtp_tls_loglevel = 0
  390. smtpd_tls_loglevel = 0
  391. smtpd_client_port_logging = yes
  392.  
  393. smtp_tls_CAfile = /etc/ssl/cert.pem
  394. smtpd_tls_CAfile = /etc/ssl/cert.pem
  395. smtpd_tls_cert_file = /usr/local/etc/postfix/mail.mywebsite.com.crt
  396. smtpd_tls_key_file = /usr/local/etc/postfix/mywebsite.com.privatekey
  397.  
  398. smtpd_tls_received_header = yes
  399.  
  400. openssl_path = /usr/local/bin/openssl
  401. tls_daemon_random_bytes = 64
  402. tls_high_cipherlist = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA
  403. tls_medium_cipherlist = EECDH+ECDSA+CHACHA20 EECDH+CHACHA20 EECDH+ECDSA+AESGCM EECDH+AESGCM EECDH+ECDSA+AES256 EECDH+AES256 EECDH+ECDSA+AES128 EECDH+AES128 EECDH+ECDSA+3DES EECDH+3DES EDH+CHACHA20 EDH+AESGCM EDH+AES256 EDH+AES128 EDH+3DES
  404. tls_preempt_cipherlist = yes
  405. tls_random_bytes = 64
  406. tls_random_source = dev:/dev/random
  407. tls_ssl_options = NO_COMPRESSION
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top