Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Global Postfix configuration file. This file lists only a small subset
- # of all parameters. For the syntax, and for a complete parameter list,
- # see the postconf(5) manual page. For a commented and more complete
- # version of this file see /etc/postfix/main.cf.dist
- #mailbox_command = /usr/bin/procmail -a $DOMAIN -d $LOGNAME
- mailbox_command = /usr/libexec/dovecot/deliver
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
- virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
- virtual_uid_maps = static:501
- virtual_gid_maps = static:501
- virtual_transport = dovecot
- mynetworks = 127.0.0.1 xxx.xxx.xxx.xxx/32 10.0.0.33/32
- mailbox_size_limit = 51200000
- message_size_limit = 20480000
- ### TLS
- # Настройки TLS для приема почты сервером от клиентов
- smtpd_tls_cert_file = /var/lib/ssl/certs/postfix.pem
- smtpd_tls_key_file = /var/lib/ssl/private/postfix.pem
- smtpd_use_tls = no
- smtpd_tls_loglevel = 1
- smtpd_tls_auth_only = no
- smtpd_tls_received_header = yes
- smtpd_tls_session_cache_timeout = 3600s
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_authenticated_header = yes
- smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
- # Откладываем принятие решений о письме до стадии RCPT TO, чтобы получить всю информацию о письме (кому, от кого, и т.д.)
- smtpd_delay_reject = yes
- # Требуем HELO в начале SMTP сессии
- smtpd_helo_required = yes
- smtpd_sender_login_maps = mysql:/etc/postfix/mysql-check-sender.cf
- # Настройки TLS для отправки почты сервером на другие сервера
- smtp_tls_cert_file = /var/lib/ssl/certs/postfix.pem
- smtp_tls_key_file = /var/lib/ssl/private/postfix.pem
- smtp_use_tls = no
- smtp_tls_loglevel = 1
- smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
- tls_random_source = dev:/dev/urandom
- inet_interfaces = all
- strict_rfc821_envelopes = yes
- disable_vrfy_command = yes
- smtpd_client_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- reject_unknown_reverse_client_hostname
- permit
- smtpd_helo_restrictions =
- permit_sasl_authenticated
- permit_mynetworks
- # check_helo_access pcre:/etc/postfix/checks/helo_checks.pcre
- reject_invalid_helo_hostname
- reject_non_fqdn_helo_hostname
- reject_unknown_helo_hostname
- permit
- smtpd_sender_restrictions =
- # reject_sender_login_mismatch
- # reject_unauthenticated_sender_login_mismatch
- reject_authenticated_sender_login_mismatch
- permit_sasl_authenticated
- permit_mynetworks
- reject_non_fqdn_sender
- reject_unknown_sender_domain
- smtpd_recipient_restrictions =
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- reject_unauth_pipelining,
- reject_invalid_hostname,
- reject_non_fqdn_hostname,
- reject_non_fqdn_recipient,
- reject_unknown_recipient_domain,
- reject_unlisted_recipient,
- reject_rbl_client dnsbl.sorbs.net
- # check_recipient_access pcre:/etc/postfix/dspam_incoming
- permit
- # check_policy_service inet:127.0.0.1:10023
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement