main.cf

1. # Global Postfix configuration file. This file lists only a small subset
2. # of all parameters. For the syntax, and for a complete parameter list,
3. # see the postconf(5) manual page. For a commented and more complete
4. # version of this file see /etc/postfix/main.cf.dist
5.  
6. #mailbox_command = /usr/bin/procmail -a $DOMAIN -d $LOGNAME
7.  
8. mailbox_command = /usr/libexec/dovecot/deliver
9.  
10. virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
11. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
12. virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
13.  
14. virtual_uid_maps = static:501
15. virtual_gid_maps = static:501
16. virtual_transport = dovecot
17.  
18. mynetworks = 127.0.0.1 xxx.xxx.xxx.xxx/32 10.0.0.33/32
19. mailbox_size_limit = 51200000
20. message_size_limit = 20480000
21.  
22. ### TLS
23. # Настройки TLS для приема почты сервером от клиентов
24.  
25. smtpd_tls_cert_file = /var/lib/ssl/certs/postfix.pem
26. smtpd_tls_key_file = /var/lib/ssl/private/postfix.pem
27. smtpd_use_tls = no
28. smtpd_tls_loglevel = 1
29. smtpd_tls_auth_only = no
30. smtpd_tls_received_header = yes
31. smtpd_tls_session_cache_timeout = 3600s
32.  
33. smtpd_sasl_type = dovecot
34. smtpd_sasl_path = private/auth
35. smtpd_sasl_auth_enable = yes
36. smtpd_sasl_authenticated_header = yes
37.  
38. smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
39.  
40. # Откладываем принятие решений о письме до стадии RCPT TO, чтобы получить всю информацию о письме (кому, от кого, и т.д.)
41. smtpd_delay_reject = yes
42.  
43. # Требуем HELO в начале SMTP сессии
44. smtpd_helo_required = yes
45. smtpd_sender_login_maps = mysql:/etc/postfix/mysql-check-sender.cf
46.  
47. # Настройки TLS для отправки почты сервером на другие сервера
48.  
49. smtp_tls_cert_file = /var/lib/ssl/certs/postfix.pem
50. smtp_tls_key_file = /var/lib/ssl/private/postfix.pem
51. smtp_use_tls = no
52. smtp_tls_loglevel = 1
53. smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
54.  
55. tls_random_source = dev:/dev/urandom
56. inet_interfaces = all
57. strict_rfc821_envelopes = yes
58. disable_vrfy_command = yes
59.  
60. smtpd_client_restrictions =
61. permit_sasl_authenticated
62. permit_mynetworks
63. reject_unknown_reverse_client_hostname
64. permit
65.  
66. smtpd_helo_restrictions =
67. permit_sasl_authenticated
68. permit_mynetworks
69. # check_helo_access pcre:/etc/postfix/checks/helo_checks.pcre
70. reject_invalid_helo_hostname
71. reject_non_fqdn_helo_hostname
72. reject_unknown_helo_hostname
73. permit
74.  
75. smtpd_sender_restrictions =
76. # reject_sender_login_mismatch
77. # reject_unauthenticated_sender_login_mismatch
78. reject_authenticated_sender_login_mismatch
79. permit_sasl_authenticated
80. permit_mynetworks
81. reject_non_fqdn_sender
82. reject_unknown_sender_domain
83.  
84. smtpd_recipient_restrictions =
85. permit_mynetworks,
86. permit_sasl_authenticated,
87. reject_unauth_destination,
88. reject_unauth_pipelining,
89. reject_invalid_hostname,
90. reject_non_fqdn_hostname,
91. reject_non_fqdn_recipient,
92. reject_unknown_recipient_domain,
93. reject_unlisted_recipient,
94. reject_rbl_client dnsbl.sorbs.net
95. # check_recipient_access pcre:/etc/postfix/dspam_incoming
96. permit
97. # check_policy_service inet:127.0.0.1:10023