SHARE
TWEET

Mast and Main

a guest Feb 18th, 2019 128 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # Postfix master process configuration file.  For details on the format
  3. # of the file, see the master(5) manual page (command: "man 5 master" or
  4. # on-line: http://www.postfix.org/master.5.html).
  5. #
  6. # Do not forget to execute "postfix reload" after editing this file.
  7. #
  8. # ==========================================================================
  9. # service type  private unpriv  chroot  wakeup  maxproc command + args
  10. #               (yes)   (yes)   (no)    (never) (100)
  11. # ==========================================================================
  12. smtp      inet  n       -       y       -       1       postscreen
  13. smtpd     pass  -       -       y       -       -       smtpd
  14. dnsblog   unix  -       -       y       -       0       dnsblog
  15. tlsproxy  unix  -       -       y       -       0       tlsproxy
  16. #submission inet n       -       y       -       -       smtpd
  17. #  -o syslog_name=postfix/submission
  18. #  -o smtpd_tls_security_level=encrypt
  19.   -o smtpd_sasl_auth_enable=yes
  20. #  -o smtpd_tls_auth_only=yes
  21. #  -o smtpd_reject_unlisted_recipient=no
  22.   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  23. #  -o smtpd_helo_restrictions=$mua_helo_restrictions
  24. #  -o smtpd_sender_restrictions=$mua_sender_restrictions
  25. #  -o smtpd_recipient_restrictions=
  26. #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  27. #  -o milter_macro_daemon_name=ORIGINATING
  28. smtps     inet  n       -       y       -       -       smtpd
  29. #  -o syslog_name=postfix/smtps
  30.   -o smtpd_tls_wrappermode=yes
  31. #  -o smtpd_sasl_auth_enable=yes
  32. #  -o smtpd_reject_unlisted_recipient=no
  33. #  -o smtpd_client_restrictions=$mua_client_restrictions
  34. #  -o smtpd_helo_restrictions=$mua_helo_restrictions
  35. #  -o smtpd_sender_restrictions=$mua_sender_restrictions
  36. #  -o smtpd_recipient_restrictions=
  37.   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  38. #  -o milter_macro_daemon_name=ORIGINATING
  39. #628       inet  n       -       y       -       -       qmqpd
  40. #smtp       inet  n       -       -       -       -       smtpd
  41. pickup     unix  n       -       n       60      1       pickup
  42. cleanup    unix  n       -       n       -       0       cleanup
  43. #qmgr     unix  n       -       n       300     1       oqmgr
  44. qmgr       unix  n       -       n       300     1       qmgr
  45. tlsmgr     unix  -       -       n       1000?   1       tlsmgr
  46. rewrite    unix  -       -       n       -       -       trivial-rewrite
  47. bounce     unix  -       -       n       -       0       bounce
  48. defer      unix  -       -       n       -       0       bounce
  49. trace      unix  -       -       n       -       0       bounce
  50. verify     unix  -       -       n       -       1       verify
  51. flush      unix  n       -       n       1000?   0       flush
  52. proxymap   unix  -       -       n       -       -       proxymap
  53. proxywrite unix  -       -       n       -       1       proxymap
  54. smtp       unix  -       -       n       -       -       smtp
  55. #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  56. relay      unix  -       -       n       -       -       smtp
  57.     -o syslog_name=postfix/$service_name
  58. showq      unix  n       -       n       -       -       showq
  59. error      unix  -       -       n       -       -       error
  60. retry      unix  -       -       n       -       -       error
  61. discard    unix  -       -       n       -       -       discard
  62. local      unix  -       n       n       -       -       local
  63. virtual    unix  -       n       n       -       -       virtual
  64. lmtp       unix  -       -       n       -       -       lmtp
  65. anvil      unix  -       -       n       -       1       anvil
  66. #
  67. # ====================================================================
  68. # Interfaces to non-Postfix software. Be sure to examine the manual
  69. # pages of the non-Postfix software to find out what options it wants.
  70. #
  71. # Many of the following services use the Postfix pipe(8) delivery
  72. # agent.  See the pipe(8) man page for information about ${recipient}
  73. # and other message envelope options.
  74. # ====================================================================
  75. #
  76. # maildrop. See the Postfix MAILDROP_README file for details.
  77. # Also specify in main.cf: maildrop_destination_recipient_limit=1
  78. #
  79. scache     unix  -       -       n       -       1       scache
  80. #
  81. # ====================================================================
  82. #
  83. # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
  84. #
  85. # Specify in cyrus.conf:
  86. #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
  87. #
  88. # Specify in main.cf one or more of the following:
  89. #  mailbox_transport = lmtp:inet:localhost
  90. #  virtual_transport = lmtp:inet:localhost
  91. #
  92. # ====================================================================
  93. #
  94. # Cyrus 2.1.5 (Amos Gouaux)
  95. # Also specify in main.cf: cyrus_destination_recipient_limit=1
  96. #
  97. #cyrus     unix  -       n       n       -       -       pipe
  98. #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
  99. #
  100. # ====================================================================
  101. # Old example of delivery via Cyrus.
  102. #
  103. #old-cyrus unix  -       n       n       -       -       pipe
  104. #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
  105. #
  106. # ====================================================================
  107. #
  108. # See the Postfix UUCP_README file for configuration details.
  109. #
  110. maildrop   unix  -       n       n       -       -       pipe flags=DRhu
  111.     user=vmail argv=/usr/bin/maildrop -d ${recipient}
  112. #
  113. # Other external delivery methods.
  114. #
  115. uucp       unix  -       n       n       -       -       pipe flags=Fqhu
  116.     user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  117. ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
  118.     argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  119. bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
  120.     user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
  121. scalemail-backend unix - n       n       -       2       pipe flags=R
  122.     user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
  123.     ${user} ${extension}
  124.  
  125. mailman    unix  -       n       n       -       -       pipe flags=FR
  126.     user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
  127.     ${user}
  128. # Submission, port 587, force TLS connection.
  129. submission inet n       -       n       -       -       smtpd
  130.   -o syslog_name=postfix/submission
  131.   -o smtpd_tls_security_level=encrypt
  132.   -o smtpd_sasl_auth_enable=yes
  133.   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  134.   -o content_filter=smtp-amavis:[127.0.0.1]:10026
  135.  
  136. # Use dovecot's `deliver` program as LDA.
  137. dovecot unix    -       n       n       -       -      pipe
  138.     flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
  139.  
  140. # mlmmj - mailing list manager
  141. # ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u')
  142. mlmmj   unix  -       n       n       -       -       pipe
  143.     flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
  144.  
  145. # Amavisd integration.
  146. smtp-amavis unix -  -   n   -   8  smtp
  147.     -o syslog_name=postfix/amavis
  148.     -o smtp_data_done_timeout=1200
  149.     -o smtp_send_xforward_command=yes
  150.     -o disable_dns_lookups=yes
  151.     -o max_use=20
  152.  
  153. # smtp port used by Amavisd to re-inject scanned email back to Postfix
  154. 127.0.0.1:10025 inet n  -   n   -   -  smtpd
  155.     -o syslog_name=postfix/10025
  156.     -o smtpd_restriction_classes=
  157.     -o content_filter=
  158.     -o mynetworks_style=host
  159.     -o mynetworks=127.0.0.0/8
  160.     -o local_recipient_maps=
  161.     -o relay_recipient_maps=
  162.     -o strict_rfc821_envelopes=yes
  163.     -o smtp_tls_security_level=none
  164.     -o smtpd_tls_security_level=none
  165.     -o smtpd_restriction_classes=
  166.     -o smtpd_delay_reject=no
  167.     -o smtpd_client_restrictions=permit_mynetworks,reject
  168.     -o smtpd_helo_restrictions=
  169.     -o smtpd_sender_restrictions=
  170.     -o smtpd_recipient_restrictions=permit_mynetworks,reject
  171.     -o smtpd_end_of_data_restrictions=
  172.     -o smtpd_error_sleep_time=0
  173.     -o smtpd_soft_error_limit=1001
  174.     -o smtpd_hard_error_limit=1000
  175.     -o smtpd_client_connection_count_limit=0
  176.     -o smtpd_client_connection_rate_limit=0
  177.     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
  178.  
  179. # smtp port used by mlmmj to re-inject scanned email back to Postfix, with
  180. # address mapping support
  181. 127.0.0.1:10028 inet n  -   n   -   -  smtpd
  182.     -o syslog_name=postfix/10028
  183.     -o content_filter=
  184.     -o mynetworks_style=host
  185.     -o mynetworks=127.0.0.0/8
  186.     -o local_recipient_maps=
  187.     -o relay_recipient_maps=
  188.     -o strict_rfc821_envelopes=yes
  189.     -o smtp_tls_security_level=none
  190.     -o smtpd_tls_security_level=none
  191.     -o smtpd_restriction_classes=
  192.     -o smtpd_delay_reject=no
  193.     -o smtpd_client_restrictions=permit_mynetworks,reject
  194.     -o smtpd_helo_restrictions=
  195.     -o smtpd_sender_restrictions=
  196.     -o smtpd_recipient_restrictions=permit_mynetworks,reject
  197.     -o smtpd_end_of_data_restrictions=
  198.     -o smtpd_error_sleep_time=0
  199.     -o smtpd_soft_error_limit=1001
  200.     -o smtpd_hard_error_limit=1000
  201.     -o smtpd_client_connection_count_limit=0
  202.     -o smtpd_client_connection_rate_limit=0
  203.     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
  204.  
  205. ---------------------------------------------------------------------------------------------------------------------------------------
  206.  
  207. # --------------------
  208. # INSTALL-TIME CONFIGURATION INFORMATION
  209. #
  210. # location of the Postfix queue. Default is /var/spool/postfix.
  211. queue_directory = /var/spool/postfix
  212.  
  213. # location of all postXXX commands. Default is /usr/sbin.
  214. command_directory = /usr/sbin
  215.  
  216. # location of all Postfix daemon programs (i.e. programs listed in the
  217. # master.cf file). This directory must be owned by root.
  218. # Default is /usr/libexec/postfix
  219. daemon_directory = /usr/lib/postfix/sbin
  220.  
  221. # location of Postfix-writable data files (caches, random numbers).
  222. # This directory must be owned by the mail_owner account (see below).
  223. # Default is /var/lib/postfix.
  224. data_directory = /var/lib/postfix
  225.  
  226. # owner of the Postfix queue and of most Postfix daemon processes.
  227. # Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
  228. # WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
  229. # In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
  230. # Default is postfix.
  231. mail_owner = postfix
  232.  
  233. # The following parameters are used when installing a new Postfix version.
  234. #
  235. # sendmail_path: The full pathname of the Postfix sendmail command.
  236. # This is the Sendmail-compatible mail posting interface.
  237. #
  238. sendmail_path = /usr/sbin/sendmail
  239.  
  240. # newaliases_path: The full pathname of the Postfix newaliases command.
  241. # This is the Sendmail-compatible command to build alias databases.
  242. #
  243. newaliases_path = /usr/bin/newaliases
  244.  
  245. # full pathname of the Postfix mailq command.  This is the Sendmail-compatible
  246. # mail queue listing command.
  247. mailq_path = /usr/bin/mailq
  248.  
  249. # group for mail submission and queue management commands.
  250. # This must be a group name with a numerical group ID that is not shared with
  251. # other accounts, not even with the Postfix account.
  252. setgid_group = postdrop
  253.  
  254. # external command that is executed when a Postfix daemon program is run with
  255. # the -D option.
  256. #
  257. # Use "command .. & sleep 5" so that the debugger can attach before
  258. # the process marches on. If you use an X-based debugger, be sure to
  259. # set up your XAUTHORITY environment variable before starting Postfix.
  260. #
  261. debugger_command =
  262.     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  263.     ddd $daemon_directory/$process_name $process_id & sleep 5
  264.  
  265. debug_peer_level = 2
  266.  
  267. # --------------------
  268. # CUSTOM SETTINGS
  269. #
  270.  
  271. # SMTP server response code when recipient or domain not found.
  272. unknown_local_recipient_reject_code = 550
  273.  
  274. # Do not notify local user.
  275. biff = no
  276.  
  277. # Disable the rewriting of "site!user" into "user@site".
  278. swap_bangpath = no
  279.  
  280. # Disable the rewriting of the form "user%domain" to "user@domain".
  281. allow_percent_hack = no
  282.  
  283. # Allow recipient address start with '-'.
  284. allow_min_user = no
  285.  
  286. # Disable the SMTP VRFY command. This stops some techniques used to
  287. # harvest email addresses.
  288. disable_vrfy_command = yes
  289.  
  290. # Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
  291. inet_protocols = all
  292.  
  293. # Enable all network interfaces.
  294. inet_interfaces = all
  295.  
  296. #
  297. # TLS settings.
  298. #
  299. # SSL key, certificate, CA
  300. #
  301. smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
  302. smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
  303. smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
  304. smtpd_tls_CApath = /etc/ssl/certs
  305.  
  306. #
  307. # Disable SSLv2, SSLv3
  308. #
  309. smtpd_tls_protocols = !SSLv2 !SSLv3
  310. smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
  311. smtp_tls_protocols = !SSLv2 !SSLv3
  312. smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  313. lmtp_tls_protocols = !SSLv2 !SSLv3
  314. lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  315.  
  316. #
  317. # Fix 'The Logjam Attack'.
  318. #
  319. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  320. smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
  321. smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
  322.  
  323. tls_random_source = dev:/dev/urandom
  324.  
  325. # Log only a summary message on TLS handshake completion — no logging of client
  326. # certificate trust-chain verification errors if client certificate
  327. # verification is not required. With Postfix 2.8 and earlier, log the summary
  328. # message, peer certificate summary information and unconditionally log
  329. # trust-chain verification errors.
  330. smtp_tls_loglevel = 1
  331. smtpd_tls_loglevel = 1
  332.  
  333. # Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
  334. # not require that clients use TLS encryption.
  335. smtpd_tls_security_level = may
  336.  
  337. # Produce `Received:` message headers that include information about the
  338. # protocol and cipher used, as well as the remote SMTP client CommonName and
  339. # client certificate issuer CommonName.
  340. # This is disabled by default, as the information may be modified in transit
  341. # through other mail servers. Only information that was recorded by the final
  342. # destination can be trusted.
  343. #smtpd_tls_received_header = yes
  344.  
  345. # Opportunistic TLS, used when Postfix sends email to remote SMTP server.
  346. # Use TLS if this is supported by the remote SMTP server, otherwise use
  347. # plaintext.
  348. # References:
  349. #   - http://www.postfix.org/TLS_README.html#client_tls_may
  350. #   - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
  351. smtp_tls_security_level = may
  352.  
  353. # Use the same CA file as smtpd.
  354. smtp_tls_CApath = /etc/ssl/certs
  355. smtp_tls_CAfile = $smtpd_tls_CAfile
  356. smtp_tls_note_starttls_offer = yes
  357.  
  358. # Enable long, non-repeating, queue IDs (queue file names).
  359. # The benefit of non-repeating names is simpler logfile analysis and easier
  360. # queue migration (there is no need to run "postsuper" to change queue file
  361. # names that don't match their message file inode number).
  362. enable_long_queue_ids = yes
  363.  
  364. # Reject unlisted sender and recipient
  365. smtpd_reject_unlisted_recipient = yes
  366. smtpd_reject_unlisted_sender = yes
  367.  
  368. # Header and body checks with PCRE table
  369. header_checks = pcre:/etc/postfix/header_checks
  370. body_checks = pcre:/etc/postfix/body_checks.pcre
  371.  
  372. # A mechanism to transform commands from remote SMTP clients.
  373. # This is a last-resort tool to work around client commands that break
  374. # interoperability with the Postfix SMTP server. Other uses involve fault
  375. # injection to test Postfix's handling of invalid commands.
  376. # Requires Postfix-2.7+.
  377. smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
  378.  
  379. # HELO restriction
  380. smtpd_helo_required = yes
  381. smtpd_helo_restrictions =
  382.     permit_mynetworks
  383.     permit_sasl_authenticated
  384.     check_helo_access pcre:/etc/postfix/helo_access.pcre
  385.     reject_non_fqdn_helo_hostname
  386.     reject_unknown_helo_hostname
  387.  
  388. # Sender restrictions
  389. smtpd_sender_restrictions =
  390.     reject_unknown_sender_domain
  391.     reject_non_fqdn_sender
  392.     reject_unlisted_sender
  393.     permit_mynetworks
  394.     permit_sasl_authenticated
  395.     check_sender_access pcre:/etc/postfix/sender_access.pcre
  396.  
  397. # Recipient restrictions
  398. smtpd_recipient_restrictions =
  399.     reject_non_fqdn_recipient
  400.     reject_unlisted_recipient
  401.     check_policy_service inet:127.0.0.1:7777
  402.     permit_mynetworks
  403.     permit_sasl_authenticated
  404.     reject_unauth_destination
  405.  
  406. # END-OF-MESSAGE restrictions
  407. smtpd_end_of_data_restrictions =
  408.     check_policy_service inet:127.0.0.1:7777
  409.  
  410. # Data restrictions
  411. smtpd_data_restrictions = reject_unauth_pipelining
  412.  
  413. proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
  414.  
  415. # Avoid duplicate recipient messages. Default is 'yes'.
  416. enable_original_recipient = no
  417.  
  418. # Virtual support.
  419. virtual_minimum_uid = 2000
  420. virtual_uid_maps = static:2000
  421. virtual_gid_maps = static:2000
  422. virtual_mailbox_base = /var/vmail
  423.  
  424. # Do not set virtual_alias_domains.
  425. virtual_alias_domains =
  426.  
  427. #
  428. # Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
  429. # WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
  430. #          be forced to submit email through port 587 instead.
  431. #
  432. #smtpd_sasl_auth_enable = yes
  433. #smtpd_sasl_security_options = noanonymous
  434. #smtpd_tls_auth_only = yes
  435.  
  436. # hostname
  437. myhostname = HDRedirect-LB6-54290b28133ca5af.elb.us-east-1.amazonaws.com
  438. myorigin = /etc/mailname
  439. mydomain = takeoffstudios.net
  440.  
  441. # trusted SMTP clients which are allowed to relay mail through Postfix.
  442. #
  443. # Note: additional IP addresses/networks listed in mynetworks should be listed
  444. #       in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
  445. #       for example:
  446. #
  447. #       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
  448. #
  449. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
  450.  
  451. # Accepted local emails
  452. mydestination = takeoffstudios.net, localhost.localdomain, localhost
  453.  
  454. alias_maps = hash:/etc/postfix/aliases
  455. alias_database = hash:/etc/postfix/aliases
  456.  
  457. # Default message_size_limit.
  458. message_size_limit = 15728640
  459.  
  460. # The set of characters that can separate a user name from its extension
  461. # (example: user+foo), or a .forward file name from its extension (example:
  462. # .forward+foo).
  463. # Postfix 2.11 and later supports multiple characters.
  464. recipient_delimiter = +
  465.  
  466. # The time after which the sender receives a copy of the message headers of
  467. # mail that is still queued. Default setting is disabled (0h) by Postfix.
  468. #delay_warning_time = 1h
  469. compatibility_level = 2
  470. #
  471. # Lookup virtual mail accounts
  472. #
  473. transport_maps =
  474.     proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
  475.     proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
  476.     proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
  477.  
  478. sender_dependent_relayhost_maps =
  479.     proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
  480.  
  481. # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
  482. smtpd_sender_login_maps =
  483.     proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
  484.  
  485. virtual_mailbox_domains =
  486.     proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
  487.  
  488. relay_domains =
  489.     $mydestination
  490.     proxy:mysql:/etc/postfix/mysql/relay_domains.cf
  491.  
  492. virtual_mailbox_maps =
  493.     proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
  494.  
  495. virtual_alias_maps =
  496.     proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
  497.     proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
  498.     proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
  499.     proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
  500.  
  501. sender_bcc_maps =
  502.     proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
  503.     proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
  504.  
  505. recipient_bcc_maps =
  506.     proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
  507.     proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
  508.  
  509. #
  510. # Postscreen
  511. #
  512. postscreen_greet_action = drop
  513. postscreen_blacklist_action = drop
  514. postscreen_dnsbl_action = drop
  515. postscreen_dnsbl_threshold = 2
  516.  
  517. # Attention:
  518. #   - zen.spamhaus.org free tire has 3 limits
  519. #     (https://www.spamhaus.org/organization/dnsblusage/):
  520. #
  521. #     1) Your use of the Spamhaus DNSBLs is non-commercial*, and
  522. #     2) Your email traffic is less than 100,000 SMTP connections per day, and
  523. #     3) Your DNSBL query volume is less than 300,000 queries per day.
  524. #
  525. #   - FAQ: "Your DNSBL blocks nothing at all!"
  526. #     https://www.spamhaus.org/faq/section/DNSBL%20Usage#261
  527. #
  528. # It's strongly recommended to use a local DNS server for cache.
  529. postscreen_dnsbl_sites =
  530.     zen.spamhaus.org=127.0.0.[2..11]*3
  531.     b.barracudacentral.org=127.0.0.2*2
  532.  
  533. postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
  534. postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
  535.  
  536. # Require Postfix-2.11+
  537. postscreen_dnsbl_whitelist_threshold = -2
  538. #
  539. # Dovecot SASL support.
  540. #
  541. smtpd_sasl_type = dovecot
  542. smtpd_sasl_path = private/dovecot-auth
  543. virtual_transport = dovecot
  544. dovecot_destination_recipient_limit = 1
  545.  
  546. #
  547. # mlmmj - mailing list manager
  548. #
  549. mlmmj_destination_recipient_limit = 1
  550.  
  551. #
  552. # Amavisd + SpamAssassin + ClamAV
  553. #
  554. content_filter = smtp-amavis:[127.0.0.1]:10024
  555.  
  556. # Concurrency per recipient limit.
  557. smtp-amavis_destination_recipient_limit = 1
  558. relayhost =
  559. mailbox_size_limit = 0
  560. readme_directory = /usr/share/doc/postfix
  561. html_directory = /usr/share/doc/postfix/html
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top