API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 2nd, 2019
716
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 6.38 KB | None | 0 0
raw download clone embed print report
  1. # hostname
  2. myhostname = mail.DOMAIN1
  3. myorigin = mail.DOMAIN1
  4. mydomain = DOMAIN1
  5. #
  6. mynetworks = 127.0.0.1, 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24
  7. # Accepted local emails
  8. mydestination = $myhostname, localhost, localhost.localdomain
  9.  
  10. queue_directory = /var/spool/postfix
  11.  
  12. command_directory = /usr/sbin
  13. daemon_directory = /usr/lib/postfix/sbin
  14. data_directory = /var/lib/postfix
  15.  
  16. mail_owner = postfix
  17. sendmail_path = /usr/sbin/sendmail
  18. newaliases_path = /usr/bin/newaliases
  19. mailq_path = /usr/bin/mailq
  20. setgid_group = postdrop
  21. debugger_command =
  22.     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  23.     ddd $daemon_directory/$process_name $process_id & sleep 5
  24. debug_peer_level = 9
  25. #
  26. # CUSTOM SETTINGS
  27. #
  28. unknown_local_recipient_reject_code = 550
  29.  
  30. biff = no
  31. swap_bangpath = no
  32. allow_percent_hack = no
  33. allow_min_user = no
  34. disable_vrfy_command = yes
  35.  
  36. inet_protocols = ipv4
  37. inet_interfaces = all
  38.  
  39. # TLS settings.
  40. # SSL key, certificate, CA
  41. smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
  42. smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
  43. smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
  44. smtpd_tls_CApath = /etc/ssl/certs
  45. #
  46. # Disable SSLv2, SSLv3
  47. smtpd_tls_protocols = !SSLv2 !SSLv3
  48. smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
  49. smtp_tls_protocols = !SSLv2 !SSLv3
  50. smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  51. lmtp_tls_protocols = !SSLv2 !SSLv3
  52. lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  53. # Fix 'The Logjam Attack'.
  54. #
  55. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  56. smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
  57. smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
  58. tls_random_source = dev:/dev/urandom
  59.  
  60. smtp_tls_loglevel = 1
  61. smtpd_tls_loglevel = 1
  62. smtpd_tls_security_level = may
  63. smtp_tls_security_level = may
  64. # Use the same CA file as smtpd.
  65. smtp_tls_CApath = /etc/ssl/certs
  66. smtp_tls_CAfile = $smtpd_tls_CAfile
  67. smtp_tls_note_starttls_offer = yes
  68.  
  69. header_checks = pcre:/etc/postfix/header_checks
  70. body_checks = pcre:/etc/postfix/body_checks.pcre
  71.  
  72. #2 HELO restriction
  73. smtpd_helo_required = yes
  74. smtpd_helo_restrictions =
  75.     permit_mynetworks
  76.     permit_sasl_authenticated
  77.     check_helo_access pcre:/etc/postfix/helo_access.pcre
  78.     reject_non_fqdn_helo_hostname
  79.     reject_unknown_helo_hostname
  80.  
  81. # Sender restrictions
  82. smtpd_sender_restrictions =
  83.     permit_mynetworks
  84.     reject_unknown_sender_domain
  85.     reject_non_fqdn_sender
  86. ####reject_unlisted_sender
  87.     permit_sasl_authenticated
  88.  
  89. # Recipient restrictions
  90. smtpd_recipient_restrictions =
  91.     permit_mynetworks
  92.     reject_non_fqdn_recipient
  93.     reject_unlisted_recipient
  94.     check_policy_service inet:127.0.0.1:7777
  95.     permit_sasl_authenticated
  96.     reject_unauth_destination
  97.  
  98. smtpd_end_of_data_restrictions =
  99.     check_policy_service inet:127.0.0.1:7777
  100.  
  101. smtpd_data_restrictions = reject_unauth_pipelining
  102. proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
  103. enable_original_recipient = no
  104.  
  105. # Virtual support.
  106. virtual_minimum_uid = 2000
  107. virtual_uid_maps = static:2000
  108. virtual_gid_maps = static:2000
  109. virtual_mailbox_base = /var/vmail
  110.  
  111. # Do not set virtual_alias_domains.
  112. virtual_alias_domains =
  113.  
  114. relayhost = [smtp.timeweb.ru]
  115. #for server
  116. smtpd_sasl_auth_enable = yes
  117. smtpd_use_tls = yes
  118. smtpd_sasl_auth_enable = yes
  119. smtpd_sasl_security_options = noanonymous
  120. smtpd_tls_auth_only = yes
  121. smtpd_use_tls = yes
  122. smtpd_data_restrictions = reject_unauth_pipelining
  123. smtpd_reject_unlisted_recipient = yes
  124. #smtpd_reject_unlisted_sender = yes
  125.  
  126. #for client
  127. smtp_sasl_auth_enable = yes
  128. smtp_tls_security_level=may
  129. smtp_sasl_tls_security_options = noanonymous
  130. smtp_sender_dependent_authentication = yes
  131. smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  132. sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent
  133. smtp_connection_cache_on_demand = no
  134. smtp_tls_note_starttls_offer = yes
  135.  
  136. alias_maps = hash:/etc/postfix/aliases
  137. alias_database = hash:/etc/postfix/aliases
  138. #50 Mb
  139. message_size_limit = 51200000
  140. mailbox_size_limit = 0
  141.  
  142. # Postfix 2.11 and later supports multiple characters.
  143. recipient_delimiter = +
  144.  
  145. compatibility_level = 2
  146. # Lookup virtual mail accounts
  147. #
  148. transport_maps =
  149.     proxy:pgsql:/etc/postfix/pgsql/transport_maps_user.cf
  150.     proxy:pgsql:/etc/postfix/pgsql/transport_maps_maillist.cf
  151.     proxy:pgsql:/etc/postfix/pgsql/transport_maps_domain.cf
  152.     hash:/etc/postfix/transport
  153.  
  154. virtual_mailbox_domains =
  155.     proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
  156.  
  157. virtual_mailbox_maps =
  158.     proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
  159.  
  160. virtual_alias_maps =
  161.     proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
  162.     proxy:pgsql:/etc/postfix/pgsql/domain_alias_maps.cf
  163.     proxy:pgsql:/etc/postfix/pgsql/catchall_maps.cf
  164.     proxy:pgsql:/etc/postfix/pgsql/domain_alias_catchall_maps.cf
  165.  
  166. sender_bcc_maps =
  167.     proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_user.cf
  168.     proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_domain.cf
  169.  
  170. recipient_bcc_maps =
  171.     proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_user.cf
  172.     proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_domain.cf
  173.     hash:/etc/postfix/recipient_bcc
  174.  
  175. # Postscreen
  176. #
  177. postscreen_greet_action = drop
  178. postscreen_blacklist_action = drop
  179. postscreen_dnsbl_action = drop
  180. postscreen_dnsbl_threshold = 2
  181. postscreen_dnsbl_sites =
  182.     zen.spamhaus.org=127.0.0.[2..11]*3
  183.     b.barracudacentral.org=127.0.0.2*2
  184.  
  185. postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
  186. postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
  187.  
  188. postscreen_dnsbl_whitelist_threshold = -2
  189. # Dovecot SASL support.
  190. #  
  191. smtpd_sasl_type = dovecot
  192. smtpd_sasl_path = private/dovecot-auth
  193. virtual_transport = dovecot
  194. dovecot_destination_recipient_limit = 1
  195.  
  196. # mlmmj - mailing list manager
  197. mlmmj_destination_recipient_limit = 1
  198.  
  199. # Amavisd + SpamAssassin + ClamAV
  200. #
  201. content_filter = smtp-amavis:[127.0.0.1]:10024
  202.  
  203. # Concurrency per recipient limit.
  204. smtp-amavis_destination_recipient_limit = 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!