Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # Postfix master process configuration file. For details on the format
- # of the file, see the master(5) manual page (command: "man 5 master" or
- # on-line: http://www.postfix.org/master.5.html).
- #
- # Do not forget to execute "postfix reload" after editing this file.
- #
- # ==========================================================================
- # service type private unpriv chroot wakeup maxproc command + args
- # (yes) (yes) (no) (never) (100)
- # ==========================================================================
- smtp inet n - y - 1 postscreen
- smtpd pass - - y - - smtpd
- dnsblog unix - - y - 0 dnsblog
- tlsproxy unix - - y - 0 tlsproxy
- #submission inet n - y - - smtpd
- # -o syslog_name=postfix/submission
- # -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- # -o smtpd_tls_auth_only=yes
- # -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- # -o smtpd_helo_restrictions=$mua_helo_restrictions
- # -o smtpd_sender_restrictions=$mua_sender_restrictions
- # -o smtpd_recipient_restrictions=
- # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- # -o milter_macro_daemon_name=ORIGINATING
- smtps inet n - y - - smtpd
- # -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- # -o smtpd_sasl_auth_enable=yes
- # -o smtpd_reject_unlisted_recipient=no
- # -o smtpd_client_restrictions=$mua_client_restrictions
- # -o smtpd_helo_restrictions=$mua_helo_restrictions
- # -o smtpd_sender_restrictions=$mua_sender_restrictions
- # -o smtpd_recipient_restrictions=
- -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- # -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - y - - qmqpd
- #smtp inet n - - - - smtpd
- pickup unix n - n 60 1 pickup
- cleanup unix n - n - 0 cleanup
- #qmgr unix n - n 300 1 oqmgr
- qmgr unix n - n 300 1 qmgr
- tlsmgr unix - - n 1000? 1 tlsmgr
- rewrite unix - - n - - trivial-rewrite
- bounce unix - - n - 0 bounce
- defer unix - - n - 0 bounce
- trace unix - - n - 0 bounce
- verify unix - - n - 1 verify
- flush unix n - n 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - n - - smtp
- # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
- relay unix - - n - - smtp
- -o syslog_name=postfix/$service_name
- showq unix n - n - - showq
- error unix - - n - - error
- retry unix - - n - - error
- discard unix - - n - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - n - - lmtp
- anvil unix - - n - 1 anvil
- #
- # ====================================================================
- # Interfaces to non-Postfix software. Be sure to examine the manual
- # pages of the non-Postfix software to find out what options it wants.
- #
- # Many of the following services use the Postfix pipe(8) delivery
- # agent. See the pipe(8) man page for information about ${recipient}
- # and other message envelope options.
- # ====================================================================
- #
- # maildrop. See the Postfix MAILDROP_README file for details.
- # Also specify in main.cf: maildrop_destination_recipient_limit=1
- #
- scache unix - - n - 1 scache
- #
- # ====================================================================
- #
- # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
- #
- # Specify in cyrus.conf:
- # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
- #
- # Specify in main.cf one or more of the following:
- # mailbox_transport = lmtp:inet:localhost
- # virtual_transport = lmtp:inet:localhost
- #
- # ====================================================================
- #
- # Cyrus 2.1.5 (Amos Gouaux)
- # Also specify in main.cf: cyrus_destination_recipient_limit=1
- #
- #cyrus unix - n n - - pipe
- # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
- #
- # ====================================================================
- # Old example of delivery via Cyrus.
- #
- #old-cyrus unix - n n - - pipe
- # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
- #
- # ====================================================================
- #
- # See the Postfix UUCP_README file for configuration details.
- #
- maildrop unix - n n - - pipe flags=DRhu
- user=vmail argv=/usr/bin/maildrop -d ${recipient}
- #
- # Other external delivery methods.
- #
- uucp unix - n n - - pipe flags=Fqhu
- user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- ifmail unix - n n - - pipe flags=F user=ftn
- argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe flags=Fq.
- user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
- scalemail-backend unix - n n - 2 pipe flags=R
- user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
- ${user} ${extension}
- mailman unix - n n - - pipe flags=FR
- user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
- ${user}
- # Submission, port 587, force TLS connection.
- submission inet n - n - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o content_filter=smtp-amavis:[127.0.0.1]:10026
- # Use dovecot's `deliver` program as LDA.
- dovecot unix - n n - - pipe
- flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
- # mlmmj - mailing list manager
- # ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u')
- mlmmj unix - n n - - pipe
- flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
- # Amavisd integration.
- smtp-amavis unix - - n - 8 smtp
- -o syslog_name=postfix/amavis
- -o smtp_data_done_timeout=1200
- -o smtp_send_xforward_command=yes
- -o disable_dns_lookups=yes
- -o max_use=20
- # smtp port used by Amavisd to re-inject scanned email back to Postfix
- 127.0.0.1:10025 inet n - n - - smtpd
- -o syslog_name=postfix/10025
- -o smtpd_restriction_classes=
- -o content_filter=
- -o mynetworks_style=host
- -o mynetworks=127.0.0.0/8
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o strict_rfc821_envelopes=yes
- -o smtp_tls_security_level=none
- -o smtpd_tls_security_level=none
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_end_of_data_restrictions=
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
- # smtp port used by mlmmj to re-inject scanned email back to Postfix, with
- # address mapping support
- 127.0.0.1:10028 inet n - n - - smtpd
- -o syslog_name=postfix/10028
- -o content_filter=
- -o mynetworks_style=host
- -o mynetworks=127.0.0.0/8
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o strict_rfc821_envelopes=yes
- -o smtp_tls_security_level=none
- -o smtpd_tls_security_level=none
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_end_of_data_restrictions=
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
- ---------------------------------------------------------------------------------------------------------------------------------------
- # --------------------
- # INSTALL-TIME CONFIGURATION INFORMATION
- #
- # location of the Postfix queue. Default is /var/spool/postfix.
- queue_directory = /var/spool/postfix
- # location of all postXXX commands. Default is /usr/sbin.
- command_directory = /usr/sbin
- # location of all Postfix daemon programs (i.e. programs listed in the
- # master.cf file). This directory must be owned by root.
- # Default is /usr/libexec/postfix
- daemon_directory = /usr/lib/postfix/sbin
- # location of Postfix-writable data files (caches, random numbers).
- # This directory must be owned by the mail_owner account (see below).
- # Default is /var/lib/postfix.
- data_directory = /var/lib/postfix
- # owner of the Postfix queue and of most Postfix daemon processes.
- # Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
- # WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
- # In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
- # Default is postfix.
- mail_owner = postfix
- # The following parameters are used when installing a new Postfix version.
- #
- # sendmail_path: The full pathname of the Postfix sendmail command.
- # This is the Sendmail-compatible mail posting interface.
- #
- sendmail_path = /usr/sbin/sendmail
- # newaliases_path: The full pathname of the Postfix newaliases command.
- # This is the Sendmail-compatible command to build alias databases.
- #
- newaliases_path = /usr/bin/newaliases
- # full pathname of the Postfix mailq command. This is the Sendmail-compatible
- # mail queue listing command.
- mailq_path = /usr/bin/mailq
- # group for mail submission and queue management commands.
- # This must be a group name with a numerical group ID that is not shared with
- # other accounts, not even with the Postfix account.
- setgid_group = postdrop
- # external command that is executed when a Postfix daemon program is run with
- # the -D option.
- #
- # Use "command .. & sleep 5" so that the debugger can attach before
- # the process marches on. If you use an X-based debugger, be sure to
- # set up your XAUTHORITY environment variable before starting Postfix.
- #
- debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
- debug_peer_level = 2
- # --------------------
- # CUSTOM SETTINGS
- #
- # SMTP server response code when recipient or domain not found.
- unknown_local_recipient_reject_code = 550
- # Do not notify local user.
- biff = no
- # Disable the rewriting of "site!user" into "user@site".
- swap_bangpath = no
- # Disable the rewriting of the form "user%domain" to "user@domain".
- allow_percent_hack = no
- # Allow recipient address start with '-'.
- allow_min_user = no
- # Disable the SMTP VRFY command. This stops some techniques used to
- # harvest email addresses.
- disable_vrfy_command = yes
- # Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
- inet_protocols = all
- # Enable all network interfaces.
- inet_interfaces = all
- #
- # TLS settings.
- #
- # SSL key, certificate, CA
- #
- smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
- smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
- smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
- smtpd_tls_CApath = /etc/ssl/certs
- #
- # Disable SSLv2, SSLv3
- #
- smtpd_tls_protocols = !SSLv2 !SSLv3
- smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
- smtp_tls_protocols = !SSLv2 !SSLv3
- smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
- lmtp_tls_protocols = !SSLv2 !SSLv3
- lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
- #
- # Fix 'The Logjam Attack'.
- #
- smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
- smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
- smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
- tls_random_source = dev:/dev/urandom
- # Log only a summary message on TLS handshake completion — no logging of client
- # certificate trust-chain verification errors if client certificate
- # verification is not required. With Postfix 2.8 and earlier, log the summary
- # message, peer certificate summary information and unconditionally log
- # trust-chain verification errors.
- smtp_tls_loglevel = 1
- smtpd_tls_loglevel = 1
- # Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
- # not require that clients use TLS encryption.
- smtpd_tls_security_level = may
- # Produce `Received:` message headers that include information about the
- # protocol and cipher used, as well as the remote SMTP client CommonName and
- # client certificate issuer CommonName.
- # This is disabled by default, as the information may be modified in transit
- # through other mail servers. Only information that was recorded by the final
- # destination can be trusted.
- #smtpd_tls_received_header = yes
- # Opportunistic TLS, used when Postfix sends email to remote SMTP server.
- # Use TLS if this is supported by the remote SMTP server, otherwise use
- # plaintext.
- # References:
- # - http://www.postfix.org/TLS_README.html#client_tls_may
- # - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
- smtp_tls_security_level = may
- # Use the same CA file as smtpd.
- smtp_tls_CApath = /etc/ssl/certs
- smtp_tls_CAfile = $smtpd_tls_CAfile
- smtp_tls_note_starttls_offer = yes
- # Enable long, non-repeating, queue IDs (queue file names).
- # The benefit of non-repeating names is simpler logfile analysis and easier
- # queue migration (there is no need to run "postsuper" to change queue file
- # names that don't match their message file inode number).
- enable_long_queue_ids = yes
- # Reject unlisted sender and recipient
- smtpd_reject_unlisted_recipient = yes
- smtpd_reject_unlisted_sender = yes
- # Header and body checks with PCRE table
- header_checks = pcre:/etc/postfix/header_checks
- body_checks = pcre:/etc/postfix/body_checks.pcre
- # A mechanism to transform commands from remote SMTP clients.
- # This is a last-resort tool to work around client commands that break
- # interoperability with the Postfix SMTP server. Other uses involve fault
- # injection to test Postfix's handling of invalid commands.
- # Requires Postfix-2.7+.
- smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
- # HELO restriction
- smtpd_helo_required = yes
- smtpd_helo_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- check_helo_access pcre:/etc/postfix/helo_access.pcre
- reject_non_fqdn_helo_hostname
- reject_unknown_helo_hostname
- # Sender restrictions
- smtpd_sender_restrictions =
- reject_unknown_sender_domain
- reject_non_fqdn_sender
- reject_unlisted_sender
- permit_mynetworks
- permit_sasl_authenticated
- check_sender_access pcre:/etc/postfix/sender_access.pcre
- # Recipient restrictions
- smtpd_recipient_restrictions =
- reject_non_fqdn_recipient
- reject_unlisted_recipient
- check_policy_service inet:127.0.0.1:7777
- permit_mynetworks
- permit_sasl_authenticated
- reject_unauth_destination
- # END-OF-MESSAGE restrictions
- smtpd_end_of_data_restrictions =
- check_policy_service inet:127.0.0.1:7777
- # Data restrictions
- smtpd_data_restrictions = reject_unauth_pipelining
- proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
- # Avoid duplicate recipient messages. Default is 'yes'.
- enable_original_recipient = no
- # Virtual support.
- virtual_minimum_uid = 2000
- virtual_uid_maps = static:2000
- virtual_gid_maps = static:2000
- virtual_mailbox_base = /var/vmail
- # Do not set virtual_alias_domains.
- virtual_alias_domains =
- #
- # Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
- # WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
- # be forced to submit email through port 587 instead.
- #
- #smtpd_sasl_auth_enable = yes
- #smtpd_sasl_security_options = noanonymous
- #smtpd_tls_auth_only = yes
- # hostname
- myhostname = HDRedirect-LB6-54290b28133ca5af.elb.us-east-1.amazonaws.com
- myorigin = /etc/mailname
- mydomain = takeoffstudios.net
- # trusted SMTP clients which are allowed to relay mail through Postfix.
- #
- # Note: additional IP addresses/networks listed in mynetworks should be listed
- # in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
- # for example:
- #
- # MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
- #
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
- # Accepted local emails
- mydestination = takeoffstudios.net, localhost.localdomain, localhost
- alias_maps = hash:/etc/postfix/aliases
- alias_database = hash:/etc/postfix/aliases
- # Default message_size_limit.
- message_size_limit = 15728640
- # The set of characters that can separate a user name from its extension
- # (example: user+foo), or a .forward file name from its extension (example:
- # .forward+foo).
- # Postfix 2.11 and later supports multiple characters.
- recipient_delimiter = +
- # The time after which the sender receives a copy of the message headers of
- # mail that is still queued. Default setting is disabled (0h) by Postfix.
- #delay_warning_time = 1h
- compatibility_level = 2
- #
- # Lookup virtual mail accounts
- #
- transport_maps =
- proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
- proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
- sender_dependent_relayhost_maps =
- proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
- # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
- smtpd_sender_login_maps =
- proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
- virtual_mailbox_domains =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
- relay_domains =
- $mydestination
- proxy:mysql:/etc/postfix/mysql/relay_domains.cf
- virtual_mailbox_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
- virtual_alias_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
- sender_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
- recipient_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
- #
- # Postscreen
- #
- postscreen_greet_action = drop
- postscreen_blacklist_action = drop
- postscreen_dnsbl_action = drop
- postscreen_dnsbl_threshold = 2
- # Attention:
- # - zen.spamhaus.org free tire has 3 limits
- # (https://www.spamhaus.org/organization/dnsblusage/):
- #
- # 1) Your use of the Spamhaus DNSBLs is non-commercial*, and
- # 2) Your email traffic is less than 100,000 SMTP connections per day, and
- # 3) Your DNSBL query volume is less than 300,000 queries per day.
- #
- # - FAQ: "Your DNSBL blocks nothing at all!"
- # https://www.spamhaus.org/faq/section/DNSBL%20Usage#261
- #
- # It's strongly recommended to use a local DNS server for cache.
- postscreen_dnsbl_sites =
- zen.spamhaus.org=127.0.0.[2..11]*3
- b.barracudacentral.org=127.0.0.2*2
- postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
- postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
- # Require Postfix-2.11+
- postscreen_dnsbl_whitelist_threshold = -2
- #
- # Dovecot SASL support.
- #
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/dovecot-auth
- virtual_transport = dovecot
- dovecot_destination_recipient_limit = 1
- #
- # mlmmj - mailing list manager
- #
- mlmmj_destination_recipient_limit = 1
- #
- # Amavisd + SpamAssassin + ClamAV
- #
- content_filter = smtp-amavis:[127.0.0.1]:10024
- # Concurrency per recipient limit.
- smtp-amavis_destination_recipient_limit = 1
- relayhost =
- mailbox_size_limit = 0
- readme_directory = /usr/share/doc/postfix
- html_directory = /usr/share/doc/postfix/html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement