Postfix: Difference between revisions

From DWIKI
mNo edit summary
Line 80: Line 80:
[http://www.vimbadmin.net/ vimbadmin]
[http://www.vimbadmin.net/ vimbadmin]


=Notes=
*postconf
*postsuper


==anti spam measures that work for me==
= Notes =
 
*postconf
*postsuper
 
== anti spam measures that work for me ==


  smtpd_recipient_restrictions =
  smtpd_recipient_restrictions =
Line 101: Line 103:
     check_recipient_access  hash:/etc/postfix/recipient_access,
     check_recipient_access  hash:/etc/postfix/recipient_access,
     reject_rbl_client bl.spamcop.net,
     reject_rbl_client bl.spamcop.net,
#   reject_rbl_client safe.dnsbl.sorbs.net,
 
#reject_rbl_client safe.dnsbl.sorbs.net,  
 
     reject_rbl_client b.barracudacentral.org,
     reject_rbl_client b.barracudacentral.org,
     permit
     permit


== tls on outgoing mail ==
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_cert_file = /etc/postfix/ssl/domainname.com.pem
smtp_tls_key_file = /etc/postfix/ssl/domainname.com.key
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_loglevel = 1


=CentOS packages=
=CentOS packages=

Revision as of 17:05, 30 December 2020

Docs

Postfix and smtp auth/sasl


Postfix and Network Solutions certificates

#The private key you created together with privkey.csr, readable for root only!
smtpd_tls_key_file = privkey.pem
#the certificate you received from NS
smtpd_tls_cert_file = /etc/ssl/MY.HOST.COM.crt
#NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt combined in a single file
smtpd_tls_CAfile = /etc/postfix/intermediate.pem

Postfix and LDAP

Spam filtering

ldap and aliases



man ldap_table
man maildirquota

Tools

  • postfwd

pflogsumm

Log analyzer

vimbadmin

vimbadmin


Notes

  • postconf
  • postsuper

anti spam measures that work for me

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_unverified_recipient,
   permit_mynetworks,
   reject_sender_login_mismatch,
   reject_invalid_hostname,
   reject_unknown_reverse_client_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   check_recipient_access  hash:/etc/postfix/recipient_access,
   reject_rbl_client bl.spamcop.net,
  1. reject_rbl_client safe.dnsbl.sorbs.net,
   reject_rbl_client b.barracudacentral.org,
   permit

tls on outgoing mail

smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_cert_file = /etc/postfix/ssl/domainname.com.pem smtp_tls_key_file = /etc/postfix/ssl/domainname.com.key smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_loglevel = 1

CentOS packages

gf-plus repository or epel :)

FAQ

Limit CC

/etc/postfix/header_checks

/^To:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients.
/^Cc:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients.

log subject

Create file /etc/postfix/header_checks and put in:

/^[Ss]ubject:/  WARN

and in /etc/postfix/main.cf

header_checks: regexp:/etc/postfix/header_checks

rate limit outgoing mail

http://steam.io/2013/04/01/postfix-rate-limiting/

Probably start with

smtp_destination_rate_delay = 5s

queue

Clean the postfix queue

mailq | grep ^[A-F0-9]| awk '{ print $1 }'| sed 's/*//' | while read i;do postsuper -d  ${i};done

Or simple:

postsuper -d ALL

View message in queue

postcat

Delete message from queue

postsuper -d 

Postfix as secondary MX

relay_domains = foo.com, bar.com
relay_recipient_maps =
          hash:/etc/postfix/relay_recipients


milter-reject 4.7.0 DNS timeout

Most likely caused by sid-filter, aka milter-sid, aka sid-milter. Try adding "-D" to the rc.conf or defaults or whatever file starting it.

postqueue: fatal: Connect to the Postfix showq service: Permission denied

postfix set-permissions

warning: SASL authentication failure: No worthy mechs found

could be missing cyrus-sasl-plain