Postfix

From DWIKI
Revision as of 15:58, 29 May 2017 by Tony (talk | contribs)

Docs

Postfix and smtp auth/sasl


Postfix and Network Solutions certificates

#The private key you created together with privkey.csr, readable for root only!
smtpd_tls_key_file = privkey.pem
#the certificate you received from NS
smtpd_tls_cert_file = /etc/ssl/MY.HOST.COM.crt
#NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt combined in a single file
smtpd_tls_CAfile = /etc/postfix/intermediate.pem

Postfix and LDAP

Spam filtering

ldap and aliases



man ldap_table
man maildirquota

Tools

  • postfwd

pflogsumm

Log analyzer

vimbadmin

vimbadmin

Notes

  • postconf
  • postsuper

anti spam measures that work for me

smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_unverified_recipient,
   permit_mynetworks,
   reject_sender_login_mismatch,
   reject_invalid_hostname,
   reject_unknown_reverse_client_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   check_recipient_access  hash:/etc/postfix/recipient_access,
   reject_rbl_client bl.spamcop.net,
  1. reject_rbl_client safe.dnsbl.sorbs.net,
   reject_rbl_client b.barracudacentral.org,
   permit


CentOS packages

gf-plus repository or epel :)

FAQ

log subject

Create file /etc/postfix/header_checks and put in:

/^[Ss]ubject:/  WARN

and in /etc/postfix/main.cf

header_checks: regexp:/etc/postfix/header_checks

rate limit outgoing mail

http://steam.io/2013/04/01/postfix-rate-limiting/

queue

Clean the postfix queue

mailq | grep ^[A-F0-9]| awk '{ print $1 }'|  while read i;do postsuper -d  ${i};done

View message in queue

postcat

Delete message from queue

postsuper -d 

Postfix as secondary MX

relay_domains = foo.com, bar.com
relay_recipient_maps =
          hash:/etc/postfix/relay_recipients


milter-reject 4.7.0 DNS timeout

Most likely caused by sid-filter, aka milter-sid, aka sid-milter. Try adding "-D" to the rc.conf or defaults or whatever file starting it.