next set of updates
This commit is contained in:
Charlie Root
@ -282,7 +282,8 @@ unknown_local_recipient_reject_code = 550
|
||||
#mynetworks = $config_directory/mynetworks
|
||||
#mynetworks = hash:$config_directory/network_table
|
||||
|
||||
mynetworks = 127.0.0.1/32 192.168.0.0/16 [::1]/128 [fe80::]/10 [2603:3024:3f6::]/56
|
||||
#mynetworks = 127.0.0.1/32 192.168.0.0/16 [::1]/128 [fe80::]/10 [2603:3024:3f6::]/56
|
||||
mynetworks = 127.0.0.1/32 192.168.0.0/24 [::1]/128 [fe80::]/10 [2603:3024:3f6:e1::]/64
|
||||
smtp_bind_address = 192.168.0.100
|
||||
smtp_bind_address6 = 2603:3024:3f6:e1::100
|
||||
|
||||
@ -680,6 +681,10 @@ sample_directory = /usr/local/etc/postfix
|
||||
#
|
||||
readme_directory = /usr/local/share/doc/postfix
|
||||
inet_protocols = ipv4, ipv6
|
||||
|
||||
# sometimes comcast's IPv6 reverse DNS lookup stops working so you need to enable the line below (default: any)
|
||||
smtp_address_preference = ipv4
|
||||
|
||||
meta_directory = /usr/local/libexec/postfix
|
||||
shlib_directory = /usr/local/lib/postfix
|
||||
|
||||
@ -776,21 +781,21 @@ smtpd_helo_required = yes
|
||||
# entry and present a valid, FQDN HELO hostname. In addition, they can only
|
||||
# send mail to valid mailboxes on the server, and the sender's domain must
|
||||
# actually exist.
|
||||
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unknown_reverse_client_hostname,reject_unauth_pipelining
|
||||
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_pipelining,reject_unknown_reverse_client_hostname
|
||||
# you might want to consider:
|
||||
# reject_unknown_client_hostname,
|
||||
# here. This will reject all incoming connections without a reverse DNS
|
||||
# entry that resolves back to the client's IP address. This is a very
|
||||
# restrictive check and may reject legitimate mail.
|
||||
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname,reject_unauth_pipelining
|
||||
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_helo_hostname,reject_unauth_pipelining,reject_non_fqdn_helo_hostname
|
||||
# you might want to consider:
|
||||
# reject_unknown_helo_hostname,
|
||||
# here. This will reject all incoming mail without a HELO hostname that
|
||||
# properly resolves in DNS. This is a somewhat restrictive check and may
|
||||
# reject legitimate mail.
|
||||
smtpd_sender_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unauth_pipelining
|
||||
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
|
||||
# !!! THIS SETTING PREVENTS YOU FROM BEING AN OPEN RELAY !!!
|
||||
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||
# !!! THE LAST SETTING PREVENTS YOU FROM BEING AN OPEN RELAY !!!
|
||||
# !!! DO NOT REMOVE IT UNDER ANY CIRCUMSTANCES !!!
|
||||
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unverified_recipient
|
||||
smtpd_data_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_multi_recipient_bounce,reject_unauth_pipelining
|
||||
@ -806,7 +811,7 @@ virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap-virtual-mailbox-maps.cf
|
||||
# LDAP query to find a user's email aliases
|
||||
virtual_alias_maps = ldap:/usr/local/etc/postfix/ldap-virtual-mailbox-alias-maps.cf, hash:/usr/local/etc/postfix/virtual-maillist-alias-maps
|
||||
|
||||
# We'll uncomment these when we set up rspamd later:
|
||||
# rspamd specific
|
||||
milter_protocol = 6
|
||||
# if rspamd is down, don't reject mail
|
||||
milter_default_action = accept
|
||||
|
||||
@ -177,6 +177,7 @@ import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LA
|
||||
in_flow_delay = 1s
|
||||
inet_interfaces = all
|
||||
inet_protocols = all
|
||||
info_log_address_format = external
|
||||
initial_destination_concurrency = 5
|
||||
internal_mail_filter_classes =
|
||||
invalid_hostname_reject_code = 501
|
||||
@ -327,9 +328,9 @@ local_transport_rate_delay = $default_transport_rate_delay
|
||||
luser_relay =
|
||||
mail_name = Postfix
|
||||
mail_owner = postfix
|
||||
mail_release_date = 20190921
|
||||
mail_release_date = 20200316
|
||||
mail_spool_directory = /var/mail
|
||||
mail_version = 3.4.7
|
||||
mail_version = 3.5.0
|
||||
mailbox_command =
|
||||
mailbox_command_maps =
|
||||
mailbox_delivery_lock = flock, dotlock
|
||||
@ -358,7 +359,7 @@ message_size_limit = 10240000
|
||||
message_strip_characters =
|
||||
meta_directory = /usr/local/libexec/postfix
|
||||
milter_command_timeout = 30s
|
||||
milter_connect_macros = j {daemon_name} {daemon_addr} v
|
||||
milter_connect_macros = j {daemon_name} {daemon_addr} v _
|
||||
milter_connect_timeout = 30s
|
||||
milter_content_timeout = 300s
|
||||
milter_data_macros = i
|
||||
@ -733,7 +734,7 @@ smtpd_sasl_response_limit = 12288
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
smtpd_sasl_service = smtp
|
||||
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
|
||||
smtpd_sasl_type = dovecot
|
||||
smtpd_sasl_type = cyrus
|
||||
smtpd_sender_login_maps =
|
||||
smtpd_sender_restrictions =
|
||||
smtpd_service_name = smtpd
|
||||
|
||||
@ -16,9 +16,9 @@ smtp inet n - n - - smtpd
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
#tlsproxy unix - - n - 0 tlsproxy
|
||||
submission inet n - n - - smtpd
|
||||
# -o syslog_name=postfix/submission
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o tls_preempt_cipherlist=yes
|
||||
# -o syslog_name=postfix/submission
|
||||
# -o smtpd_sasl_auth_enable=yes
|
||||
# -o smtpd_tls_auth_only=yes
|
||||
# -o smtpd_reject_unlisted_recipient=no
|
||||
|
||||
@ -79,7 +79,7 @@ postlog unix-dgram n - n - 1 postlogd
|
||||
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||
#
|
||||
#maildrop unix - n n - - pipe
|
||||
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
@ -98,7 +98,7 @@ postlog unix-dgram n - n - 1 postlogd
|
||||
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||
#
|
||||
#cyrus unix - n n - - pipe
|
||||
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
@ -129,5 +129,5 @@ postlog unix-dgram n - n - 1 postlogd
|
||||
# ${nexthop} ${user} ${extension}
|
||||
#
|
||||
#mailman unix - n n - - pipe
|
||||
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||
# ${nexthop} ${user}
|
||||
|
||||
Reference in New Issue
Block a user