[postfix-users] Hilfe bei Einstellung von Postfix

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[postfix-users] Hilfe bei Einstellung von Postfix

Alexander Elsner
Hallo,
ich benötige etwas Hilfe bei der Einstellung von Postfix main.cf

Ins besonders unsicher bin ich bei den Einstellungen für:
smtpd_recipient_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_client_restrictions =
smtpd_data_restrictions =

Besten Dank für die Hilfe & guten Rutsch
Alex


Meine aktuelle Config:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no

masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = no
maximal_queue_lifetime = 2d
bounce_queue_lifetime = 1d
minimal_backoff_time = 1000s
queue_run_delay = 1000s

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_tls_security_level = may



strict_rfc821_envelopes = yes
disable_vrfy_command = yes

smtpd_delay_reject = no
smtpd_client_message_rate_limit            = 50
smtpd_client_connection_count_limit        = 20
smtpd_client_connection_rate_limit         = 60
smtpd_client_new_tls_session_rate_limit    = 60

smtpd_error_sleep_time = 10s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
address_verify_map = btree:$data_directory/verify_cache
unverified_recipient_reject_reason = Address lookup failed
unverified_sender_reject_reason = Address verification failed
address_verify_map = btree:/var/lib/postfix/verify
address_verify_map = btree:$data_directory/verify_cache

smtpd_recipient_restrictions =
        reject_non_fqdn_sender,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,

        reject_unknown_sender_domain,
        reject_unlisted_recipient,
        reject_unknown_reverse_client_hostname,
        reject_non_fqdn_recipient,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_sender_login_mismatch,
        reject_rbl_client sbl-xbl.spamhaus.org,


        #warn_if_reject reject_unlisted_sender,
        #warn_if_reject reject_unknown_reverse_client_hostname,

        permit

smtpd_helo_restrictions =
        reject_invalid_hostname
       

smtpd_sender_restrictions =
        reject_unknown_sender_domain

smtpd_client_restrictions =

smtpd_data_restrictions =
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        check_client_access regexp:/etc/postfix/add_auth_header.regexp


smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/apache2/ssl.crt/ca-admin.crt
smtpd_tls_key_file= /etc/apache2/ssl.key/admin.key
smtpd_tls_cert_file= /etc/apache2/ssl.crt/admin.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination = $myhostname, localhost.$mydomain, localhost




_______________________________________________
postfix-users mailing list
[hidden email]
http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
Reply | Threaded
Open this post in threaded view
|

Re: [postfix-users] Hilfe bei Einstellung von Postfix

Matthias Schmidt [c]
Alex,
ich versuch's mal mit meinen OSX-Server Einstellungen, die Du u.U. anpassen wirst müssen ;-)

smtpd_recipient_restrictions =
                permit_sasl_authenticated
                permit_mynetworks
                permit_tls_clientcerts
                check_sender_access hash:/etc/postfix/whitelist
                check_sender_access regexp:/etc/postfix/tag_as_originating.re
                check_sender_access regexp:/etc/postfix/tag_as_foreign.re
                reject_non_fqdn_hostname
                reject_unknown_reverse_client_hostname
                reject_unauth_destination
                reject_rbl_client cbl.abuseat.org
                reject_rbl_client zen.spamhaus.org

smtpd_helo_restrictions =
                reject_invalid_helo_hostname
                reject_non_fqdn_helo_hostname

smtpd_sender_restrictions =
smtpd_client_restrictions =
(das wurde mir geraten alles unter smtpd_recipient_restrictions reinzupacken, was auch gut funzt)

smtpd_data_restrictions =
        reject_unauth_pipelining

Dir auch einen guten Rutsch
Matthias

Am 31.12.2012 um 01:03 schrieb Alexander Elsner:

> Hallo,
> ich benötige etwas Hilfe bei der Einstellung von Postfix main.cf
>
> Ins besonders unsicher bin ich bei den Einstellungen für:
> smtpd_recipient_restrictions =
> smtpd_helo_restrictions =
> smtpd_sender_restrictions =
> smtpd_client_restrictions =
> smtpd_data_restrictions =
>
> Besten Dank für die Hilfe & guten Rutsch
> Alex
>
>
> Meine aktuelle Config:
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
> append_dot_mydomain = no
> readme_directory = no
>
> masquerade_exceptions = root
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains = no
> maximal_queue_lifetime = 2d
> bounce_queue_lifetime = 1d
> minimal_backoff_time = 1000s
> queue_run_delay = 1000s
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> smtpd_tls_security_level = may
>
>
>
> strict_rfc821_envelopes = yes
> disable_vrfy_command = yes
>
> smtpd_delay_reject = no
> smtpd_client_message_rate_limit            = 50
> smtpd_client_connection_count_limit        = 20
> smtpd_client_connection_rate_limit         = 60
> smtpd_client_new_tls_session_rate_limit    = 60
>
> smtpd_error_sleep_time = 10s
> smtpd_soft_error_limit = 10
> smtpd_hard_error_limit = 20
> smtpd_helo_required = yes
> address_verify_map = btree:$data_directory/verify_cache
> unverified_recipient_reject_reason = Address lookup failed
> unverified_sender_reject_reason = Address verification failed
> address_verify_map = btree:/var/lib/postfix/verify
> address_verify_map = btree:$data_directory/verify_cache
>
> smtpd_recipient_restrictions =
>        reject_non_fqdn_sender,
>        reject_unknown_recipient_domain,
>        permit_mynetworks,
>        permit_sasl_authenticated,
>        reject_unauth_destination,
>
>        reject_unknown_sender_domain,
>        reject_unlisted_recipient,
>        reject_unknown_reverse_client_hostname,
>        reject_non_fqdn_recipient,
>        reject_invalid_helo_hostname,
>        reject_non_fqdn_helo_hostname,
>        reject_sender_login_mismatch,
>        reject_rbl_client sbl-xbl.spamhaus.org,
>
>
>        #warn_if_reject reject_unlisted_sender,
>        #warn_if_reject reject_unknown_reverse_client_hostname,
>
>        permit
>
> smtpd_helo_restrictions =
>        reject_invalid_hostname
>
>
> smtpd_sender_restrictions =
>        reject_unknown_sender_domain
>
> smtpd_client_restrictions =
>
> smtpd_data_restrictions =
>        permit_sasl_authenticated,
>        reject_unauth_pipelining,
>        check_client_access regexp:/etc/postfix/add_auth_header.regexp
>
>
> smtpd_use_tls = yes
> smtpd_tls_auth_only = no
> smtpd_tls_CAfile = /etc/apache2/ssl.crt/ca-admin.crt
> smtpd_tls_key_file= /etc/apache2/ssl.key/admin.key
> smtpd_tls_cert_file= /etc/apache2/ssl.crt/admin.crt
> smtpd_tls_loglevel = 0
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
>
> relayhost =
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> mydestination = $myhostname, localhost.$mydomain, localhost
>
>
>
>
> _______________________________________________
> postfix-users mailing list
> [hidden email]
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users

_______________________________________________
postfix-users mailing list
[hidden email]
http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users