Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mail_c7:mta_2 [10.10.2014 19:37. ] – [main.cf] django
+++ centos:mail_c7:mta_2 [18.11.2024 19:08. ] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 1: / Zeile 1: @@
-====== Installation und Basiskonfiguration von Postfix unter CentOS 7.x ======
+====== Installation und Konfigurationsdateien von Postfix unter CentOS 7.x ======
 {{:centos:mailserver:postfix:postfixlogo.gif |Bild: Postfix-Logo}} \\
 Nachdem wir uns einen **[[centos:mail_c7:mta_1|grundlegenden Überblick]]** über Postfix verschafft haben, werden wir uns nun eingehend mit der Installation und Grundkonfiguration unseres **//Postfix//-MTA**((**M**ail **T**ransfer **A**gent)) beschäftigen.
@@ Zeile 276: / Zeile 276: @@
 </WRAP>
-Die entsprechenden Pakete für die Installation von Postfix 2.11 nehmen wir am einfachsten wieder mit Hilfe von **yum** vor - Voraussetzung man hat sich das Paket vom Repository [[http://repo.mailserver.guru/7/repoview/index.html|mailserver.guru]] heruntergeladen.
+Die entsprechenden Pakete für die Installation von Postfix 2.11 nehmen wir am einfachsten wieder mit Hilfe von **yum** vor - Voraussetzung man hat sich das Paket vom Repository [[http://repo.nausch.org/7/os/x86_64/repoview/|nausch.org]] heruntergeladen.
-   # yum localinstall http://repo.mailserver.guru/7/x86_64/postfix-2.11.1-1.el7.centos.x86_64.rpm
+   # yum localinstall http://repo.nausch.org/7/os/x86_64/Packages/postfix-2.11.6-1.el7.centos.x86_64.rpm
-Einfacher geht es natürlich, wenn das Repository **[[centos:mailserver.guru|mailserver.guru]]** eingebunden hat. Dann reicht der gewohnte Aufruf von **yum**.
+Einfacher geht es natürlich, wenn das Repository **[[centos:nausch.org|nausch.org]]** eingebunden hat. Dann reicht der gewohnte Aufruf von **yum**.
    # yum install postfix -y
 Was uns das RPM-Paket alles mitgebracht hat, erkunden wir bei Bedarf mit Hilfe des Befehls **rpm -qil**.
-   # rpm -qil
+   # rpm -qil postfix
 <code>Name        : postfix
 Epoch       : 2
-Version     : 2.11.1
+Version     : 2.11.6
 Release     : 1.el7.centos
 Architecture: x86_64
-Install Date: Thu 02 Oct 2014 05:08:14 PM CEST
+Install Date: Wed 07 Oct 2015 09:43:33 AM CEST
 Group       : System Environment/Daemons
-Size        : 13030977
+Size        : 13027820
 License     : IBM and GPLv2+
-Signature   : RSA/SHA1, Wed 24 Sep 2014 07:23:35 PM CEST, Key ID 60ecfb9e8195aea0
+Signature   : RSA/SHA1, Wed 07 Oct 2015 09:38:48 AM CEST, Key ID 60ecfb9e8195aea0
-Source RPM  : postfix-2.11.1-1.el7.centos.src.rpm
+Source RPM  : postfix-2.11.6-1.el7.centos.src.rpm
-Build Date  : Wed 24 Sep 2014 07:23:15 PM CEST
+Build Date  : Wed 07 Oct 2015 09:38:24 AM CEST
 Build Host  : vml000200.dmz.nausch.org
 Relocations : (not relocatable)
-Packager    : Django <django@mailserver.guru>
+Packager    : Django <django@nausch.org>
 Vendor      : Django
 URL         : http://www.postfix.org
 Summary     : Postfix Mail Transport Agent
 Description :
 Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
 TLS
 /etc/pam.d/smtp
 /etc/pam.d/smtp.postfix
 /etc/postfix
 /etc/postfix/access
 /etc/postfix/canonical
 /etc/postfix/generic
 /etc/postfix/header_checks
 /etc/postfix/main.cf
 /etc/postfix/master.cf
 /etc/postfix/relocated
 /etc/postfix/transport
 /etc/postfix/virtual
 /etc/sasl2/smtpd.conf
 /usr/bin/mailq
 /usr/bin/mailq.postfix
 /usr/bin/newaliases
 /usr/bin/newaliases.postfix
 /usr/bin/rmail
 /usr/bin/rmail.postfix
 /usr/lib/sendmail
 /usr/lib/sendmail.postfix
 /usr/lib/systemd/system/postfix.service
 /usr/libexec/postfix
 /usr/libexec/postfix/aliasesdb
 /usr/libexec/postfix/anvil
 /usr/libexec/postfix/bounce
 /usr/libexec/postfix/chroot-update
 /usr/libexec/postfix/cleanup
 /usr/libexec/postfix/discard
 /usr/libexec/postfix/dnsblog
 /usr/libexec/postfix/error
 /usr/libexec/postfix/flush
 /usr/libexec/postfix/lmtp
 /usr/libexec/postfix/local
 /usr/libexec/postfix/main.cf
 /usr/libexec/postfix/master
 /usr/libexec/postfix/master.cf
 /usr/libexec/postfix/nqmgr
 /usr/libexec/postfix/oqmgr
 /usr/libexec/postfix/pickup
 /usr/libexec/postfix/pipe
 /usr/libexec/postfix/post-install
 /usr/libexec/postfix/postfix-files
 /usr/libexec/postfix/postfix-script
 /usr/libexec/postfix/postfix-wrapper
 /usr/libexec/postfix/postmulti-script
 /usr/libexec/postfix/postscreen
 /usr/libexec/postfix/proxymap
 /usr/libexec/postfix/qmgr
 /usr/libexec/postfix/qmqpd
 /usr/libexec/postfix/scache
 /usr/libexec/postfix/showq
 /usr/libexec/postfix/smtp
 /usr/libexec/postfix/smtpd
 /usr/libexec/postfix/spawn
 /usr/libexec/postfix/tlsmgr
 /usr/libexec/postfix/tlsproxy
 /usr/libexec/postfix/trivial-rewrite
 /usr/libexec/postfix/verify
 /usr/libexec/postfix/virtual
 /usr/sbin/postalias
 /usr/sbin/postcat
 /usr/sbin/postconf
 /usr/sbin/postdrop
 /usr/sbin/postfix
 /usr/sbin/postkick
 /usr/sbin/postlock
 /usr/sbin/postlog
 /usr/sbin/postmap
 /usr/sbin/postmulti
 /usr/sbin/postqueue
 /usr/sbin/postsuper
 /usr/sbin/sendmail
 /usr/sbin/sendmail.postfix
 /usr/sbin/smtp-sink
 /usr/sbin/smtp-source
-/usr/share/doc/postfix-2.11.1
+/usr/share/doc/postfix-2.11.6
-/usr/share/doc/postfix-2.11.1/COMPATIBILITY
+/usr/share/doc/postfix-2.11.6/COMPATIBILITY
-/usr/share/doc/postfix-2.11.1/LICENSE
+/usr/share/doc/postfix-2.11.6/LICENSE
-/usr/share/doc/postfix-2.11.1/README-Postfix-SASL-RedHat.txt
+/usr/share/doc/postfix-2.11.6/README-Postfix-SASL-RedHat.txt
-/usr/share/doc/postfix-2.11.1/README_FILES
+/usr/share/doc/postfix-2.11.6/README_FILES
-/usr/share/doc/postfix-2.11.1/README_FILES/AAAREADME
+/usr/share/doc/postfix-2.11.6/README_FILES/AAAREADME
-/usr/share/doc/postfix-2.11.1/README_FILES/ADDRESS_CLASS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/ADDRESS_CLASS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/ADDRESS_REWRITING_README
+/usr/share/doc/postfix-2.11.6/README_FILES/ADDRESS_REWRITING_README
-/usr/share/doc/postfix-2.11.1/README_FILES/ADDRESS_VERIFICATION_README
+/usr/share/doc/postfix-2.11.6/README_FILES/ADDRESS_VERIFICATION_README
-/usr/share/doc/postfix-2.11.1/README_FILES/BACKSCATTER_README
+/usr/share/doc/postfix-2.11.6/README_FILES/BACKSCATTER_README
-/usr/share/doc/postfix-2.11.1/README_FILES/BASIC_CONFIGURATION_README
+/usr/share/doc/postfix-2.11.6/README_FILES/BASIC_CONFIGURATION_README
-/usr/share/doc/postfix-2.11.1/README_FILES/BUILTIN_FILTER_README
+/usr/share/doc/postfix-2.11.6/README_FILES/BUILTIN_FILTER_README
-/usr/share/doc/postfix-2.11.1/README_FILES/CDB_README
+/usr/share/doc/postfix-2.11.6/README_FILES/CDB_README
-/usr/share/doc/postfix-2.11.1/README_FILES/CONNECTION_CACHE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/CONNECTION_CACHE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/CONTENT_INSPECTION_README
+/usr/share/doc/postfix-2.11.6/README_FILES/CONTENT_INSPECTION_README
-/usr/share/doc/postfix-2.11.1/README_FILES/DATABASE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/DATABASE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/DB_README
+/usr/share/doc/postfix-2.11.6/README_FILES/DB_README
-/usr/share/doc/postfix-2.11.1/README_FILES/DEBUG_README
+/usr/share/doc/postfix-2.11.6/README_FILES/DEBUG_README
-/usr/share/doc/postfix-2.11.1/README_FILES/DSN_README
+/usr/share/doc/postfix-2.11.6/README_FILES/DSN_README
-/usr/share/doc/postfix-2.11.1/README_FILES/ETRN_README
+/usr/share/doc/postfix-2.11.6/README_FILES/ETRN_README
-/usr/share/doc/postfix-2.11.1/README_FILES/FILTER_README
+/usr/share/doc/postfix-2.11.6/README_FILES/FILTER_README
-/usr/share/doc/postfix-2.11.1/README_FILES/FORWARD_SECRECY_README
+/usr/share/doc/postfix-2.11.6/README_FILES/FORWARD_SECRECY_README
-/usr/share/doc/postfix-2.11.1/README_FILES/INSTALL
+/usr/share/doc/postfix-2.11.6/README_FILES/INSTALL
-/usr/share/doc/postfix-2.11.1/README_FILES/IPV6_README
+/usr/share/doc/postfix-2.11.6/README_FILES/IPV6_README
-/usr/share/doc/postfix-2.11.1/README_FILES/LDAP_README
+/usr/share/doc/postfix-2.11.6/README_FILES/LDAP_README
-/usr/share/doc/postfix-2.11.1/README_FILES/LINUX_README
+/usr/share/doc/postfix-2.11.6/README_FILES/LINUX_README
-/usr/share/doc/postfix-2.11.1/README_FILES/LMDB_README
+/usr/share/doc/postfix-2.11.6/README_FILES/LMDB_README
-/usr/share/doc/postfix-2.11.1/README_FILES/LOCAL_RECIPIENT_README
+/usr/share/doc/postfix-2.11.6/README_FILES/LOCAL_RECIPIENT_README
-/usr/share/doc/postfix-2.11.1/README_FILES/MAILDROP_README
+/usr/share/doc/postfix-2.11.6/README_FILES/MAILDROP_README
-/usr/share/doc/postfix-2.11.1/README_FILES/MEMCACHE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/MEMCACHE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/MILTER_README
+/usr/share/doc/postfix-2.11.6/README_FILES/MILTER_README
-/usr/share/doc/postfix-2.11.1/README_FILES/MULTI_INSTANCE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/MULTI_INSTANCE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/MYSQL_README
+/usr/share/doc/postfix-2.11.6/README_FILES/MYSQL_README
-/usr/share/doc/postfix-2.11.1/README_FILES/NFS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/NFS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/OVERVIEW
+/usr/share/doc/postfix-2.11.6/README_FILES/OVERVIEW
-/usr/share/doc/postfix-2.11.1/README_FILES/PACKAGE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/PACKAGE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/PCRE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/PCRE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/PGSQL_README
+/usr/share/doc/postfix-2.11.6/README_FILES/PGSQL_README
-/usr/share/doc/postfix-2.11.1/README_FILES/POSTSCREEN_README
+/usr/share/doc/postfix-2.11.6/README_FILES/POSTSCREEN_README
-/usr/share/doc/postfix-2.11.1/README_FILES/QSHAPE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/QSHAPE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/RELEASE_NOTES
+/usr/share/doc/postfix-2.11.6/README_FILES/RELEASE_NOTES
-/usr/share/doc/postfix-2.11.1/README_FILES/RESTRICTION_CLASS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/RESTRICTION_CLASS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SASL_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SASL_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SCHEDULER_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SCHEDULER_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SMTPD_ACCESS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SMTPD_ACCESS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SMTPD_POLICY_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SMTPD_POLICY_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SMTPD_PROXY_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SMTPD_PROXY_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SOHO_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SOHO_README
-/usr/share/doc/postfix-2.11.1/README_FILES/SQLITE_README
+/usr/share/doc/postfix-2.11.6/README_FILES/SQLITE_README
-/usr/share/doc/postfix-2.11.1/README_FILES/STANDARD_CONFIGURATION_README
+/usr/share/doc/postfix-2.11.6/README_FILES/STANDARD_CONFIGURATION_README
-/usr/share/doc/postfix-2.11.1/README_FILES/STRESS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/STRESS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/TLS_LEGACY_README
+/usr/share/doc/postfix-2.11.6/README_FILES/TLS_LEGACY_README
-/usr/share/doc/postfix-2.11.1/README_FILES/TLS_README
+/usr/share/doc/postfix-2.11.6/README_FILES/TLS_README
-/usr/share/doc/postfix-2.11.1/README_FILES/TUNING_README
+/usr/share/doc/postfix-2.11.6/README_FILES/TUNING_README
-/usr/share/doc/postfix-2.11.1/README_FILES/ULTRIX_README
+/usr/share/doc/postfix-2.11.6/README_FILES/ULTRIX_README
-/usr/share/doc/postfix-2.11.1/README_FILES/UUCP_README
+/usr/share/doc/postfix-2.11.6/README_FILES/UUCP_README
-/usr/share/doc/postfix-2.11.1/README_FILES/VERP_README
+/usr/share/doc/postfix-2.11.6/README_FILES/VERP_README
-/usr/share/doc/postfix-2.11.1/README_FILES/VIRTUAL_README
+/usr/share/doc/postfix-2.11.6/README_FILES/VIRTUAL_README
-/usr/share/doc/postfix-2.11.1/README_FILES/XCLIENT_README
+/usr/share/doc/postfix-2.11.6/README_FILES/XCLIENT_README
-/usr/share/doc/postfix-2.11.1/README_FILES/XFORWARD_README
+/usr/share/doc/postfix-2.11.6/README_FILES/XFORWARD_README
-/usr/share/doc/postfix-2.11.1/TLS_ACKNOWLEDGEMENTS
+/usr/share/doc/postfix-2.11.6/TLS_ACKNOWLEDGEMENTS
-/usr/share/doc/postfix-2.11.1/TLS_LICENSE
+/usr/share/doc/postfix-2.11.6/TLS_LICENSE
-/usr/share/doc/postfix-2.11.1/bounce.cf.default
+/usr/share/doc/postfix-2.11.6/bounce.cf.default
-/usr/share/doc/postfix-2.11.1/examples
+/usr/share/doc/postfix-2.11.6/examples
-/usr/share/doc/postfix-2.11.1/examples/chroot-setup
+/usr/share/doc/postfix-2.11.6/examples/chroot-setup
-/usr/share/doc/postfix-2.11.1/examples/chroot-setup/LINUX2
+/usr/share/doc/postfix-2.11.6/examples/chroot-setup/LINUX2
-/usr/share/doc/postfix-2.11.1/examples/qmail-local
+/usr/share/doc/postfix-2.11.6/examples/qmail-local
-/usr/share/doc/postfix-2.11.1/examples/qmail-local/qmail-local.txt
+/usr/share/doc/postfix-2.11.6/examples/qmail-local/qmail-local.txt
-/usr/share/doc/postfix-2.11.1/examples/smtpd-policy
+/usr/share/doc/postfix-2.11.6/examples/smtpd-policy
-/usr/share/doc/postfix-2.11.1/examples/smtpd-policy/README.SPF
+/usr/share/doc/postfix-2.11.6/examples/smtpd-policy/README.SPF
-/usr/share/doc/postfix-2.11.1/examples/smtpd-policy/greylist.pl
+/usr/share/doc/postfix-2.11.6/examples/smtpd-policy/greylist.pl
-/usr/share/doc/postfix-2.11.1/main.cf.default
+/usr/share/doc/postfix-2.11.6/main.cf.default
 /usr/share/man/man1/mailq.1.gz
 /usr/share/man/man1/mailq.postfix.1.gz
 /usr/share/man/man1/newaliases.1.gz
 /usr/share/man/man1/newaliases.postfix.1.gz
 /usr/share/man/man1/postalias.1.gz
 /usr/share/man/man1/postcat.1.gz
 /usr/share/man/man1/postconf.1.gz
 /usr/share/man/man1/postdrop.1.gz
 /usr/share/man/man1/postfix.1.gz
 /usr/share/man/man1/postkick.1.gz
 /usr/share/man/man1/postlock.1.gz
 /usr/share/man/man1/postlog.1.gz
 /usr/share/man/man1/postmap.1.gz
 /usr/share/man/man1/postmulti.1.gz
 /usr/share/man/man1/postqueue.1.gz
 /usr/share/man/man1/postsuper.1.gz
 /usr/share/man/man1/sendmail.postfix.1.gz
 /usr/share/man/man1/smtp-sink.1.gz
 /usr/share/man/man1/smtp-source.1.gz
 /usr/share/man/man5/access.5.gz
 /usr/share/man/man5/aliases.5.gz
 /usr/share/man/man5/aliases.postfix.5.gz
 /usr/share/man/man5/body_checks.5.gz
 /usr/share/man/man5/bounce.5.gz
 /usr/share/man/man5/canonical.5.gz
 /usr/share/man/man5/cidr_table.5.gz
 /usr/share/man/man5/generic.5.gz
 /usr/share/man/man5/header_checks.5.gz
 /usr/share/man/man5/ldap_table.5.gz
 /usr/share/man/man5/lmdb_table.5.gz
 /usr/share/man/man5/master.5.gz
 /usr/share/man/man5/memcache_table.5.gz
 /usr/share/man/man5/mysql_table.5.gz
 /usr/share/man/man5/nisplus_table.5.gz
 /usr/share/man/man5/pcre_table.5.gz
@@ Zeile 544: / Zeile 544: @@
 /var/spool/postfix/public
 /var/spool/postfix/saved
-/var/spool/postfix/trace
+/var/spool/postfix/trace</code>
-</code>
+===== Konfigurationsdateien =====
-===== Konfiguration =====
 Zuvor widmen wir aber den beiden Hauptkonfigurationsdateien **main.cf** und **master.cf** unsere Aufmerksamkeit.
@@ Zeile 727: / Zeile 726: @@
 //Postfix **2.11**// bringt uns __**832**__ Defaultparameter mit.
    # postconf -d | grep mail_version
-   mail_version = 2.11.1
+   mail_version = 2.11.6
    milter_macro_v = $mail_name $mail_version
    # postconf -d | wc -l
 Werfen wir einfach einen Blick in diese Hauptkonfigurationmsdatei //**/etc/postfix/main.cf**//.
@@ Zeile 1444: / Zeile 1443: @@
 Wollen wir uns alle Standard-Definitionen ansehen verwenden wir den folgenden Aufruf:
   # postconf -d
 <code>2bounce_notice_recipient = postmaster
 access_map_defer_code = 450
 access_map_reject_code = 554
 address_verify_cache_cleanup_interval = 12h
 address_verify_default_transport = $default_transport
 address_verify_local_transport = $local_transport
 address_verify_map = btree:$data_directory/verify_cache
 address_verify_negative_cache = yes
 address_verify_negative_expire_time = 3d
 address_verify_negative_refresh_time = 3h
 address_verify_poll_count = ${stress?1}${stress:3}
 address_verify_poll_delay = 3s
 address_verify_positive_expire_time = 31d
 address_verify_positive_refresh_time = 7d
 address_verify_relay_transport = $relay_transport
 address_verify_relayhost = $relayhost
 address_verify_sender = $double_bounce_sender
 address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
 address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
 address_verify_sender_ttl = 0s
 address_verify_service_name = verify
 address_verify_transport_maps = $transport_maps
 address_verify_virtual_transport = $virtual_transport
 alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases, nis:mail.aliases
 allow_mail_to_commands = alias, forward
 allow_mail_to_files = alias, forward
 allow_min_user = no
 allow_percent_hack = yes
 allow_untrusted_routing = no
 alternate_config_directories =
 always_add_missing_headers = no
 always_bcc =
 anvil_rate_time_unit = 60s
 anvil_status_update_time = 600s
 append_at_myorigin = yes
 append_dot_mydomain = yes
 application_event_drain_time = 100s
 authorized_flush_users = static:anyone
 authorized_mailq_users = static:anyone
 authorized_submit_users = static:anyone
 backwards_bounce_logfile_compatibility = yes
 berkeley_db_create_buffer_size = 16777216
 berkeley_db_read_buffer_size = 131072
 best_mx_transport =
 biff = yes
 body_checks =
 body_checks_size_limit = 51200
 bounce_notice_recipient = postmaster
 bounce_queue_lifetime = 5d
 bounce_service_name = bounce
 bounce_size_limit = 50000
 bounce_template_file =
 broken_sasl_auth_clients = no
 canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
 canonical_maps =
 cleanup_service_name = cleanup
 command_directory = /usr/sbin
 command_execution_directory =
 command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
 command_time_limit = 1000s
 config_directory = /etc/postfix
 connection_cache_protocol_timeout = 5s
 connection_cache_service_name = scache
 connection_cache_status_update_time = 600s
 connection_cache_ttl_limit = 2s
 content_filter =
 cyrus_sasl_config_path =
 daemon_directory = /usr/libexec/postfix
 daemon_table_open_error_is_fatal = no
 daemon_timeout = 18000s
 data_directory = /var/lib/postfix
 debug_peer_level = 2
 debug_peer_list =
 debugger_command =
 default_database_type = hash
 default_delivery_slot_cost = 5
 default_delivery_slot_discount = 50
 default_delivery_slot_loan = 3
 default_destination_concurrency_failed_cohort_limit = 1
 default_destination_concurrency_limit = 20
 default_destination_concurrency_negative_feedback = 1
 default_destination_concurrency_positive_feedback = 1
 default_destination_rate_delay = 0s
 default_destination_recipient_limit = 50
 default_extra_recipient_limit = 1000
 default_filter_nexthop =
 default_minimum_delivery_slots = 3
 default_privs = nobody
 default_process_limit = 100
 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
 default_recipient_limit = 20000
 default_recipient_refill_delay = 5s
 default_recipient_refill_limit = 100
 default_transport = smtp
 default_verp_delimiters = +=
 defer_code = 450
 defer_service_name = defer
 defer_transports =
 delay_logging_resolution_limit = 2
 delay_notice_recipient = postmaster
 delay_warning_time = 0h
 deliver_lock_attempts = 20
 deliver_lock_delay = 1s
 destination_concurrency_feedback_debug = no
 detect_8bit_encoding_header = yes
 disable_dns_lookups = no
 disable_mime_input_processing = no
 disable_mime_output_conversion = no
 disable_verp_bounces = no
 disable_vrfy_command = no
 dnsblog_reply_delay = 0s
 dnsblog_service_name = dnsblog
 dont_remove = 0
 double_bounce_sender = double-bounce
 duplicate_filter_limit = 1000
 empty_address_default_transport_maps_lookup_key = <>
 empty_address_recipient = MAILER-DAEMON
 empty_address_relayhost_maps_lookup_key = <>
 enable_long_queue_ids = no
 enable_original_recipient = yes
 error_delivery_slot_cost = $default_delivery_slot_cost
 error_delivery_slot_discount = $default_delivery_slot_discount
 error_delivery_slot_loan = $default_delivery_slot_loan
 error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
 error_destination_concurrency_limit = $default_destination_concurrency_limit
 error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
 error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
 error_destination_rate_delay = $default_destination_rate_delay
 error_destination_recipient_limit = $default_destination_recipient_limit
 error_extra_recipient_limit = $default_extra_recipient_limit
 error_initial_destination_concurrency = $initial_destination_concurrency
 error_minimum_delivery_slots = $default_minimum_delivery_slots
 error_notice_recipient = postmaster
 error_recipient_limit = $default_recipient_limit
 error_recipient_refill_delay = $default_recipient_refill_delay
 error_recipient_refill_limit = $default_recipient_refill_limit
 error_service_name = error
 execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
 expand_owner_alias = no
 export_environment = TZ MAIL_CONFIG LANG
 fallback_transport =
 fallback_transport_maps =
 fast_flush_domains = $relay_domains
 fast_flush_purge_time = 7d
 fast_flush_refresh_time = 12h
 fault_injection_code = 0
 flush_service_name = flush
 fork_attempts = 5
 fork_delay = 1s
 forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
 forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
 frozen_delivered_to = yes
 hash_queue_depth = 1
 hash_queue_names = deferred, defer
 header_address_token_limit = 10240
 header_checks =
 header_size_limit = 102400
 helpful_warnings = yes
 home_mailbox =
 hopcount_limit = 50
 html_directory = no
 ignore_mx_lookup_error = no
 import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
 in_flow_delay = 1s
 inet_interfaces = all
 inet_protocols = all
 initial_destination_concurrency = 5
 internal_mail_filter_classes =
 invalid_hostname_reject_code = 501
 ipc_idle = 5s
 ipc_timeout = 3600s
 ipc_ttl = 1000s
 line_length_limit = 2048
 lmdb_map_size = 16777216
 lmtp_address_preference = any
 lmtp_assume_final = no
 lmtp_bind_address =
 lmtp_bind_address6 =
 lmtp_body_checks =
 lmtp_cname_overrides_servername = no
 lmtp_connect_timeout = 0s
 lmtp_connection_cache_destinations =
 lmtp_connection_cache_on_demand = yes
 lmtp_connection_cache_time_limit = 2s
 lmtp_connection_reuse_count_limit = 0
 lmtp_connection_reuse_time_limit = 300s
 lmtp_data_done_timeout = 600s
 lmtp_data_init_timeout = 120s
 lmtp_data_xfer_timeout = 180s
 lmtp_defer_if_no_mx_address_found = no
 lmtp_delivery_slot_cost = $default_delivery_slot_cost
 lmtp_delivery_slot_discount = $default_delivery_slot_discount
 lmtp_delivery_slot_loan = $default_delivery_slot_loan
 lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
 lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
 lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
 lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
 lmtp_destination_rate_delay = $default_destination_rate_delay
 lmtp_destination_recipient_limit = $default_destination_recipient_limit
 lmtp_discard_lhlo_keyword_address_maps =
 lmtp_discard_lhlo_keywords =
 lmtp_dns_resolver_options =
 lmtp_dns_support_level =
 lmtp_enforce_tls = no
 lmtp_extra_recipient_limit = $default_extra_recipient_limit
 lmtp_generic_maps =
 lmtp_header_checks =
 lmtp_host_lookup = dns
 lmtp_initial_destination_concurrency = $initial_destination_concurrency
 lmtp_lhlo_name = $myhostname
 lmtp_lhlo_timeout = 300s
 lmtp_line_length_limit = 998
 lmtp_mail_timeout = 300s
 lmtp_mime_header_checks =
 lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
 lmtp_mx_address_limit = 5
 lmtp_mx_session_limit = 2
 lmtp_nested_header_checks =
 lmtp_per_record_deadline = no
 lmtp_pix_workaround_delay_time = 10s
 lmtp_pix_workaround_maps =
 lmtp_pix_workaround_threshold_time = 500s
 lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
 lmtp_quit_timeout = 300s
 lmtp_quote_rfc821_envelope = yes
 lmtp_randomize_addresses = yes
 lmtp_rcpt_timeout = 300s
 lmtp_recipient_limit = $default_recipient_limit
 lmtp_recipient_refill_delay = $default_recipient_refill_delay
 lmtp_recipient_refill_limit = $default_recipient_refill_limit
 lmtp_reply_filter =
 lmtp_rset_timeout = 20s
 lmtp_sasl_auth_cache_name =
 lmtp_sasl_auth_cache_time = 90d
 lmtp_sasl_auth_enable = no
 lmtp_sasl_auth_soft_bounce = yes
 lmtp_sasl_mechanism_filter =
 lmtp_sasl_password_maps =
 lmtp_sasl_path =
 lmtp_sasl_security_options = noplaintext, noanonymous
 lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
 lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
 lmtp_sasl_type = cyrus
 lmtp_send_dummy_mail_auth = no
 lmtp_send_xforward_command = no
 lmtp_sender_dependent_authentication = no
 lmtp_skip_5xx_greeting = yes
 lmtp_skip_quit_response = no
 lmtp_starttls_timeout = 300s
 lmtp_tcp_port = 24
 lmtp_tls_CAfile =
 lmtp_tls_CApath =
 lmtp_tls_block_early_mail_reply = no
 lmtp_tls_cert_file =
-lmtp_tls_ciphers = export
+lmtp_tls_ciphers = medium
 lmtp_tls_dcert_file =
 lmtp_tls_dkey_file = $lmtp_tls_dcert_file
 lmtp_tls_eccert_file =
 lmtp_tls_eckey_file = $lmtp_tls_eccert_file
 lmtp_tls_enforce_peername = yes
 lmtp_tls_exclude_ciphers =
 lmtp_tls_fingerprint_cert_match =
 lmtp_tls_fingerprint_digest = md5
 lmtp_tls_force_insecure_host_tlsa_lookup = no
 lmtp_tls_key_file = $lmtp_tls_cert_file
 lmtp_tls_loglevel = 0
 lmtp_tls_mandatory_ciphers = medium
 lmtp_tls_mandatory_exclude_ciphers =
-lmtp_tls_mandatory_protocols = !SSLv2
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
 lmtp_tls_note_starttls_offer = no
 lmtp_tls_per_site =
 lmtp_tls_policy_maps =
-lmtp_tls_protocols = !SSLv2
+lmtp_tls_protocols = !SSLv2, !SSLv3
 lmtp_tls_scert_verifydepth = 9
 lmtp_tls_secure_cert_match = nexthop
 lmtp_tls_security_level =
 lmtp_tls_session_cache_database =
 lmtp_tls_session_cache_timeout = 3600s
 lmtp_tls_trust_anchor_file =
 lmtp_tls_verify_cert_match = hostname
 lmtp_use_tls = no
 lmtp_xforward_timeout = 300s
-local_command_shell =
+lmtps_delivery_slot_cost = $default_delivery_slot_cost
-local_delivery_slot_cost = $default_delivery_slot_cost
+lmtps_delivery_slot_discount = $default_delivery_slot_discount
-local_delivery_slot_discount = $default_delivery_slot_discount
+lmtps_delivery_slot_loan = $default_delivery_slot_loan
-local_delivery_slot_loan = $default_delivery_slot_loan
+lmtps_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+lmtps_destination_concurrency_limit = $default_destination_concurrency_limit
-local_destination_concurrency_limit = 2
+lmtps_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+lmtps_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+lmtps_destination_rate_delay = $default_destination_rate_delay
-local_destination_rate_delay = $default_destination_rate_delay
+lmtps_destination_recipient_limit = $default_destination_recipient_limit
-local_destination_recipient_limit = 1
+lmtps_extra_recipient_limit = $default_extra_recipient_limit
-local_extra_recipient_limit = $default_extra_recipient_limit
+lmtps_initial_destination_concurrency = $initial_destination_concurrency
-local_header_rewrite_clients = permit_inet_interfaces
+lmtps_minimum_delivery_slots = $default_minimum_delivery_slots
-local_initial_destination_concurrency = $initial_destination_concurrency
+lmtps_recipient_limit = $default_recipient_limit
-local_minimum_delivery_slots = $default_minimum_delivery_slots
+lmtps_recipient_refill_delay = $default_recipient_refill_delay
-local_recipient_limit = $default_recipient_limit
+lmtps_recipient_refill_limit = $default_recipient_refill_limit
-local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+local_command_shell =
-local_recipient_refill_delay = $default_recipient_refill_delay
+local_delivery_slot_cost = $default_delivery_slot_cost
-local_recipient_refill_limit = $default_recipient_refill_limit
+local_delivery_slot_discount = $default_delivery_slot_discount
-local_transport = local:$myhostname
+local_delivery_slot_loan = $default_delivery_slot_loan
-luser_relay =
+local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-mail_name = Postfix
+local_destination_concurrency_limit = 2
-mail_owner = postfix
+local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-mail_release_date = 20140507
+local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-mail_spool_directory = /var/mail
+local_destination_rate_delay = $default_destination_rate_delay
-mail_version = 2.11.1
+local_destination_recipient_limit = 1
-mailbox_command =
+local_extra_recipient_limit = $default_extra_recipient_limit
-mailbox_command_maps =
+local_header_rewrite_clients = permit_inet_interfaces
-mailbox_delivery_lock = fcntl, dotlock
+local_initial_destination_concurrency = $initial_destination_concurrency
-mailbox_size_limit = 51200000
+local_minimum_delivery_slots = $default_minimum_delivery_slots
-mailbox_transport =
+local_recipient_limit = $default_recipient_limit
-mailbox_transport_maps =
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps
-mailq_path = /usr/bin/mailq
+local_recipient_refill_delay = $default_recipient_refill_delay
-manpage_directory = /usr/local/man
+local_recipient_refill_limit = $default_recipient_refill_limit
-maps_rbl_domains =
+local_transport = local:$myhostname
-maps_rbl_reject_code = 554
+luser_relay =
-masquerade_classes = envelope_sender, header_sender, header_recipient
+mail_name = Postfix
-masquerade_domains =
+mail_owner = postfix
-masquerade_exceptions =
+mail_release_date = 20150720
-master_service_disable =
+mail_spool_directory = /var/mail
-max_idle = 100s
+mail_version = 2.11.6
-max_use = 100
+mailbox_command =
-maximal_backoff_time = 4000s
+mailbox_command_maps =
-maximal_queue_lifetime = 5d
+mailbox_delivery_lock = fcntl, dotlock
-message_reject_characters =
+mailbox_size_limit = 51200000
-message_size_limit = 10240000
+mailbox_transport =
-message_strip_characters =
+mailbox_transport_maps =
-milter_command_timeout = 30s
+mailq_path = /usr/bin/mailq
-milter_connect_macros = j {daemon_name} v
+manpage_directory = /usr/local/man
-milter_connect_timeout = 30s
+maps_rbl_domains =
-milter_content_timeout = 300s
+maps_rbl_reject_code = 554
-milter_data_macros = i
+masquerade_classes = envelope_sender, header_sender, header_recipient
-milter_default_action = tempfail
+masquerade_domains =
-milter_end_of_data_macros = i
+masquerade_exceptions =
-milter_end_of_header_macros = i
+master_service_disable =
-milter_header_checks =
+max_idle = 100s
-milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
+max_use = 100
-milter_macro_daemon_name = $myhostname
+maximal_backoff_time = 4000s
-milter_macro_v = $mail_name $mail_version
+maximal_queue_lifetime = 5d
-milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
+message_reject_characters =
-milter_protocol = 6
+message_size_limit = 10240000
-milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
+message_strip_characters =
-milter_unknown_command_macros =
+milter_command_timeout = 30s
-mime_boundary_length_limit = 2048
+milter_connect_macros = j {daemon_name} v
-mime_header_checks = $header_checks
+milter_connect_timeout = 30s
-mime_nesting_limit = 100
+milter_content_timeout = 300s
-minimal_backoff_time = 300s
+milter_data_macros = i
-multi_instance_directories =
+milter_default_action = tempfail
-multi_instance_enable = no
+milter_end_of_data_macros = i
-multi_instance_group =
+milter_end_of_header_macros = i
-multi_instance_name =
+milter_header_checks =
-multi_instance_wrapper =
+milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
-multi_recipient_bounce_reject_code = 550
+milter_macro_daemon_name = $myhostname
-mydestination = $myhostname, localhost.$mydomain, localhost
+milter_macro_v = $mail_name $mail_version
-mydomain = dmz.nausch.org
+milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
-myhostname = vml000087.dmz.nausch.org
+milter_protocol = 6
-mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64
+milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
-mynetworks_style = subnet
+milter_unknown_command_macros =
-myorigin = $myhostname
+mime_boundary_length_limit = 2048
-nested_header_checks = $header_checks
+mime_header_checks = $header_checks
-newaliases_path = /usr/bin/newaliases
+mime_nesting_limit = 100
-non_fqdn_reject_code = 504
+minimal_backoff_time = 300s
-non_smtpd_milters =
+multi_instance_directories =
-notify_classes = resource, software
+multi_instance_enable = no
-owner_request_special = yes
+multi_instance_group =
-parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
+multi_instance_name =
-permit_mx_backup_networks =
+multi_instance_wrapper =
-pickup_service_name = pickup
+multi_recipient_bounce_reject_code = 550
-plaintext_reject_code = 450
+mydestination = $myhostname, localhost.$mydomain, localhost
-postmulti_control_commands = reload flush
+mydomain = dmz.nausch.org
-postmulti_start_commands = start
+myhostname = vml000087.dmz.nausch.org
-postmulti_stop_commands = stop abort drain quick-stop
+mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64
-postscreen_access_list = permit_mynetworks
+mynetworks_style = subnet
-postscreen_bare_newline_action = ignore
+myorigin = $myhostname
-postscreen_bare_newline_enable = no
+nested_header_checks = $header_checks
-postscreen_bare_newline_ttl = 30d
+newaliases_path = /usr/bin/newaliases
-postscreen_blacklist_action = ignore
+non_fqdn_reject_code = 504
-postscreen_cache_cleanup_interval = 12h
+non_smtpd_milters =
-postscreen_cache_map = btree:$data_directory/postscreen_cache
+notify_classes = resource, software
-postscreen_cache_retention_time = 7d
+owner_request_special = yes
-postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
+parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
-postscreen_command_count_limit = 20
+permit_mx_backup_networks =
-postscreen_command_filter =
+pickup_service_name = pickup
-postscreen_command_time_limit = ${stress?10}${stress:300}s
+plaintext_reject_code = 450
-postscreen_disable_vrfy_command = $disable_vrfy_command
+postmulti_control_commands = reload flush
-postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
+postmulti_start_commands = start
-postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
+postmulti_stop_commands = stop abort drain quick-stop
-postscreen_dnsbl_action = ignore
+postscreen_access_list = permit_mynetworks
-postscreen_dnsbl_reply_map =
+postscreen_bare_newline_action = ignore
-postscreen_dnsbl_sites =
+postscreen_bare_newline_enable = no
-postscreen_dnsbl_threshold = 1
+postscreen_bare_newline_ttl = 30d
-postscreen_dnsbl_ttl = 1h
+postscreen_blacklist_action = ignore
-postscreen_dnsbl_whitelist_threshold = 0
+postscreen_cache_cleanup_interval = 12h
-postscreen_enforce_tls = $smtpd_enforce_tls
+postscreen_cache_map = btree:$data_directory/postscreen_cache
-postscreen_expansion_filter = $smtpd_expansion_filter
+postscreen_cache_retention_time = 7d
-postscreen_forbidden_commands = $smtpd_forbidden_commands
+postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
-postscreen_greet_action = ignore
+postscreen_command_count_limit = 20
-postscreen_greet_banner = $smtpd_banner
+postscreen_command_filter =
-postscreen_greet_ttl = 1d
+postscreen_command_time_limit = ${stress?10}${stress:300}s
-postscreen_greet_wait = ${stress?2}${stress:6}s
+postscreen_disable_vrfy_command = $disable_vrfy_command
-postscreen_helo_required = $smtpd_helo_required
+postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
-postscreen_non_smtp_command_action = drop
+postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
-postscreen_non_smtp_command_enable = no
+postscreen_dnsbl_action = ignore
-postscreen_non_smtp_command_ttl = 30d
+postscreen_dnsbl_reply_map =
-postscreen_pipelining_action = enforce
+postscreen_dnsbl_sites =
-postscreen_pipelining_enable = no
+postscreen_dnsbl_threshold = 1
-postscreen_pipelining_ttl = 30d
+postscreen_dnsbl_ttl = 1h
-postscreen_post_queue_limit = $default_process_limit
+postscreen_dnsbl_whitelist_threshold = 0
-postscreen_pre_queue_limit = $default_process_limit
+postscreen_enforce_tls = $smtpd_enforce_tls
-postscreen_reject_footer = $smtpd_reject_footer
+postscreen_expansion_filter = $smtpd_expansion_filter
-postscreen_tls_security_level = $smtpd_tls_security_level
+postscreen_forbidden_commands = $smtpd_forbidden_commands
-postscreen_upstream_proxy_protocol =
+postscreen_greet_action = ignore
-postscreen_upstream_proxy_timeout = 5s
+postscreen_greet_banner = $smtpd_banner
-postscreen_use_tls = $smtpd_use_tls
+postscreen_greet_ttl = 1d
-postscreen_watchdog_timeout = 10s
+postscreen_greet_wait = ${stress?2}${stress:6}s
-postscreen_whitelist_interfaces = static:all
+postscreen_helo_required = $smtpd_helo_required
-prepend_delivered_header = command, file, forward
+postscreen_non_smtp_command_action = drop
-process_id = 29006
+postscreen_non_smtp_command_enable = no
-process_id_directory = pid
+postscreen_non_smtp_command_ttl = 30d
-process_name = postconf
+postscreen_pipelining_action = enforce
-propagate_unmatched_extensions = canonical, virtual
+postscreen_pipelining_enable = no
-proxy_interfaces =
+postscreen_pipelining_ttl = 30d
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
+postscreen_post_queue_limit = $default_process_limit
-proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
+postscreen_pre_queue_limit = $default_process_limit
-proxymap_service_name = proxymap
+postscreen_reject_footer = $smtpd_reject_footer
-proxywrite_service_name = proxywrite
+postscreen_tls_security_level = $smtpd_tls_security_level
-qmgr_clog_warn_time = 300s
+postscreen_upstream_proxy_protocol =
-qmgr_daemon_timeout = 1000s
+postscreen_upstream_proxy_timeout = 5s
-qmgr_fudge_factor = 100
+postscreen_use_tls = $smtpd_use_tls
-qmgr_ipc_timeout = 60s
+postscreen_watchdog_timeout = 10s
-qmgr_message_active_limit = 20000
+postscreen_whitelist_interfaces = static:all
-qmgr_message_recipient_limit = 20000
+prepend_delivered_header = command, file, forward
-qmgr_message_recipient_minimum = 10
+process_id = 10682
-qmqpd_authorized_clients =
+process_id_directory = pid
-qmqpd_client_port_logging = no
+process_name = postconf
-qmqpd_error_delay = 1s
+propagate_unmatched_extensions = canonical, virtual
-qmqpd_timeout = 300s
+proxy_interfaces =
-queue_directory = /var/spool/postfix
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
-queue_file_attribute_count_limit = 100
+proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
-queue_minfree = 0
+proxymap_service_name = proxymap
-queue_run_delay = 300s
+proxywrite_service_name = proxywrite
-queue_service_name = qmgr
+qmgr_clog_warn_time = 300s
-rbl_reply_maps =
+qmgr_daemon_timeout = 1000s
-readme_directory = no
+qmgr_fudge_factor = 100
-receive_override_options =
+qmgr_ipc_timeout = 60s
-recipient_bcc_maps =
+qmgr_message_active_limit = 20000
-recipient_canonical_classes = envelope_recipient, header_recipient
+qmgr_message_recipient_limit = 20000
-recipient_canonical_maps =
+qmgr_message_recipient_minimum = 10
-recipient_delimiter =
+qmqpd_authorized_clients =
-reject_code = 554
+qmqpd_client_port_logging = no
-reject_tempfail_action = defer_if_permit
+qmqpd_error_delay = 1s
-relay_clientcerts =
+qmqpd_timeout = 300s
-relay_delivery_slot_cost = $default_delivery_slot_cost
+queue_directory = /var/spool/postfix
-relay_delivery_slot_discount = $default_delivery_slot_discount
+queue_file_attribute_count_limit = 100
-relay_delivery_slot_loan = $default_delivery_slot_loan
+queue_minfree = 0
-relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+queue_run_delay = 300s
-relay_destination_concurrency_limit = $default_destination_concurrency_limit
+queue_service_name = qmgr
-relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+rbl_reply_maps =
-relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+readme_directory = no
-relay_destination_rate_delay = $default_destination_rate_delay
+receive_override_options =
-relay_destination_recipient_limit = $default_destination_recipient_limit
+recipient_bcc_maps =
-relay_domains = $mydestination
+recipient_canonical_classes = envelope_recipient, header_recipient
-relay_domains_reject_code = 554
+recipient_canonical_maps =
-relay_extra_recipient_limit = $default_extra_recipient_limit
+recipient_delimiter =
-relay_initial_destination_concurrency = $initial_destination_concurrency
+reject_code = 554
-relay_minimum_delivery_slots = $default_minimum_delivery_slots
+reject_tempfail_action = defer_if_permit
-relay_recipient_limit = $default_recipient_limit
+relay_clientcerts =
-relay_recipient_maps =
+relay_delivery_slot_cost = $default_delivery_slot_cost
-relay_recipient_refill_delay = $default_recipient_refill_delay
+relay_delivery_slot_discount = $default_delivery_slot_discount
-relay_recipient_refill_limit = $default_recipient_refill_limit
+relay_delivery_slot_loan = $default_delivery_slot_loan
-relay_transport = relay
+relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-relayhost =
+relay_destination_concurrency_limit = $default_destination_concurrency_limit
-relocated_maps =
+relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-remote_header_rewrite_domain =
+relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-require_home_directory = no
+relay_destination_rate_delay = $default_destination_rate_delay
-reset_owner_alias = no
+relay_destination_recipient_limit = $default_destination_recipient_limit
-resolve_dequoted_address = yes
+relay_domains = $mydestination
-resolve_null_domain = no
+relay_domains_reject_code = 554
-resolve_numeric_domain = no
+relay_extra_recipient_limit = $default_extra_recipient_limit
-retry_delivery_slot_cost = $default_delivery_slot_cost
+relay_initial_destination_concurrency = $initial_destination_concurrency
-retry_delivery_slot_discount = $default_delivery_slot_discount
+relay_minimum_delivery_slots = $default_minimum_delivery_slots
-retry_delivery_slot_loan = $default_delivery_slot_loan
+relay_recipient_limit = $default_recipient_limit
-retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+relay_recipient_maps =
-retry_destination_concurrency_limit = $default_destination_concurrency_limit
+relay_recipient_refill_delay = $default_recipient_refill_delay
-retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+relay_recipient_refill_limit = $default_recipient_refill_limit
-retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+relay_transport = relay
-retry_destination_rate_delay = $default_destination_rate_delay
+relayhost =
-retry_destination_recipient_limit = $default_destination_recipient_limit
+relocated_maps =
-retry_extra_recipient_limit = $default_extra_recipient_limit
+remote_header_rewrite_domain =
-retry_initial_destination_concurrency = $initial_destination_concurrency
+require_home_directory = no
-retry_minimum_delivery_slots = $default_minimum_delivery_slots
+reset_owner_alias = no
-retry_recipient_limit = $default_recipient_limit
+resolve_dequoted_address = yes
-retry_recipient_refill_delay = $default_recipient_refill_delay
+resolve_null_domain = no
-retry_recipient_refill_limit = $default_recipient_refill_limit
+resolve_numeric_domain = no
-rewrite_service_name = rewrite
+retry_delivery_slot_cost = $default_delivery_slot_cost
-sample_directory = /etc/postfix
+retry_delivery_slot_discount = $default_delivery_slot_discount
-send_cyrus_sasl_authzid = no
+retry_delivery_slot_loan = $default_delivery_slot_loan
-sender_bcc_maps =
+retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-sender_canonical_classes = envelope_sender, header_sender
+retry_destination_concurrency_limit = $default_destination_concurrency_limit
-sender_canonical_maps =
+retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-sender_dependent_default_transport_maps =
+retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-sender_dependent_relayhost_maps =
+retry_destination_rate_delay = $default_destination_rate_delay
-sendmail_fix_line_endings = always
+retry_destination_recipient_limit = $default_destination_recipient_limit
-sendmail_path = /usr/sbin/sendmail
+retry_extra_recipient_limit = $default_extra_recipient_limit
-service_throttle_time = 60s
+retry_initial_destination_concurrency = $initial_destination_concurrency
-setgid_group = postdrop
+retry_minimum_delivery_slots = $default_minimum_delivery_slots
-show_user_unknown_table_name = yes
+retry_recipient_limit = $default_recipient_limit
-showq_service_name = showq
+retry_recipient_refill_delay = $default_recipient_refill_delay
-smtp_address_preference = any
+retry_recipient_refill_limit = $default_recipient_refill_limit
-smtp_always_send_ehlo = yes
+rewrite_service_name = rewrite
-smtp_bind_address =
+sample_directory = /etc/postfix
-smtp_bind_address6 =
+send_cyrus_sasl_authzid = no
-smtp_body_checks =
+sender_bcc_maps =
-smtp_cname_overrides_servername = no
+sender_canonical_classes = envelope_sender, header_sender
-smtp_connect_timeout = 30s
+sender_canonical_maps =
-smtp_connection_cache_destinations =
+sender_dependent_default_transport_maps =
-smtp_connection_cache_on_demand = yes
+sender_dependent_relayhost_maps =
-smtp_connection_cache_time_limit = 2s
+sendmail_fix_line_endings = always
-smtp_connection_reuse_count_limit = 0
+sendmail_path = /usr/sbin/sendmail
-smtp_connection_reuse_time_limit = 300s
+service_throttle_time = 60s
-smtp_data_done_timeout = 600s
+setgid_group = postdrop
-smtp_data_init_timeout = 120s
+show_user_unknown_table_name = yes
-smtp_data_xfer_timeout = 180s
+showq_service_name = showq
-smtp_defer_if_no_mx_address_found = no
+smtp_address_preference = any
-smtp_delivery_slot_cost = $default_delivery_slot_cost
+smtp_always_send_ehlo = yes
-smtp_delivery_slot_discount = $default_delivery_slot_discount
+smtp_bind_address =
-smtp_delivery_slot_loan = $default_delivery_slot_loan
+smtp_bind_address6 =
-smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+smtp_body_checks =
-smtp_destination_concurrency_limit = $default_destination_concurrency_limit
+smtp_cname_overrides_servername = no
-smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+smtp_connect_timeout = 30s
-smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+smtp_connection_cache_destinations =
-smtp_destination_rate_delay = $default_destination_rate_delay
+smtp_connection_cache_on_demand = yes
-smtp_destination_recipient_limit = $default_destination_recipient_limit
+smtp_connection_cache_time_limit = 2s
-smtp_discard_ehlo_keyword_address_maps =
+smtp_connection_reuse_count_limit = 0
-smtp_discard_ehlo_keywords =
+smtp_connection_reuse_time_limit = 300s
-smtp_dns_resolver_options =
+smtp_data_done_timeout = 600s
-smtp_dns_support_level =
+smtp_data_init_timeout = 120s
-smtp_enforce_tls = no
+smtp_data_xfer_timeout = 180s
-smtp_extra_recipient_limit = $default_extra_recipient_limit
+smtp_defer_if_no_mx_address_found = no
-smtp_fallback_relay = $fallback_relay
+smtp_delivery_slot_cost = $default_delivery_slot_cost
-smtp_generic_maps =
+smtp_delivery_slot_discount = $default_delivery_slot_discount
-smtp_header_checks =
+smtp_delivery_slot_loan = $default_delivery_slot_loan
-smtp_helo_name = $myhostname
+smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
-smtp_helo_timeout = 300s
+smtp_destination_concurrency_limit = $default_destination_concurrency_limit
-smtp_host_lookup = dns
+smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
-smtp_initial_destination_concurrency = $initial_destination_concurrency
+smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
-smtp_line_length_limit = 998
+smtp_destination_rate_delay = $default_destination_rate_delay
-smtp_mail_timeout = 300s
+smtp_destination_recipient_limit = $default_destination_recipient_limit
-smtp_mime_header_checks =
+smtp_discard_ehlo_keyword_address_maps =
-smtp_minimum_delivery_slots = $default_minimum_delivery_slots
+smtp_discard_ehlo_keywords =
-smtp_mx_address_limit = 5
+smtp_dns_resolver_options =
-smtp_mx_session_limit = 2
+smtp_dns_support_level =
-smtp_nested_header_checks =
+smtp_enforce_tls = no
-smtp_never_send_ehlo = no
+smtp_extra_recipient_limit = $default_extra_recipient_limit
-smtp_per_record_deadline = no
+smtp_fallback_relay = $fallback_relay
-smtp_pix_workaround_delay_time = 10s
+smtp_generic_maps =
-smtp_pix_workaround_maps =
+smtp_header_checks =
-smtp_pix_workaround_threshold_time = 500s
+smtp_helo_name = $myhostname
-smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
+smtp_helo_timeout = 300s
-smtp_quit_timeout = 300s
+smtp_host_lookup = dns
-smtp_quote_rfc821_envelope = yes
+smtp_initial_destination_concurrency = $initial_destination_concurrency
-smtp_randomize_addresses = yes
+smtp_line_length_limit = 998
-smtp_rcpt_timeout = 300s
+smtp_mail_timeout = 300s
-smtp_recipient_limit = $default_recipient_limit
+smtp_mime_header_checks =
-smtp_recipient_refill_delay = $default_recipient_refill_delay
+smtp_minimum_delivery_slots = $default_minimum_delivery_slots
-smtp_recipient_refill_limit = $default_recipient_refill_limit
+smtp_mx_address_limit = 5
-smtp_reply_filter =
+smtp_mx_session_limit = 2
-smtp_rset_timeout = 20s
+smtp_nested_header_checks =
-smtp_sasl_auth_cache_name =
+smtp_never_send_ehlo = no
-smtp_sasl_auth_cache_time = 90d
+smtp_per_record_deadline = no
-smtp_sasl_auth_enable = no
+smtp_pix_workaround_delay_time = 10s
-smtp_sasl_auth_soft_bounce = yes
+smtp_pix_workaround_maps =
-smtp_sasl_mechanism_filter =
+smtp_pix_workaround_threshold_time = 500s
-smtp_sasl_password_maps =
+smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
-smtp_sasl_path =
+smtp_quit_timeout = 300s
-smtp_sasl_security_options = noplaintext, noanonymous
+smtp_quote_rfc821_envelope = yes
-smtp_sasl_tls_security_options = $smtp_sasl_security_options
+smtp_randomize_addresses = yes
-smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
+smtp_rcpt_timeout = 300s
-smtp_sasl_type = cyrus
+smtp_recipient_limit = $default_recipient_limit
-smtp_send_dummy_mail_auth = no
+smtp_recipient_refill_delay = $default_recipient_refill_delay
-smtp_send_xforward_command = no
+smtp_recipient_refill_limit = $default_recipient_refill_limit
-smtp_sender_dependent_authentication = no
+smtp_reply_filter =
-smtp_skip_5xx_greeting = yes
+smtp_rset_timeout = 20s
-smtp_skip_quit_response = yes
+smtp_sasl_auth_cache_name =
-smtp_starttls_timeout = 300s
+smtp_sasl_auth_cache_time = 90d
-smtp_tls_CAfile =
+smtp_sasl_auth_enable = no
-smtp_tls_CApath =
+smtp_sasl_auth_soft_bounce = yes
-smtp_tls_block_early_mail_reply = no
+smtp_sasl_mechanism_filter =
-smtp_tls_cert_file =
+smtp_sasl_password_maps =
-smtp_tls_ciphers = export
+smtp_sasl_path =
-smtp_tls_dcert_file =
+smtp_sasl_security_options = noplaintext, noanonymous
-smtp_tls_dkey_file = $smtp_tls_dcert_file
+smtp_sasl_tls_security_options = $smtp_sasl_security_options
-smtp_tls_eccert_file =
+smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
-smtp_tls_eckey_file = $smtp_tls_eccert_file
+smtp_sasl_type = cyrus
-smtp_tls_enforce_peername = yes
+smtp_send_dummy_mail_auth = no
-smtp_tls_exclude_ciphers =
+smtp_send_xforward_command = no
-smtp_tls_fingerprint_cert_match =
+smtp_sender_dependent_authentication = no
-smtp_tls_fingerprint_digest = md5
+smtp_skip_5xx_greeting = yes
-smtp_tls_force_insecure_host_tlsa_lookup = no
+smtp_skip_quit_response = yes
-smtp_tls_key_file = $smtp_tls_cert_file
+smtp_starttls_timeout = 300s
-smtp_tls_loglevel = 0
+smtp_tls_CAfile =
-smtp_tls_mandatory_ciphers = medium
+smtp_tls_CApath =
-smtp_tls_mandatory_exclude_ciphers =
+smtp_tls_block_early_mail_reply = no
-smtp_tls_mandatory_protocols = !SSLv2
+smtp_tls_cert_file =
-smtp_tls_note_starttls_offer = no
+smtp_tls_ciphers = medium
-smtp_tls_per_site =
+smtp_tls_dcert_file =
-smtp_tls_policy_maps =
+smtp_tls_dkey_file = $smtp_tls_dcert_file
-smtp_tls_protocols = !SSLv2
+smtp_tls_eccert_file =
-smtp_tls_scert_verifydepth = 9
+smtp_tls_eckey_file = $smtp_tls_eccert_file
-smtp_tls_secure_cert_match = nexthop, dot-nexthop
+smtp_tls_enforce_peername = yes
-smtp_tls_security_level =
+smtp_tls_exclude_ciphers =
-smtp_tls_session_cache_database =
+smtp_tls_fingerprint_cert_match =
-smtp_tls_session_cache_timeout = 3600s
+smtp_tls_fingerprint_digest = md5
-smtp_tls_trust_anchor_file =
+smtp_tls_force_insecure_host_tlsa_lookup = no
-smtp_tls_verify_cert_match = hostname
+smtp_tls_key_file = $smtp_tls_cert_file
-smtp_use_tls = no
+smtp_tls_loglevel = 0
-smtp_xforward_timeout = 300s
+smtp_tls_mandatory_ciphers = medium
-smtpd_authorized_verp_clients = $authorized_verp_clients
+smtp_tls_mandatory_exclude_ciphers =
-smtpd_authorized_xclient_hosts =
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_authorized_xforward_hosts =
+smtp_tls_note_starttls_offer = no
-smtpd_banner = $myhostname ESMTP $mail_name
+smtp_tls_per_site =
-smtpd_client_connection_count_limit = 50
+smtp_tls_policy_maps =
-smtpd_client_connection_rate_limit = 0
+smtp_tls_protocols = !SSLv2, !SSLv3
-smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
+smtp_tls_scert_verifydepth = 9
-smtpd_client_message_rate_limit = 0
+smtp_tls_secure_cert_match = nexthop, dot-nexthop
-smtpd_client_new_tls_session_rate_limit = 0
+smtp_tls_security_level =
-smtpd_client_port_logging = no
+smtp_tls_session_cache_database =
-smtpd_client_recipient_rate_limit = 0
+smtp_tls_session_cache_timeout = 3600s
-smtpd_client_restrictions =
+smtp_tls_trust_anchor_file =
-smtpd_command_filter =
+smtp_tls_verify_cert_match = hostname
-smtpd_data_restrictions =
+smtp_use_tls = no
-smtpd_delay_open_until_valid_rcpt = yes
+smtp_xforward_timeout = 300s
-smtpd_delay_reject = yes
+smtpd_authorized_verp_clients = $authorized_verp_clients
-smtpd_discard_ehlo_keyword_address_maps =
+smtpd_authorized_xclient_hosts =
-smtpd_discard_ehlo_keywords =
+smtpd_authorized_xforward_hosts =
-smtpd_end_of_data_restrictions =
+smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_enforce_tls = no
+smtpd_client_connection_count_limit = 50
-smtpd_error_sleep_time = 1s
+smtpd_client_connection_rate_limit = 0
-smtpd_etrn_restrictions =
+smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
-smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
+smtpd_client_message_rate_limit = 0
-smtpd_forbidden_commands = CONNECT GET POST
+smtpd_client_new_tls_session_rate_limit = 0
-smtpd_hard_error_limit = ${stress?1}${stress:20}
+smtpd_client_port_logging = no
-smtpd_helo_required = no
+smtpd_client_recipient_rate_limit = 0
-smtpd_helo_restrictions =
+smtpd_client_restrictions =
-smtpd_history_flush_threshold = 100
+smtpd_command_filter =
-smtpd_junk_command_limit = ${stress?1}${stress:100}
+smtpd_data_restrictions =
-smtpd_log_access_permit_actions =
+smtpd_delay_open_until_valid_rcpt = yes
-smtpd_milters =
+smtpd_delay_reject = yes
-smtpd_noop_commands =
+smtpd_discard_ehlo_keyword_address_maps =
-smtpd_null_access_lookup_key = <>
+smtpd_discard_ehlo_keywords =
-smtpd_peername_lookup = yes
+smtpd_end_of_data_restrictions =
-smtpd_per_record_deadline = ${stress?yes}${stress:no}
+smtpd_enforce_tls = no
-smtpd_policy_service_max_idle = 300s
+smtpd_error_sleep_time = 1s
-smtpd_policy_service_max_ttl = 1000s
+smtpd_etrn_restrictions =
-smtpd_policy_service_timeout = 100s
+smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
-smtpd_proxy_ehlo = $myhostname
+smtpd_forbidden_commands = CONNECT GET POST
-smtpd_proxy_filter =
+smtpd_hard_error_limit = ${stress?1}${stress:20}
-smtpd_proxy_options =
+smtpd_helo_required = no
-smtpd_proxy_timeout = 100s
+smtpd_helo_restrictions =
-smtpd_recipient_limit = 1000
+smtpd_history_flush_threshold = 100
-smtpd_recipient_overshoot_limit = 1000
+smtpd_junk_command_limit = ${stress?1}${stress:100}
-smtpd_recipient_restrictions =
+smtpd_log_access_permit_actions =
-smtpd_reject_footer =
+smtpd_milters =
-smtpd_reject_unlisted_recipient = yes
+smtpd_noop_commands =
-smtpd_reject_unlisted_sender = no
+smtpd_null_access_lookup_key = <>
-smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
+smtpd_peername_lookup = yes
-smtpd_restriction_classes =
+smtpd_per_record_deadline = ${stress?yes}${stress:no}
-smtpd_sasl_auth_enable = no
+smtpd_policy_service_max_idle = 300s
-smtpd_sasl_authenticated_header = no
+smtpd_policy_service_max_ttl = 1000s
-smtpd_sasl_exceptions_networks =
+smtpd_policy_service_timeout = 100s
-smtpd_sasl_local_domain =
+smtpd_proxy_ehlo = $myhostname
-smtpd_sasl_path = smtpd
+smtpd_proxy_filter =
-smtpd_sasl_security_options = noanonymous
+smtpd_proxy_options =
-smtpd_sasl_service = smtp
+smtpd_proxy_timeout = 100s
-smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
+smtpd_recipient_limit = 1000
-smtpd_sasl_type = cyrus
+smtpd_recipient_overshoot_limit = 1000
-smtpd_sender_login_maps =
+smtpd_recipient_restrictions =
-smtpd_sender_restrictions =
+smtpd_reject_footer =
-smtpd_service_name = smtpd
+smtpd_reject_unlisted_recipient = yes
-smtpd_soft_error_limit = 10
+smtpd_reject_unlisted_sender = no
-smtpd_starttls_timeout = ${stress?10}${stress:300}s
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
-smtpd_timeout = ${stress?10}${stress:300}s
+smtpd_restriction_classes =
-smtpd_tls_CAfile =
+smtpd_sasl_auth_enable = no
-smtpd_tls_CApath =
+smtpd_sasl_authenticated_header = no
-smtpd_tls_always_issue_session_ids = yes
+smtpd_sasl_exceptions_networks =
-smtpd_tls_ask_ccert = no
+smtpd_sasl_local_domain =
-smtpd_tls_auth_only = no
+smtpd_sasl_path = smtpd
-smtpd_tls_ccert_verifydepth = 9
+smtpd_sasl_security_options = noanonymous
-smtpd_tls_cert_file =
+smtpd_sasl_service = smtp
-smtpd_tls_ciphers = export
+smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
-smtpd_tls_dcert_file =
+smtpd_sasl_type = cyrus
-smtpd_tls_dh1024_param_file =
+smtpd_sender_login_maps =
-smtpd_tls_dh512_param_file =
+smtpd_sender_restrictions =
-smtpd_tls_dkey_file = $smtpd_tls_dcert_file
+smtpd_service_name = smtpd
-smtpd_tls_eccert_file =
+smtpd_soft_error_limit = 10
-smtpd_tls_eckey_file = $smtpd_tls_eccert_file
+smtpd_starttls_timeout = ${stress?10}${stress:300}s
-smtpd_tls_eecdh_grade = strong
+smtpd_timeout = ${stress?10}${stress:300}s
-smtpd_tls_exclude_ciphers =
+smtpd_tls_CAfile =
-smtpd_tls_fingerprint_digest = md5
+smtpd_tls_CApath =
-smtpd_tls_key_file = $smtpd_tls_cert_file
+smtpd_tls_always_issue_session_ids = yes
-smtpd_tls_loglevel = 0
+smtpd_tls_ask_ccert = no
-smtpd_tls_mandatory_ciphers = medium
+smtpd_tls_auth_only = no
-smtpd_tls_mandatory_exclude_ciphers =
+smtpd_tls_ccert_verifydepth = 9
-smtpd_tls_mandatory_protocols = !SSLv2
+smtpd_tls_cert_file =
-smtpd_tls_protocols =
+smtpd_tls_ciphers = medium
-smtpd_tls_received_header = no
+smtpd_tls_dcert_file =
-smtpd_tls_req_ccert = no
+smtpd_tls_dh1024_param_file =
-smtpd_tls_security_level =
+smtpd_tls_dh512_param_file =
-smtpd_tls_session_cache_database =
+smtpd_tls_dkey_file = $smtpd_tls_dcert_file
-smtpd_tls_session_cache_timeout = 3600s
+smtpd_tls_eccert_file =
-smtpd_tls_wrappermode = no
+smtpd_tls_eckey_file = $smtpd_tls_eccert_file
-smtpd_upstream_proxy_protocol =
+smtpd_tls_eecdh_grade = strong
-smtpd_upstream_proxy_timeout = 5s
+smtpd_tls_exclude_ciphers =
-smtpd_use_tls = no
+smtpd_tls_fingerprint_digest = md5
-soft_bounce = no
+smtpd_tls_key_file = $smtpd_tls_cert_file
-stale_lock_time = 500s
+smtpd_tls_loglevel = 0
-stress =
+smtpd_tls_mandatory_ciphers = medium
-strict_7bit_headers = no
+smtpd_tls_mandatory_exclude_ciphers =
-strict_8bitmime = no
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-strict_8bitmime_body = no
+smtpd_tls_protocols = !SSLv2, !SSLv3
-strict_mailbox_ownership = yes
+smtpd_tls_received_header = no
-strict_mime_encoding_domain = no
+smtpd_tls_req_ccert = no
-strict_rfc821_envelopes = no
+smtpd_tls_security_level =
-sun_mailtool_compatibility = no
+smtpd_tls_session_cache_database =
-swap_bangpath = yes
+smtpd_tls_session_cache_timeout = 3600s
-syslog_facility = mail
+smtpd_tls_wrappermode = no
-syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
+smtpd_upstream_proxy_protocol =
-tcp_windowsize = 0
+smtpd_upstream_proxy_timeout = 5s
-tls_append_default_CA = no
+smtpd_use_tls = no
-tls_daemon_random_bytes = 32
+soft_bounce = no
-tls_dane_digest_agility = on
+stale_lock_time = 500s
-tls_dane_digests = sha512 sha256
+stress =
-tls_dane_trust_anchor_digest_enable = yes
+strict_7bit_headers = no
-tls_disable_workarounds =
+strict_8bitmime = no
-tls_eecdh_strong_curve = prime256v1
+strict_8bitmime_body = no
-tls_eecdh_ultra_curve = secp384r1
+strict_mailbox_ownership = yes
-tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
+strict_mime_encoding_domain = no
-tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
+strict_rfc821_envelopes = no
-tls_legacy_public_key_fingerprints = no
+sun_mailtool_compatibility = no
-tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
+swap_bangpath = yes
-tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
+syslog_facility = mail
-tls_null_cipherlist = eNULL:!aNULL
+syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
-tls_preempt_cipherlist = no
+tcp_windowsize = 0
-tls_random_bytes = 32
+tls_append_default_CA = no
-tls_random_exchange_name = ${data_directory}/prng_exch
+tls_daemon_random_bytes = 32
-tls_random_prng_update_period = 3600s
+tls_dane_digest_agility = on
-tls_random_reseed_period = 3600s
+tls_dane_digests = sha512 sha256
-tls_random_source = dev:/dev/urandom
+tls_dane_trust_anchor_digest_enable = yes
-tls_ssl_options =
+tls_disable_workarounds =
-tls_wildcard_matches_multiple_labels = yes
+tls_eecdh_strong_curve = prime256v1
-tlsmgr_service_name = tlsmgr
+tls_eecdh_ultra_curve = secp384r1
-tlsproxy_enforce_tls = $smtpd_enforce_tls
+tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
-tlsproxy_service_name = tlsproxy
+tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
-tlsproxy_tls_CAfile = $smtpd_tls_CAfile
+tls_legacy_public_key_fingerprints = no
-tlsproxy_tls_CApath = $smtpd_tls_CApath
+tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
-tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
+tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
-tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
+tls_null_cipherlist = eNULL:!aNULL
-tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
+tls_preempt_cipherlist = no
-tlsproxy_tls_cert_file = $smtpd_tls_cert_file
+tls_random_bytes = 32
-tlsproxy_tls_ciphers = $smtpd_tls_ciphers
+tls_random_exchange_name = ${data_directory}/prng_exch
-tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
+tls_random_prng_update_period = 3600s
-tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
+tls_random_reseed_period = 3600s
-tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
+tls_random_source = dev:/dev/urandom
-tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
+tls_ssl_options =
-tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
+tls_wildcard_matches_multiple_labels = yes
-tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
+tlsmgr_service_name = tlsmgr
-tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
+tlsproxy_enforce_tls = $smtpd_enforce_tls
-tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+tlsproxy_service_name = tlsproxy
-tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
+tlsproxy_tls_CAfile = $smtpd_tls_CAfile
-tlsproxy_tls_key_file = $smtpd_tls_key_file
+tlsproxy_tls_CApath = $smtpd_tls_CApath
-tlsproxy_tls_loglevel = $smtpd_tls_loglevel
+tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
-tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
+tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
-tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
+tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
-tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
+tlsproxy_tls_cert_file = $smtpd_tls_cert_file
-tlsproxy_tls_protocols = $smtpd_tls_protocols
+tlsproxy_tls_ciphers = $smtpd_tls_ciphers
-tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
+tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
-tlsproxy_tls_security_level = $smtpd_tls_security_level
+tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
-tlsproxy_use_tls = $smtpd_use_tls
+tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
-tlsproxy_watchdog_timeout = 10s
+tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
+tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
+tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
+tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
+tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
+tlsproxy_tls_key_file = $smtpd_tls_key_file
+tlsproxy_tls_loglevel = $smtpd_tls_loglevel
+tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
+tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
+tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
+tlsproxy_tls_protocols = $smtpd_tls_protocols
+tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
+tlsproxy_tls_security_level = $smtpd_tls_security_level
+tlsproxy_use_tls = $smtpd_use_tls
+tlsproxy_watchdog_timeout = 10s
 trace_service_name = trace
 transport_maps =
@@ Zeile 2277: / Zeile 2291: @@
 virtual_uid_maps =
 </code>
@@ Zeile 2307: / Zeile 2316: @@
   * **inet_interfaces** \\ Festlegung der Netzwerk-Adresse, von denen der Mailserver Verbindungen annehmen soll. Bei einfachen Workstations wird man hier den Vorgabewert ''localhost'' belassen. Wollen wir einen richtigen Mailserver betreiben, so definieren wir hier entweder direkt sine IP-Adresse, oder geben das Schlüsselwort ''all'' für alle Netzwerkschnittstellen an.
   * **inet_protocols** \\ Festlegung des verwendeten Internetprotokolles, abhängig von der Serverkonfiguration selbst. Wurde der [[centos:ipv6_disable|IPv6-Support]] deaktiviert, so definiert man hier entsprechend die Option ''inet_protocols = ipv4''.
-  * **smtp_banner** \\ Definition des Begrüßungstextes, den der Mailserver nach dem Aufbau eingehender Verbindungenvon externen Mailservern ausgibt. Hier wird man i.d.R. aus Sicherheitsgründen lediglich den Hostnamen und den Namen des Mailservers preis geben, nicht aber Versionsangaben oder weiteres.
+  * **smtpd_banner** \\ Definition des Begrüßungstextes, den der Mailserver nach dem Aufbau eingehender Verbindungenvon externen Mailservern ausgibt. Hier wird man i.d.R. aus Sicherheitsgründen lediglich den Hostnamen und den Namen des Mailservers preis geben, nicht aber Versionsangaben oder weiteres.
+===== Lockup-Tables =====
+Neben den beiden vorgenannten Hauptkonfigurationsdateien **main.cf** und **master.cf** finden wir im Konfigurationsverzeichnis //**/etc/postfix**// noch ein paar Lockup-Tabellen, die bei der RPM-Installation automatisch angelegt wurden.
+   # ls -l --hide=*.cf --hide=header_checks /etc/postfix/
+<code>total 112
+-rw-r--r--. 1 root root 21006 Sep 24 19:22 access
+-rw-r--r--. 1 root root 11683 Sep 24 19:22 canonical
+-rw-r--r--. 1 root root  9904 Sep 24 19:22 generic
+-rw-r--r--. 1 root root  6816 Sep 24 19:22 relocated
+-rw-r--r--. 1 root root 12549 Sep 24 19:22 transport
+-rw-r--r--. 1 root root 12510 Sep 24 19:22 virtual
+</code>
+Den Umgang mit diesen access- und lookup-Tabellen ist im Kapitel [[centos:mail_c7:mta_4|Konfiguration unseres MTAs Postfix 2.11 unter CentOS7]] detailliert beschrieben.
+  * **[[centos:mail_c7:mta_4?&#access|access]]**
+  * **[[centos:mail_c7:mta_4?&#canonical|canonical]]**
+  * **[[centos:mail_c7:mta_4?&#generic|generic]]**
+  * **[[centos:mail_c7:mta_4?&#relocated|relocated]]**
+  * **[[centos:mail_c7:mta_4?&#transport|transport]]**
+  * **[[centos:mail_c7:mta_4?&#virtual|virtual]]**
+===== Header-Checks =====
+Möchte man Informationen im Mailheader zum Bewerten verwenden, um so z.B. eine Nachricht zu blocken, kann man dies mit Hilfe der Konfigurationsdatei **header_checks** realisieren.
+   # less /etc/postfix/header_checks
+<file bash /etc/postfix/header_checks># HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
+#
+# NAME
+#        header_checks - Postfix built-in content inspection
+#
+# SYNOPSIS
+#        header_checks = pcre:/etc/postfix/header_checks
+#        mime_header_checks = pcre:/etc/postfix/mime_header_checks
+#        nested_header_checks = pcre:/etc/postfix/nested_header_checks
+#        body_checks = pcre:/etc/postfix/body_checks
+#
+#        milter_header_checks = pcre:/etc/postfix/milter_header_checks
+#
+#        smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
+#        smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
+#        smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
+#        smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
+#
+#        postmap -q "string" pcre:/etc/postfix/filename
+#        postmap -q - pcre:/etc/postfix/filename <inputfile
+#
+# DESCRIPTION
+#        This  document  describes access control on the content of
+#        message headers and message body lines; it is  implemented
+#        by  the  Postfix  cleanup(8) server before mail is queued.
+#        See access(5) for access control  on  remote  SMTP  client
+#        information.
+#
+#        Each  message  header  or  message  body  line is compared
+#        against a list of patterns.  When a  match  is  found  the
+#        corresponding action is executed, and the matching process
+#        is repeated for the next message header  or  message  body
+#        line.
+#
+#        Note: message headers are examined one logical header at a
+#        time, even when a message  header  spans  multiple  lines.
+#        Body lines are always examined one line at a time.
+#
+#        For  examples, see the EXAMPLES section at the end of this
+#        manual page.
+#
+#        Postfix header or body_checks are designed to stop a flood
+#        of  mail from worms or viruses; they do not decode attach-
+#        ments, and they do not unzip archives. See  the  documents
+#        referenced  below  in the README FILES section if you need
+#        more sophisticated content analysis.
+#
+# FILTERS WHILE RECEIVING MAIL
+#        Postfix implements the  following  four  built-in  content
+#        inspection classes while receiving mail:
+#
+#        header_checks (default: empty)
+#               These   are  applied  to  initial  message  headers
+#               (except for the headers  that  are  processed  with
+#               mime_header_checks).
+#
+#        mime_header_checks (default: $header_checks)
+#               These  are  applied to MIME related message headers
+#               only.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#        nested_header_checks (default: $header_checks)
+#               These  are  applied  to message headers of attached
+#               email messages (except for  the  headers  that  are
+#               processed with mime_header_checks).
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#        body_checks
+#               These are applied to all other  content,  including
+#               multi-part message boundaries.
+#
+#               With Postfix versions before 2.0, all content after
+#               the initial message headers is treated as body con-
+#               tent.
+#
+# FILTERS AFTER RECEIVING MAIL
+#        Postfix  supports a subset of the built-in content inspec-
+#        tion classes after the message is received:
+#
+#        milter_header_checks (default: empty)
+#               These are applied to headers that  are  added  with
+#               Milter applications.
+#
+#               This feature is available in Postfix 2.7 and later.
+#
+# FILTERS WHILE DELIVERING MAIL
+#        Postfix supports all four content inspection classes while
+#        delivering mail via SMTP.
+#
+#        smtp_header_checks (default: empty)
+#
+#        smtp_mime_header_checks (default: empty)
+#
+#        smtp_nested_header_checks (default: empty)
+#
+#        smtp_body_checks (default: empty)
+#               These  features  are  available  in Postfix 2.5 and
+#               later.
+#
+# COMPATIBILITY
+#        With Postfix version 2.2 and earlier specify "postmap -fq"
+#        to query a table that contains case sensitive patterns. By
+#        default, regexp: and pcre: patterns are case  insensitive.
+#
+# TABLE FORMAT
+#        This  document  assumes  that header and body_checks rules
+#        are specified in the form of  Postfix  regular  expression
+#        lookup  tables.  Usually  the best performance is obtained
+#        with pcre (Perl Compatible Regular Expression) tables. The
+#        regexp  (POSIX  regular  expressions)  tables  are usually
+#        slower, but more widely available.  Use the command "post-
+#        conf  -m" to find out what lookup table types your Postfix
+#        system supports.
+#
+#        The general format of Postfix regular expression tables is
+#        given  below.   For  a  discussion  of specific pattern or
+#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+#        respectively.
+#
+#        /pattern/flags action
+#               When  /pattern/  matches  the input string, execute
+#               the corresponding action. See below for a  list  of
+#               possible actions.
+#
+#        !/pattern/flags action
+#               When  /pattern/  does  not  match the input string,
+#               execute the corresponding action.
+#
+#        if /pattern/flags
+#
+#        endif  Match the input string against the patterns between
+#               if  and endif, if and only if the same input string
+#               also matches /pattern/. The if..endif can nest.
+#
+#               Note: do not prepend whitespace to patterns  inside
+#               if..endif.
+#
+#        if !/pattern/flags
+#
+#        endif  Match the input string against the patterns between
+#               if and endif, if and only if the same input  string
+#               does not match /pattern/. The if..endif can nest.
+#
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+#
+#        multi-line text
+#               A  pattern/action  line  starts with non-whitespace
+#               text. A line that starts with whitespace  continues
+#               a logical line.
+#
+# TABLE SEARCH ORDER
+#        For  each  line of message input, the patterns are applied
+#        in the order as specified in the table. When a pattern  is
+#        found  that  matches  the  input  line,  the corresponding
+#        action is  executed  and  then  the  next  input  line  is
+#        inspected.
+#
+# TEXT SUBSTITUTION
+#        Substitution  of  substrings  from  the matched expression
+#        into the action string is possible using the  conventional
+#        Perl  syntax  ($1,  $2,  etc.).   The macros in the result
+#        string may need to be written as  ${n}  or  $(n)  if  they
+#        aren't followed by whitespace.
+#
+#        Note:  since negated patterns (those preceded by !) return
+#        a result when the expression does not match, substitutions
+#        are not available for negated patterns.
+#
+# ACTIONS
+#        Action names are case insensitive. They are shown in upper
+#        case for consistency with other Postfix documentation.
+#
+#        DISCARD optional text...
+#               Claim successful delivery and silently discard  the
+#               message.   Log the optional text if specified, oth-
+#               erwise log a generic message.
+#
+#               Note:  this  action  disables  further  header   or
+#               body_checks  inspection  of the current message and
+#               affects all recipients.  To discard only one recip-
+#               ient without discarding the entire message, use the
+#               transport(5) table to direct mail to the discard(8)
+#               service.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        DUNNO  Pretend  that the input line did not match any pat-
+#               tern, and inspect the next input line. This  action
+#               can be used to shorten the table search.
+#
+#               For  backwards  compatibility reasons, Postfix also
+#               accepts OK but it is (and always has been)  treated
+#               as DUNNO.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#        FILTER transport:destination
+#               After the message is queued, send the  entire  mes-
+#               sage through the specified external content filter.
+#               The transport name specifies the first field  of  a
+#               mail  delivery  agent  definition in master.cf; the
+#               syntax of the next-hop destination is described  in
+#               the  manual  page  of  the  corresponding  delivery
+#               agent.  More  information  about  external  content
+#               filters is in the Postfix FILTER_README file.
+#
+#               Note  1: do not use $number regular expression sub-
+#               stitutions for transport or destination unless  you
+#               know that the information has a trusted origin.
+#
+#               Note  2:  this  action  overrides  the main.cf con-
+#               tent_filter setting, and affects all recipients  of
+#               the  message.  In  the  case  that  multiple FILTER
+#               actions fire, only the last one is executed.
+#
+#               Note 3: the purpose of the  FILTER  command  is  to
+#               override  message routing.  To override the recipi-
+#               ent's transport but not the  next-hop  destination,
+#               specify  an  empty  filter destination (Postfix 2.7
+#               and later), or specify a transport:destination that
+#               delivers   through  a  different  Postfix  instance
+#               (Postfix 2.6 and earlier). Other options are  using
+#               the  recipient-dependent transport_maps or the sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        HOLD optional text...
+#               Arrange  for  the  message to be placed on the hold
+#               queue, and inspect the next input line.   The  mes-
+#               sage  remains  on hold until someone either deletes
+#               it or releases it for delivery.  Log  the  optional
+#               text if specified, otherwise log a generic message.
+#
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
+#               released with the postsuper(1) command.
+#
+#               Note: use "postsuper -r" to release mail  that  was
+#               kept  on  hold for a significant fraction of $maxi-
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
+#               longer.  Use "postsuper -H" only for mail that will
+#               not expire within a few delivery attempts.
+#
+#               Note: this action affects  all  recipients  of  the
+#               message.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        IGNORE Delete the current line from the input, and inspect
+#               the next input line.
+#
+#        INFO optional text...
+#               Log an "info:" record with the optional text... (or
+#               log  a  generic  text),  and inspect the next input
+#               line. This action is useful for routine logging  or
+#               for debugging.
+#
+#               This feature is available in Postfix 2.8 and later.
+#
+#        PREPEND text...
+#               Prepend one  line  with  the  specified  text,  and
+#               inspect the next input line.
+#
+#               Notes:
+#
+#               o      The  prepended  text is output on a separate
+#                      line,  immediately  before  the  input  that
+#                      triggered the PREPEND action.
+#
+#               o      The prepended text is not considered part of
+#                      the input  stream:  it  is  not  subject  to
+#                      header/body checks or address rewriting, and
+#                      it does not affect the way that Postfix adds
+#                      missing message headers.
+#
+#               o      When prepending text before a message header
+#                      line, the prepended text must begin  with  a
+#                      valid message header label.
+#
+#               o      This action cannot be used to prepend multi-
+#                      line text.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#               This   feature   is   not   supported   with   mil-
+#               ter_header_checks.
+#
+#        REDIRECT user@domain
+#               Write a message redirection request  to  the  queue
+#               file,  and  inspect  the next input line. After the
+#               message is queued, it will be sent to the specified
+#               address instead of the intended recipient(s).
+#
+#               Note:  this action overrides the FILTER action, and
+#               affects all recipients of the message. If  multiple
+#               REDIRECT  actions  fire,  only the last one is exe-
+#               cuted.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        REPLACE text...
+#               Replace the current line with the  specified  text,
+#               and inspect the next input line.
+#
+#               This feature is available in Postfix 2.2 and later.
+#               The description below applies to Postfix 2.2.2  and
+#               later.
+#
+#               Notes:
+#
+#               o      When  replacing  a  message header line, the
+#                      replacement text must  begin  with  a  valid
+#                      header label.
+#
+#               o      The  replaced text remains part of the input
+#                      stream. Unlike the result from  the  PREPEND
+#                      action,  a  replaced  message  header may be
+#                      subject to address rewriting and may  affect
+#                      the  way  that  Postfix adds missing message
+#                      headers.
+#
+#        REJECT optional text...
+#               Reject the  entire  message.  Reply  with  optional
+#               text... when the optional text is specified, other-
+#               wise reply with a generic error message.
+#
+#               Note:  this  action  disables  further  header   or
+#               body_checks  inspection  of the current message and
+#               affects all recipients.
+#
+#               Postfix version 2.3 and later support enhanced sta-
+#               tus codes.  When no code is specified at the begin-
+#               ning of optional text..., Postfix inserts a default
+#               enhanced status code of "5.7.1".
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        WARN optional text...
+#               Log a "warning:" record with the  optional  text...
+#               (or log a generic text), and inspect the next input
+#               line. This action is useful for debugging  and  for
+#               testing  a  pattern  before  applying  more drastic
+#               actions.
+#
+# BUGS
+#        Empty lines never match, because some map types mis-behave
+#        when  given  a zero-length search string.  This limitation
+#        may be removed for regular expression tables in  a  future
+#        release.
+#
+#        Many  people  overlook  the main limitations of header and
+#        body_checks rules.
+#
+#        o      These rules operate on one logical  message  header
+#               or one body line at a time. A decision made for one
+#               line is not carried over to the next line.
+#
+#        o      If text in the message body is encoded  (RFC  2045)
+#               then the rules need to be specified for the encoded
+#               form.
+#
+#        o      Likewise, when message  headers  are  encoded  (RFC
+#               2047)  then  the rules need to be specified for the
+#               encoded form.
+#
+#        Message headers added by the cleanup(8) daemon itself  are
+#        excluded from inspection. Examples of such message headers
+#        are From:, To:, Message-ID:, Date:.
+#
+#        Message headers deleted by the cleanup(8) daemon  will  be
+#        examined before they are deleted. Examples are: Bcc:, Con-
+#        tent-Length:, Return-Path:.
+#
+# CONFIGURATION PARAMETERS
+#        body_checks
+#               Lookup tables with content filter rules for message
+#               body lines.  These filters see one physical line at
+#               a time, in chunks  of  at  most  $line_length_limit
+#               bytes.
+#
+#        body_checks_size_limit
+#               The  amount  of  content  per  message body segment
+#               (attachment) that is subjected to $body_checks fil-
+#               tering.
+#
+#        header_checks
+#
+#        mime_header_checks (default: $header_checks)
+#
+#        nested_header_checks (default: $header_checks)
+#               Lookup tables with content filter rules for message
+#               header lines: respectively, these  are  applied  to
+#               the  initial  message  headers  (not including MIME
+#               headers), to the MIME headers anywhere in the  mes-
+#               sage,  and  to the initial headers of attached mes-
+#               sages.
+#
+#               Note: these filters see one logical message  header
+#               at  a time, even when a message header spans multi-
+#               ple lines. Message headers  that  are  longer  than
+#               $header_size_limit characters are truncated.
+#
+#        disable_mime_input_processing
+#               While  receiving mail, give no special treatment to
+#               MIME related message headers; all  text  after  the
+#               initial message headers is considered to be part of
+#               the message body. This means that header_checks  is
+#               applied  to  all  the  initial message headers, and
+#               that body_checks is applied to the remainder of the
+#               message.
+#
+#               Note:  when  used  in this manner, body_checks will
+#               process a multi-line message header one line  at  a
+#               time.
+#
+# EXAMPLES
+#        Header  pattern  to  block  attachments with bad file name
+#        extensions.  For convenience, the PCRE /x flag  is  speci-
+#        fied,  so  that  there  is no need to collapse the pattern
+#        into  a  single  line  of  text.   The  purpose   of   the
+#        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
+#        strings.
+#
+#        /etc/postfix/main.cf:
+#            header_checks = pcre:/etc/postfix/header_checks.pcre
+#
+#        /etc/postfix/header_checks.pcre:
+#            /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+#              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
+#              hlp|ht[at]|
+#              inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
+#              \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
+#              ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
+#              vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
+#                REJECT Attachment name "$2" may not end with ".$4"
+#
+#        Body pattern to stop a specific HTML browser vulnerability
+#        exploit.
+#
+#        /etc/postfix/main.cf:
+#            body_checks = regexp:/etc/postfix/body_checks
+#
+#        /etc/postfix/body_checks:
+#            /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+#                REJECT IFRAME vulnerability exploit
+#
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue Postfix message
+#        pcre_table(5), format of PCRE lookup tables
+#        regexp_table(5), format of POSIX regular expression tables
+#        postconf(1), Postfix configuration utility
+#        postmap(1), Postfix lookup table management
+#        postsuper(1), Postfix janitor
+#        postcat(1), show Postfix queue file contents
+#        RFC 2045, base64 and quoted-printable encoding rules
+#        RFC 2047, message header encoding for non-ASCII text
+#
+# README FILES
+#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+#        CONTENT_INSPECTION_README, Postfix content inspection overview
+#        BUILTIN_FILTER_README, Postfix built-in content inspection
+#        BACKSCATTER_README, blocking returned forged mail
+#
+# LICENSE
+#        The Secure Mailer license must be  distributed  with  this
+#        software.
+#
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+#
+#
+</file>
+Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen. FIXME
+===== Paketfilter / Firewall =====
+Damit fremde **MTA**s((**M**ail **T**ransfer **A**gent)) auf **[[centos:mail_c7:mta_1#smtpd|SMTP]]**-Port **25** und unsere Kunden mit deren **MUA**s((**M**ail **U**ser **A**gent)) auf dem **[[centos:mail_c7:mta_1#submission|Submission]]**-Port **587** ihre Nachrichten bei unserem Postfix-Mailserver einliefern können, müssen wir für diese noch Änderungen am Paketfilter **firewalld** vornehmen.
+   # firewall-cmd --permanent --zone=public --add-port=25/tcp
+   success
+   # firewall-cmd --permanent --zone=public --add-port=587/tcp
+   success
+Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
+   # firewall-cmd --reload
+   success
+Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
+   # iptables -nvL IN_public_allow
+<code>Chain IN_public_allow (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 ctstate NEW
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 ctstate NEW
+</code>
+===== Systemstart =====
+==== erster manueller Start ====
+   # systemctl start postfix.service
+Im Maillog wird der Start unseres Postfix-Servers entsprechend vermerkt.
+   # less /var/log/maillog
+<code>Oct 10 22:41:25 vml000087.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
+Oct 10 22:41:26 vml000087.dmz.nausch.org postfix/master[30590]: daemon started -- version 2.11.1, configuration /etc/postfix
+Oct 10 22:41:26 vml000087.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.
+</code>
+   # systemctl status postfix.service
+<code>postfix.service - Postfix Mail Transport Agent
+   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
+   Active: active (running) since Fri 2014-10-10 22:41:26 CEST; 1min 11s ago
+  Process: 30501 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
+  Process: 30517 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
+  Process: 30515 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
+  Process: 30513 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
+ Main PID: 30590 (master)
+   CGroup: /system.slice/postfix.service
+           ├─30590 /usr/libexec/postfix/master -w
+           ├─30591 pickup -l -t unix -u
+           └─30592 qmgr -l -t unix -u
+Oct 10 22:41:25 vml000087.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
+Oct 10 22:41:26 vml000087.dmz.nausch.org postfix/master[30590]: daemon started -- version 2.11.1, configuration /etc/postfix
+Oct 10 22:41:26 vml000087.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.
+</code>
+==== automatischer Start beim Systemstart ====
+Wollen wir den Daemon beim Hochfahren des Systems automatisch starten, greifen wir auf den Befehl **systemctl** zurück.
+   # systemctl enable postfix.service
+ Möchten wir uns vergewissern, ob der Daemon beim Systemstart gestartet wird oder nicht, erfahren wir ebenfalls mit dem Befehl **systemctl**.
+   # systemctl is-enabled postfix.service
+   enabled
+Startet der Server nicht automatisch, wird uns ein "**disabled**" zurückgemeldet.
+===== Systemtest =====
+Mit der minimalen Konfiguration unseres Postfix haben wir bereits einen lauffähigen **MTA**. Zum Testen  verwenden wir das programm **telnet**.
+Die Eingaben am testenden Client sind in der Farbe <html><font style="color: rgb(0, 0, 255)"><b>blau</b></font></html> und die Rückmeldungen unseres Dovecot-Servers in der Farbe <html><font style="color: rgb(66, 66, 66)"><b>hellgrau</b></font></html> gekennzeichnet. Die Ausgaben des Befehls **telnet** sind in der Farbe <html><font style="color: rgb(0, 0, 0)"><b>schwarz</b></font></html> eingefärbt.
+<html><pre class="code">
+<font style="color: rgb(0, 0, 255)">$ telnet ::1 25</font>
+<font style="color: rgb(0, 0, 0)">Trying ::1...
+Connected to ::1.
+Escape character is '^]'.</font>
+<font style="color: rgb(66, 66, 66)">220 vml000087.dmz.nausch.org ESMTP Postfix</font>
+<font style="color: rgb(0, 0, 255)">helo foo</font>
+<font style="color: rgb(66, 66, 66)">250 vml000087.dmz.nausch.org</font>
+<font style="color: rgb(0, 0, 255)">mail from:&lt;&gt;</font>
+<font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
+<font style="color: rgb(0, 0, 255)">rcpt to:&lt;django@vml000087.dmz.nausch.org>&gt;</font>
+<font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
+<font style="color: rgb(0, 0, 255)">DATA</font>
+<font style="color: rgb(66, 66, 66)">354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF></font>
+<font style="color: rgb(0, 0, 255)">From: michael@nausch.org
+To: django@vml000087.dmz.nausch.org
+Subject: erste testmail
+Date: heute
+test
+.</font>
+<font style="color: rgb(66, 66, 66)">250 2.0.0 Ok: queued as 5F251C00088</font>
+<font style="color: rgb(0, 0, 255)">quit</font>
+<font style="color: rgb(66, 66, 66)">221 2.0.0 Bye</font>
+<font style="color: rgb(0, 0, 0)">Connection closed by foreign host.</font>
+</pre></html>
+Die Message-ID **5F251C00088** finden wir dann auch im Maillog wieder.
+   # tail -n7 /var/log/maillog
+   Oct 13 22:15:55 vml000087 postfix/smtpd[4304]: connect from localhost[::1]
+   Oct 13 22:16:34 vml000087 postfix/smtpd[4304]: 5F251C00088: client=localhost[::1]
+   Oct 13 22:17:13 vml000087 postfix/cleanup[4308]: 5F251C00088: message-id=<20141013201634.5F251C00088@vml000087.dmz.nausch.org>
+   Oct 13 22:17:13 vml000087 postfix/qmgr[2202]: 5F251C00088: from=<>, size=364, nrcpt=1 (queue active)
+   Oct 13 22:17:13 vml000087 postfix/local[4309]: 5F251C00088: to=<django@vml000087.dmz.nausch.org>, relay=local, delay=63, delays=63/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
+   Oct 13 22:17:13 vml000087 postfix/qmgr[2202]: 5F251C00088: removed
+   Oct 13 22:17:16 vml000087 postfix/smtpd[4304]: disconnect from localhost[::1]
+Auf unserem Festplatten wurde die eMail auch entsprechend abgespeichert.
+<code>/var/spool/mail/
+├── django
+└── root
+</code>
+   # cat /var/spool/mail/django
+<code>From MAILER-DAEMON  Mon Oct 13 22:17:13 2014
+Return-Path: <>
+X-Original-To: django@vml000087.dmz.nausch.org
+Delivered-To: django@vml000087.dmz.nausch.org
+Received: from foo (localhost [IPv6:::1])
+        by vml000087.dmz.nausch.org (Postfix) with SMTP id 5F251C00088
+        for <django@vml000087.dmz.nausch.org>; Mon, 13 Oct 2014 22:16:10 +0200 (CEST)
+From: michael@nausch.org
+To: django@vml000087.dmz.nausch.org
+Subject: erste testmail
+Date: heute
+Message-Id: <20141013201634.5F251C00088@vml000087.dmz.nausch.org>
+test
+</code>
+====== Links ======
+  * **⇐ [[centos:mail_c7:mta_1|Zurück zum Kapitel "Postfix, der sichere Mailserver (MTA) unter CentOS 7.x"]]**
+  * **⇒ [[centos:mail_c7:mta_3|Weiter zum Kapitel "DNS Einstellungen rund um Mailserver"]]**
+  * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]**
+  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**