Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

@@ Zeile 1: / Zeile 1: @@
+====== Installation und Konfigurationsdateien von Postfix 3 unter CentOS 7.x ======
+{{:centos:mailserver:postfix:postfixlogo.gif |Bild: Postfix-Logo}} \\
+Nachdem wir uns einen **[[centos:mail_c7:mta_1|grundlegenden Überblick]]** über Postfix verschafft haben, werden wir uns nun eingehend mit der Installation und Grundkonfiguration unseres **//Postfix 3//-MTA**((**M**ail **T**ransfer **A**gent)) beschäftigen.
+Die Neuerungen und größten Änderungen zu der bisherigen Version 2.x finden sich in der von //[[http://www.porcupine.org/wietse/|Wietse Venema]]// **[[http://www.postfix.org/announcements/postfix-3.0.0.html|bereitgestellten Dokument]]**.
+\\ \\
+Die wichtigsten Änderungen (in keiner bestimmten Reihenfolge) sind:
+  * SMTPUTF8-Unterstützung für internationalisierte Domainnamen und Adresslokalteile gemäß RFC 6530 und verwandten Dokumenten. Die Implementierung basiert auf dem von Arnt Gulbrandsen eingebrachten und von CNNIC gesponserten Code. Der SMTPUTF8-Support ist in Arbeit; er wird voraussichtlich während des Entwicklungszyklus von Postfix 3.1 abgeschlossen sein. Eine Zusammenfassung der Einschränkungen findet sich SMTPUTF8_README.
+  * Unterstützung für Postfix dynamisch verknüpfte Bibliotheken und Datenbank-Plugins. Die Implementierung basiert auf Code von LaMont Jones für Debian Linux.
+  * Ein OPT-IN Sicherheitsnetz zur selektiven Übernahme neuer Postfix-Standardeinstellungen. Wird nichts besonderes konfiguriert, bleiben die alten Postfix-Standardeinstellungen in Kraft.
+  * Unterstützung für Operationen auf mehreren Lookup-Tabellen. Der Datenbanktyp pipemap:{map1,map2...} implementiert eine Pipeline von Nachschlagetabellen, bei der das Ergebnis einer Nachschlagetabelle zu einer Abfrage für die nächste Tabelle wird; der Datenbanktyp unionmap:{map1,map2,...} sendet dieselbe Abfrage an mehrere Nachschlagetabellen und verknüpft deren Ergebnisse.
+  * Unterstützung von Pseudotabellen, die einfache Dinge einfach zu implementieren machen. Die inline:{key1=value1,key2=value2,...} Tabelle vermeidet die Notwendigkeit, eine externe Datei für nur wenige Elemente zu erstellen; und die randmap{value1,value2,...} Tabelle implementiert eine Zufallsauswahl aus den angegebenen Werten.
+  * Tabellengesteuerte Transformation von DNS-Lookup-Ergebnissen sowie von Statuscodes und Nachrichten von Zustellern. Typischerweise würde man eine PCRE-Tabelle verwenden, um problematische DNS-Antworten zu beheben oder die Behandlung von Lieferfehlern zu beheben. Siehe smtp_dns_reply_filter, smtp_delivery_status_filter und ähnlich benannte Parameter für andere Postfix-Dämonen.
+  * Verbesserte Konfigurationsdateisyntax mit Unterstützung für den ternären Operator wie ${name?{iftrue}:{iffalse}}, Vergleichsoperatoren wie ${{expr1}===${expr2}?{iftrue}:{iffalse}}}, pro-Milter- und pro-Policy-Server-Timeout und andere Einstellungen, master.cf-Parameter, die Whitespace enthalten, Import-/Export_Umgebungseinstellungen, die Whitespace enthalten, und "statische" Tabellensuchergebnisse, die Whitespace enthalten.
+  * Befehlsprofile pro Sitzung, die am Ende jeder eingehenden SMTP-Sitzung protokolliert werden. So wird beispielsweise ein Bot zum Raten von Passwörtern als "disconnect from name[addr] ehlo=1 auth=0/1 commands=1/2" protokolliert, was bedeutet, dass der Client einen funktionierenden EHLO-Befehl, einen fehlgeschlagenen AUTH-Befehl und ein Auflegen ohne QUIT-Befehl gesendet hat.
+===== Installation =====
+Seit CentOS 6.0 wird als **MTA** Postfix installiert - aktuell ist dies der 2.10er Release. Im vorliegenden Konfigurationsbeispiel wollen wir uns aber im Detail mit der __aktuellen__ Version **V3** beschäftigen. Als Installationsquelle nutzen wie hierzu das [[centos:nausch.org|Repository nausch.org]].
+==== Repository nausch.org ====
+Damit nun bei der Installation und den späteren Updates nicht mehr den von CentOS 7 bereoitgestellen Postfix in der Version 2.10 sondern die aktuellere Version 3.x aus dem Repository nausch.org verwendet wird, passen wir die zugehörigen Konfigurationsdateien an. Als erstes exkludieren wir dei Postfix-Pakete aus dem CenbtOS-Base-Repository. Hierzu tragen wir die Option ''**exclude=postfix* **'' in der Datei //**/etc/yum.repos.d/CentOS-Base.repo**// nach.
+   # vim /etc/yum.repos.d/CentOS-Base.repo
+<file bash /etc/yum.repos.d/CentOS-Base.repo># CentOS-LOCAL.repo
+#
+# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the
+# remarked out baseurl= line instead.
+#
+# Version für den Zugriff auf das lokale Centos-Repository
+[base-LC]
+name=CentOS-7 - Base
+baseurl=http://repository.nausch.org/centos/$releasever/os/$basearch/
+priority=1
+exclude=postfix*
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#released updates
+[updates-LC]
+name=CentOS-7 - Updates
+baseurl=http://repository.nausch.org/centos/$releasever/updates/$basearch/
+priority=1
+exclude=postfix*
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#additional packages that may be useful
+[extras-LC]
+name=CentOS-7 - Extras
+baseurl=http://repository.nausch.org/centos/$releasever/extras/$basearch/
+priority=1
+gpgcheck=1
+enabled = 1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+#additional packages that extend functionality of existing packages
+[centosplus-LC]
+name=CentOS-7 - Plus
+baseurl=http://repository.nausch.org/centos/$releasever/centosplus/$basearch/
+priority=2
+exclude=postfix*
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+</file>
+Als nächstes konfigurieren wir dann die Verwendung des Postfix 3.x-Relase aus dem Zweig **testing** des verwendeten Repositories **nausch.org**. Dazu passen wir die zugehörige Konfigurationsdatei wie folgt an:
+   # vim /etc/yum.repos.d/nausch.org.repo
+<file bash /etc/yum.repos.d/nausch.org.repo>[nausch.org-os]
+name=Extra (Mailserver-)Packages for Enterprise Linux 7 -
+baseurl=http://repo.nausch.org/7/os/$basearch
+priority=5
+enabled=1
+# Django : 2019-01-26
+# Postfix 3.x - Installation
+exclude=postfix*
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/MAILSERVER.GURU-RPM-GPG-KEY-CentOS-7
+[nausch.org-testing]
+name=Testing (Mailserver-)Packages for Enterprise Linux 7 -
+baseurl=http://repo.nausch.org/7/testing/$basearch/
+priority=5
+# Django : 2019-01-26
+# Postfix 3.x - Installation
+# default: enabled=0
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/MAILSERVER.GURU-RPM-GPG-KEY-CentOS-7</file>
+==== Postfix 3.x ====
+Nun können wir den aktuellen Release von Postfix 3.x wie gewohnt mit Hilfe von **yum** einfach installieren.
+   # yum install postfix -y
+Was uns das RPM-Paket alles mitgebracht hat, erkunden wir bei Bedarf mit Hilfe des Befehls **rpm -qil**.
+   # rpm -qil postfix
+<code>Name        : postfix
+Epoch       : 2
+Version     : 3.3.2
+Release     : 1.el7
+Architecture: x86_64
+Install Date: Sat 26 Jan 2019 07:04:46 PM CET
+Group       : System Environment/Daemons
+Size        : 4217445
+License     : IBM
+Signature   : RSA/SHA1, Thu 17 Jan 2019 05:10:10 PM CET, Key ID 60ecfb9e8195aea0
+Source RPM  : postfix-3.3.2-1.el7.src.rpm
+Build Date  : Thu 17 Jan 2019 05:09:51 PM CET
+Build Host  : vml000137.dmz.nausch.org
+Relocations : (not relocatable)
+Packager    : Django <django@nausch.org>
+URL         : http://www.postfix.org
+Summary     : Postfix Mail Transport Agent
+Description :
+Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
+TLS
+/etc/pam.d/smtp
+/etc/pam.d/smtp.postfix
+/etc/postfix
+/etc/postfix/access
+/etc/postfix/canonical
+/etc/postfix/dynamicmaps.cf
+/etc/postfix/dynamicmaps.cf.d
+/etc/postfix/generic
+/etc/postfix/header_checks
+/etc/postfix/main.cf
+/etc/postfix/main.cf.proto
+/etc/postfix/master.cf
+/etc/postfix/master.cf.proto
+/etc/postfix/postfix-files
+/etc/postfix/relocated
+/etc/postfix/transport
+/etc/postfix/virtual
+/etc/sasl2/smtpd.conf
+/usr/bin/mailq
+/usr/bin/mailq.postfix
+/usr/bin/newaliases
+/usr/bin/newaliases.postfix
+/usr/bin/rmail
+/usr/bin/rmail.postfix
+/usr/lib/postfix/libpostfix-dns.so
+/usr/lib/postfix/libpostfix-global.so
+/usr/lib/postfix/libpostfix-master.so
+/usr/lib/postfix/libpostfix-tls.so
+/usr/lib/postfix/libpostfix-util.so
+/usr/lib/sendmail
+/usr/lib/sendmail.postfix
+/usr/lib/systemd/system/postfix.service
+/usr/libexec/postfix
+/usr/libexec/postfix/aliasesdb
+/usr/libexec/postfix/anvil
+/usr/libexec/postfix/bounce
+/usr/libexec/postfix/chroot-update
+/usr/libexec/postfix/cleanup
+/usr/libexec/postfix/discard
+/usr/libexec/postfix/dnsblog
+/usr/libexec/postfix/error
+/usr/libexec/postfix/flush
+/usr/libexec/postfix/lmtp
+/usr/libexec/postfix/local
+/usr/libexec/postfix/master
+/usr/libexec/postfix/nqmgr
+/usr/libexec/postfix/oqmgr
+/usr/libexec/postfix/pickup
+/usr/libexec/postfix/pipe
+/usr/libexec/postfix/post-install
+/usr/libexec/postfix/postfix-script
+/usr/libexec/postfix/postfix-tls-script
+/usr/libexec/postfix/postfix-wrapper
+/usr/libexec/postfix/postmulti-script
+/usr/libexec/postfix/postscreen
+/usr/libexec/postfix/proxymap
+/usr/libexec/postfix/qmgr
+/usr/libexec/postfix/qmqpd
+/usr/libexec/postfix/scache
+/usr/libexec/postfix/showq
+/usr/libexec/postfix/smtp
+/usr/libexec/postfix/smtpd
+/usr/libexec/postfix/spawn
+/usr/libexec/postfix/tlsmgr
+/usr/libexec/postfix/tlsproxy
+/usr/libexec/postfix/trivial-rewrite
+/usr/libexec/postfix/verify
+/usr/libexec/postfix/virtual
+/usr/sbin/postalias
+/usr/sbin/postcat
+/usr/sbin/postconf
+/usr/sbin/postdrop
+/usr/sbin/postfix
+/usr/sbin/postkick
+/usr/sbin/postlock
+/usr/sbin/postlog
+/usr/sbin/postmap
+/usr/sbin/postmulti
+/usr/sbin/postqueue
+/usr/sbin/postsuper
+/usr/sbin/sendmail
+/usr/sbin/sendmail.postfix
+/usr/sbin/smtp-sink
+/usr/sbin/smtp-source
+/usr/share/doc/postfix-3.3.2
+/usr/share/doc/postfix-3.3.2/COMPATIBILITY
+/usr/share/doc/postfix-3.3.2/LICENSE
+/usr/share/doc/postfix-3.3.2/README-Postfix-SASL-RedHat.txt
+/usr/share/doc/postfix-3.3.2/README_FILES
+/usr/share/doc/postfix-3.3.2/README_FILES/AAAREADME
+/usr/share/doc/postfix-3.3.2/README_FILES/ADDRESS_CLASS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/ADDRESS_REWRITING_README
+/usr/share/doc/postfix-3.3.2/README_FILES/ADDRESS_VERIFICATION_README
+/usr/share/doc/postfix-3.3.2/README_FILES/BACKSCATTER_README
+/usr/share/doc/postfix-3.3.2/README_FILES/BASIC_CONFIGURATION_README
+/usr/share/doc/postfix-3.3.2/README_FILES/BUILTIN_FILTER_README
+/usr/share/doc/postfix-3.3.2/README_FILES/COMPATIBILITY_README
+/usr/share/doc/postfix-3.3.2/README_FILES/CONNECTION_CACHE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/CONTENT_INSPECTION_README
+/usr/share/doc/postfix-3.3.2/README_FILES/DATABASE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/DB_README
+/usr/share/doc/postfix-3.3.2/README_FILES/DEBUG_README
+/usr/share/doc/postfix-3.3.2/README_FILES/DSN_README
+/usr/share/doc/postfix-3.3.2/README_FILES/ETRN_README
+/usr/share/doc/postfix-3.3.2/README_FILES/FILTER_README
+/usr/share/doc/postfix-3.3.2/README_FILES/FORWARD_SECRECY_README
+/usr/share/doc/postfix-3.3.2/README_FILES/INSTALL
+/usr/share/doc/postfix-3.3.2/README_FILES/IPV6_README
+/usr/share/doc/postfix-3.3.2/README_FILES/LINUX_README
+/usr/share/doc/postfix-3.3.2/README_FILES/LOCAL_RECIPIENT_README
+/usr/share/doc/postfix-3.3.2/README_FILES/MAILDROP_README
+/usr/share/doc/postfix-3.3.2/README_FILES/MEMCACHE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/MILTER_README
+/usr/share/doc/postfix-3.3.2/README_FILES/MULTI_INSTANCE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/NFS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/OVERVIEW
+/usr/share/doc/postfix-3.3.2/README_FILES/PACKAGE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/POSTSCREEN_README
+/usr/share/doc/postfix-3.3.2/README_FILES/QSHAPE_README
+/usr/share/doc/postfix-3.3.2/README_FILES/RELEASE_NOTES
+/usr/share/doc/postfix-3.3.2/README_FILES/RESTRICTION_CLASS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SASL_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SCHEDULER_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SMTPD_ACCESS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SMTPD_POLICY_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SMTPD_PROXY_README
+/usr/share/doc/postfix-3.3.2/README_FILES/SOHO_README
+/usr/share/doc/postfix-3.3.2/README_FILES/STANDARD_CONFIGURATION_README
+/usr/share/doc/postfix-3.3.2/README_FILES/STRESS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/TLS_LEGACY_README
+/usr/share/doc/postfix-3.3.2/README_FILES/TLS_README
+/usr/share/doc/postfix-3.3.2/README_FILES/TUNING_README
+/usr/share/doc/postfix-3.3.2/README_FILES/ULTRIX_README
+/usr/share/doc/postfix-3.3.2/README_FILES/UUCP_README
+/usr/share/doc/postfix-3.3.2/README_FILES/VERP_README
+/usr/share/doc/postfix-3.3.2/README_FILES/VIRTUAL_README
+/usr/share/doc/postfix-3.3.2/README_FILES/XCLIENT_README
+/usr/share/doc/postfix-3.3.2/README_FILES/XFORWARD_README
+/usr/share/doc/postfix-3.3.2/TLS_ACKNOWLEDGEMENTS
+/usr/share/doc/postfix-3.3.2/TLS_LICENSE
+/usr/share/doc/postfix-3.3.2/bounce.cf.default
+/usr/share/doc/postfix-3.3.2/examples
+/usr/share/doc/postfix-3.3.2/examples/chroot-setup
+/usr/share/doc/postfix-3.3.2/examples/chroot-setup/LINUX2
+/usr/share/doc/postfix-3.3.2/examples/qmail-local
+/usr/share/doc/postfix-3.3.2/examples/qmail-local/qmail-local.txt
+/usr/share/doc/postfix-3.3.2/examples/smtpd-policy
+/usr/share/doc/postfix-3.3.2/examples/smtpd-policy/README.SPF
+/usr/share/doc/postfix-3.3.2/examples/smtpd-policy/greylist.pl
+/usr/share/doc/postfix-3.3.2/main.cf.default
+/usr/share/man/man1/mailq.1.gz
+/usr/share/man/man1/mailq.postfix.1.gz
+/usr/share/man/man1/newaliases.1.gz
+/usr/share/man/man1/newaliases.postfix.1.gz
+/usr/share/man/man1/postalias.1.gz
+/usr/share/man/man1/postcat.1.gz
+/usr/share/man/man1/postconf.1.gz
+/usr/share/man/man1/postdrop.1.gz
+/usr/share/man/man1/postfix-tls.1.gz
+/usr/share/man/man1/postfix.1.gz
+/usr/share/man/man1/postkick.1.gz
+/usr/share/man/man1/postlock.1.gz
+/usr/share/man/man1/postlog.1.gz
+/usr/share/man/man1/postmap.1.gz
+/usr/share/man/man1/postmulti.1.gz
+/usr/share/man/man1/postqueue.1.gz
+/usr/share/man/man1/postsuper.1.gz
+/usr/share/man/man1/sendmail.postfix.1.gz
+/usr/share/man/man1/smtp-sink.1.gz
+/usr/share/man/man1/smtp-source.1.gz
+/usr/share/man/man5/access.5.gz
+/usr/share/man/man5/aliases.5.gz
+/usr/share/man/man5/aliases.postfix.5.gz
+/usr/share/man/man5/body_checks.5.gz
+/usr/share/man/man5/bounce.5.gz
+/usr/share/man/man5/canonical.5.gz
+/usr/share/man/man5/cidr_table.5.gz
+/usr/share/man/man5/generic.5.gz
+/usr/share/man/man5/header_checks.5.gz
+/usr/share/man/man5/master.5.gz
+/usr/share/man/man5/memcache_table.5.gz
+/usr/share/man/man5/nisplus_table.5.gz
+/usr/share/man/man5/postconf.5.gz
+/usr/share/man/man5/postfix-wrapper.5.gz
+/usr/share/man/man5/regexp_table.5.gz
+/usr/share/man/man5/relocated.5.gz
+/usr/share/man/man5/socketmap_table.5.gz
+/usr/share/man/man5/tcp_table.5.gz
+/usr/share/man/man5/transport.5.gz
+/usr/share/man/man5/virtual.5.gz
+/usr/share/man/man8/anvil.8.gz
+/usr/share/man/man8/bounce.8.gz
+/usr/share/man/man8/cleanup.8.gz
+/usr/share/man/man8/defer.8.gz
+/usr/share/man/man8/discard.8.gz
+/usr/share/man/man8/dnsblog.8.gz
+/usr/share/man/man8/error.8.gz
+/usr/share/man/man8/flush.8.gz
+/usr/share/man/man8/lmtp.8.gz
+/usr/share/man/man8/local.8.gz
+/usr/share/man/man8/master.8.gz
+/usr/share/man/man8/oqmgr.8.gz
+/usr/share/man/man8/pickup.8.gz
+/usr/share/man/man8/pipe.8.gz
+/usr/share/man/man8/postscreen.8.gz
+/usr/share/man/man8/proxymap.8.gz
+/usr/share/man/man8/qmgr.8.gz
+/usr/share/man/man8/qmqpd.8.gz
+/usr/share/man/man8/scache.8.gz
+/usr/share/man/man8/sendmail.8.gz
+/usr/share/man/man8/showq.8.gz
+/usr/share/man/man8/smtp.8.gz
+/usr/share/man/man8/smtpd.8.gz
+/usr/share/man/man8/spawn.8.gz
+/usr/share/man/man8/tlsmgr.8.gz
+/usr/share/man/man8/tlsproxy.8.gz
+/usr/share/man/man8/trace.8.gz
+/usr/share/man/man8/trivial-rewrite.8.gz
+/usr/share/man/man8/verify.8.gz
+/usr/share/man/man8/virtual.8.gz
+/var/lib/misc/postfix.aliasesdb-stamp
+/var/lib/postfix
+/var/spool/postfix
+/var/spool/postfix/active
+/var/spool/postfix/bounce
+/var/spool/postfix/corrupt
+/var/spool/postfix/defer
+/var/spool/postfix/deferred
+/var/spool/postfix/flush
+/var/spool/postfix/hold
+/var/spool/postfix/incoming
+/var/spool/postfix/maildrop
+/var/spool/postfix/pid
+/var/spool/postfix/private
+/var/spool/postfix/public
+/var/spool/postfix/saved
+/var/spool/postfix/trace
+</code>
+===== Dokumentation =====
+Die Dokumentation zu unserem **MTA** finden wir wie gewohnt an Ort und Stelle im Verzeichnis //**/usr/share/doc/postfix-3.3.2**// bzw. in den jeweils zugehörigen man-pages.
+<code>/usr/share/doc/postfix-3.3.2
+├── bounce.cf.default
+├── COMPATIBILITY
+├── examples
+│   ├── chroot-setup
+│   │   └── LINUX2
+│   ├── qmail-local
+│   │   └── qmail-local.txt
+│   └── smtpd-policy
+│       ├── greylist.pl
+│       └── README.SPF
+├── LICENSE
+├── main.cf.default
+├── README_FILES
+│   ├── AAAREADME
+│   ├── ADDRESS_CLASS_README
+│   ├── ADDRESS_REWRITING_README
+│   ├── ADDRESS_VERIFICATION_README
+│   ├── BACKSCATTER_README
+│   ├── BASIC_CONFIGURATION_README
+│   ├── BUILTIN_FILTER_README
+│   ├── COMPATIBILITY_README
+│   ├── CONNECTION_CACHE_README
+│   ├── CONTENT_INSPECTION_README
+│   ├── DATABASE_README
+│   ├── DB_README
+│   ├── DEBUG_README
+│   ├── DSN_README
+│   ├── ETRN_README
+│   ├── FILTER_README
+│   ├── FORWARD_SECRECY_README
+│   ├── INSTALL
+│   ├── IPV6_README
+│   ├── LINUX_README
+│   ├── LOCAL_RECIPIENT_README
+│   ├── MAILDROP_README
+│   ├── MEMCACHE_README
+│   ├── MILTER_README
+│   ├── MULTI_INSTANCE_README
+│   ├── NFS_README
+│   ├── OVERVIEW
+│   ├── PACKAGE_README
+│   ├── POSTSCREEN_README
+│   ├── QSHAPE_README
+│   ├── RELEASE_NOTES
+│   ├── RESTRICTION_CLASS_README
+│   ├── SASL_README
+│   ├── SCHEDULER_README
+│   ├── SMTPD_ACCESS_README
+│   ├── SMTPD_POLICY_README
+│   ├── SMTPD_PROXY_README
+│   ├── SOHO_README
+│   ├── STANDARD_CONFIGURATION_README
+│   ├── STRESS_README
+│   ├── TLS_LEGACY_README
+│   ├── TLS_README
+│   ├── TUNING_README
+│   ├── ULTRIX_README
+│   ├── UUCP_README
+│   ├── VERP_README
+│   ├── VIRTUAL_README
+│   ├── XCLIENT_README
+│   └── XFORWARD_README
+├── README-Postfix-SASL-RedHat.txt
+├── TLS_ACKNOWLEDGEMENTS
+└── TLS_LICENSE
+</code>
+Wir tun also gutes daran uns diese Dokumente einzuverleiben bzw. bei Interesse heranzuziehen.
+===== Konfigurationsdateien =====
+Der Großteil der Konfiguration von Postfix erfolgt über die beiden Hauptkonfigurationsdateien **/etc/postfix/main.cf** und **/etc/postfix/master.cf**. Im Konfigurationsverzeichnis //**/etc/postfix/**// finden sich noch weitere Dateien die eine entscheidende Rolle spielen.
+<code>/etc/postfix/
+├── access
+├── canonical
+├── dynamicmaps.cf
+├── dynamicmaps.cf.d
+├── generic
+├── header_checks
+├── main.cf
+├── main.cf.proto
+├── master.cf
+├── master.cf.proto
+├── postfix-files
+├── relocated
+├── transport
+└── virtual
+</code>
+==== master.cf ====
+Als erstes sehen wir uns die Hauptkonfigurationsdatei **/etc/postfix/master.cf** etwas genauer an.
+Die Steuerung der in der **[[centos:mail_c7:mta_1?&#daemone_queues_und_dienste|Übersichtskizze von Postfix]]** dargestellten Daemon und Module erfolgt mit Hilfe des **master**-Daemon und seiner Konfigurationsdatei **master.cf**, welches den Postfix-Main-Prozess definiert.
+Dieser Master-Prozess steuert und überwacht zum einen die einzelnen Postfix-Module, definiert wie viele Instanzen den einzelnen Modulen zugewiesen werden sollen. Zum anderen werden durch den Master-Prozess in regelmäßigen Abständen die Module zum Verwalten und Steuern der Queues gestartet.
+<WRAP center round info>
+Zur besseren Erklärung wurden die einzelnen Dienste und Befehle in der nachfolgenden Konfigurationsdatei mit **Links** zu den zugehörigen erklärenden Abschnitte der Wikiseite **[[centos:mail_c7:mta_1#daemone_queues_und_dienste|Postfix, der sichere Mailserver (MTA) unter CentOS 7.x]]** versehen!
+</WRAP>
+   # vim /etc/postfix/master.cf
+<file bash /etc/postfix/master.cf>#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+smtp      inet  n       -       n       -       -       smtpd
+#smtp      inet  n       -       n       -       1       postscreen
+#smtpd     pass  -       -       n       -       -       smtpd
+#dnsblog   unix  -       -       n       -       0       dnsblog
+#tlsproxy  unix  -       -       n       -       0       tlsproxy
+#submission inet n       -       n       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#smtps     inet  n       -       n       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       n       -       -       qmqpd
+pickup    unix  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+#maildrop  unix  -       n       n       -       -       pipe
+#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+#
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+#uucp      unix  -       n       n       -       -       pipe
+#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# ====================================================================
+#
+# Other external delivery methods.
+#
+#ifmail    unix  -       n       n       -       -       pipe
+#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+#
+#bsmtp     unix  -       n       n       -       -       pipe
+#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+#
+#scalemail-backend unix -       n       n       -       2       pipe
+#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
+#  ${nexthop} ${user} ${extension}
+#
+#mailman   unix  -       n       n       -       -       pipe
+#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+#  ${nexthop} ${user}</file>
+==== main.cf ====
+Die eigentliche Konfiguration unseres Postfix MTAs erfolgt mit Hilfe der Hauptkonfigurationsdatei **main.cf**. Diese Konfigurationsdatei ist durch die vielen sehr guten Dokumentationshinweise doch sehr angewachsen, aber im Grunde beschränkt sich diese auf ein paar wenige "aktive" Zeilen.
+In der Standardkonfiguration sind alle wichtigen Parameter bereits mit einem Default-Wert vorbelegt.
+So hat //Postfix **2.10**// __**816**__ Defaultparameter.
+   # postconf -d | grep mail_version
+   mail_version = 2.10.1
+   milter_macro_v = $mail_name $mail_version
+   # postconf -d | wc -l
+//Postfix **2.11**// bringt uns __**832**__ Defaultparameter mit.
+   # postconf -d | grep mail_version
+   mail_version = 2.11.6
+   milter_macro_v = $mail_name $mail_version
+   # postconf -d | wc -l
+Bei der neuen aktuellen Version **//3.x//** von Postfix erhöhte sich bedingt durch die zusätzlichen Features abermals die Anzahl der Defaultparameter auf __**885**__.
+   # postconf -d | grep mail_version
+   mail_version = 3.3.2
+   milter_macro_v = $mail_name $mail_version
+   # postconf -d | wc -l
+Werfen wir einfach einen Blick in diese Hauptkonfigurationmsdatei //**/etc/postfix/main.cf**//.
+   # less /etc/postfix/main.cf
+<file bash /etc/postfix/main.cf># Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 2
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing.  When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+queue_directory = /var/spool/postfix
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/libexec/postfix
+# The data_directory parameter specifies the location of Postfix-writable
+# data files (caches, random numbers). This directory must be owned
+# by the mail_owner account (see below).
+#
+data_directory = /var/lib/postfix
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes.  Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+mail_owner = postfix
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+# INTERNET HOST AND DOMAIN NAMES
+#
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+# SENDING MAIL
+#
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites.  If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+#myorigin = $myhostname
+#myorigin = $mydomain
+# RECEIVING MAIL
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on.  By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+#inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+inet_interfaces = localhost
+# Enable IPv4, and IPv6 if supported
+#inet_protocols = ipv4
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain + localhost.  On
+# a mail domain gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+#   For example, you define $mydestination domain recipients in
+#   the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+#   feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+#
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+# TRUST AND RELAY CONTROL
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
+#
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+#
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to.  See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+#   subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+#
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+#
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace.  Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+# INTERNET OR INTRANET
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+#
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+#
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+#
+# Specify 0 to disable the feature. Valid delays are 0..10.
+#
+#in_flow_delay = 1s
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+#
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi".  This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception:  delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /some/where/procmail
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+# Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
+# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
+# server using LMTP (Local Mail Transport Protocol), this is prefered
+# over the older cyrus deliver program by setting the
+# mailbox_transport as below:
+#
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
+# these settings.
+#
+# local_destination_recipient_limit = 300
+# local_destination_concurrency_limit = 5
+#
+# Of course you should adjust these settings as appropriate for the
+# capacity of the hardware you are using. The recipient limit setting
+# can be used to take advantage of the single instance message store
+# capability of Cyrus. The concurrency limit can be used to control
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
+# message store.
+#
+# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
+# subsequent line in master.cf.
+#mailbox_transport = cyrus
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#fallback_transport =
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients.  By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+# JUNK MAIL CONTROLS
+#
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+#
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+#
+#fast_flush_domains = $relay_domains
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+#
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+debug_peer_level = 2
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	>$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen session, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	-dmS $process_name gdb $daemon_directory/$process_name
+#	$process_id & sleep 1
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+#
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+#
+sendmail_path = /usr/sbin/sendmail.postfix
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases.postfix
+# mailq_path: The full pathname of the Postfix mailq command.  This
+# is the Sendmail-compatible mail queue listing command.
+#
+mailq_path = /usr/bin/mailq.postfix
+# setgid_group: The group for mail submission and queue management
+# commands.  This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group = postdrop
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory = no
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory = /usr/share/man
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory = /usr/share/doc/postfix-3.3.2/samples
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory = /usr/share/doc/postfix-3.3.2/README_FILES
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib/postfix</file>
+Mit Hilfe des Programms **postconf** können wir während des laufenden Betriebes einzelnen Parameter, abfragen und auch ändern. Wollen wir uns alle Definitionen ansehen, die von den Standardvorgaben abweichen, verwenden wir den folgenden Aufruf:
+  # postconf -n
+<code bash>alias_database = hash:/etc/aliases
+alias_maps = hash:/etc/aliases
+command_directory = /usr/sbin
+compatibility_level = 2
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+debug_peer_level = 2
+debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
+html_directory = no
+inet_interfaces = localhost
+mail_owner = postfix
+mailq_path = /usr/bin/mailq.postfix
+manpage_directory = /usr/share/man
+meta_directory = /etc/postfix
+mydestination = $myhostname, localhost.$mydomain, localhost
+newaliases_path = /usr/bin/newaliases.postfix
+queue_directory = /var/spool/postfix
+readme_directory = /usr/share/doc/postfix-3.3.2/README_FILES
+sample_directory = /usr/share/doc/postfix-3.3.2/samples
+sendmail_path = /usr/sbin/sendmail.postfix
+setgid_group = postdrop
+shlib_directory = /usr/lib/postfix
+unknown_local_recipient_reject_code = 550
+</code>
+Wollen wir uns alle Standard-Definitionen ansehen verwenden wir den folgenden Aufruf:
+   # postconf -d
+<code>2bounce_notice_recipient = postmaster
+access_map_defer_code = 450
+access_map_reject_code = 554
+address_verify_cache_cleanup_interval = 12h
+address_verify_default_transport = $default_transport
+address_verify_local_transport = $local_transport
+address_verify_map = btree:$data_directory/verify_cache
+address_verify_negative_cache = yes
+address_verify_negative_expire_time = 3d
+address_verify_negative_refresh_time = 3h
+address_verify_pending_request_limit = 5000
+address_verify_poll_count = ${stress?{1}:{3}}
+address_verify_poll_delay = 3s
+address_verify_positive_expire_time = 31d
+address_verify_positive_refresh_time = 7d
+address_verify_relay_transport = $relay_transport
+address_verify_relayhost = $relayhost
+address_verify_sender = $double_bounce_sender
+address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
+address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
+address_verify_sender_ttl = 0s
+address_verify_service_name = verify
+address_verify_transport_maps = $transport_maps
+address_verify_virtual_transport = $virtual_transport
+alias_database = hash:/etc/aliases
+alias_maps = hash:/etc/aliases, nis:mail.aliases
+allow_mail_to_commands = alias, forward
+allow_mail_to_files = alias, forward
+allow_min_user = no
+allow_percent_hack = yes
+allow_untrusted_routing = no
+alternate_config_directories =
+always_add_missing_headers = no
+always_bcc =
+anvil_rate_time_unit = 60s
+anvil_status_update_time = 600s
+append_at_myorigin = yes
+append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}}
+application_event_drain_time = 100s
+authorized_flush_users = static:anyone
+authorized_mailq_users = static:anyone
+authorized_submit_users = static:anyone
+backwards_bounce_logfile_compatibility = yes
+berkeley_db_create_buffer_size = 16777216
+berkeley_db_read_buffer_size = 131072
+best_mx_transport =
+biff = yes
+body_checks =
+body_checks_size_limit = 51200
+bounce_notice_recipient = postmaster
+bounce_queue_lifetime = 5d
+bounce_service_name = bounce
+bounce_size_limit = 50000
+bounce_template_file =
+broken_sasl_auth_clients = no
+canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
+canonical_maps =
+cleanup_service_name = cleanup
+command_directory = /usr/sbin
+command_execution_directory =
+command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+command_time_limit = 1000s
+compatibility_level = 0
+config_directory = /etc/postfix
+confirm_delay_cleared = no
+connection_cache_protocol_timeout = 5s
+connection_cache_service_name = scache
+connection_cache_status_update_time = 600s
+connection_cache_ttl_limit = 2s
+content_filter =
+cyrus_sasl_config_path =
+daemon_directory = /usr/libexec/postfix
+daemon_table_open_error_is_fatal = no
+daemon_timeout = 18000s
+data_directory = /var/lib/postfix
+debug_peer_level = 2
+debug_peer_list =
+debugger_command =
+default_database_type = hash
+default_delivery_slot_cost = 5
+default_delivery_slot_discount = 50
+default_delivery_slot_loan = 3
+default_delivery_status_filter =
+default_destination_concurrency_failed_cohort_limit = 1
+default_destination_concurrency_limit = 20
+default_destination_concurrency_negative_feedback = 1
+default_destination_concurrency_positive_feedback = 1
+default_destination_rate_delay = 0s
+default_destination_recipient_limit = 50
+default_extra_recipient_limit = 1000
+default_filter_nexthop =
+default_minimum_delivery_slots = 3
+default_privs = nobody
+default_process_limit = 100
+default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
+default_recipient_limit = 20000
+default_recipient_refill_delay = 5s
+default_recipient_refill_limit = 100
+default_transport = smtp
+default_transport_rate_delay = 0s
+default_verp_delimiters = +=
+defer_code = 450
+defer_service_name = defer
+defer_transports =
+delay_logging_resolution_limit = 2
+delay_notice_recipient = postmaster
+delay_warning_time = 0h
+deliver_lock_attempts = 20
+deliver_lock_delay = 1s
+destination_concurrency_feedback_debug = no
+detect_8bit_encoding_header = yes
+disable_dns_lookups = no
+disable_mime_input_processing = no
+disable_mime_output_conversion = no
+disable_verp_bounces = no
+disable_vrfy_command = no
+dns_ncache_ttl_fix_enable = no
+dnsblog_reply_delay = 0s
+dnsblog_service_name = dnsblog
+dont_remove = 0
+double_bounce_sender = double-bounce
+duplicate_filter_limit = 1000
+empty_address_default_transport_maps_lookup_key = <>
+empty_address_recipient = MAILER-DAEMON
+empty_address_relayhost_maps_lookup_key = <>
+enable_idna2003_compatibility = no
+enable_long_queue_ids = no
+enable_original_recipient = yes
+error_delivery_slot_cost = $default_delivery_slot_cost
+error_delivery_slot_discount = $default_delivery_slot_discount
+error_delivery_slot_loan = $default_delivery_slot_loan
+error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+error_destination_concurrency_limit = $default_destination_concurrency_limit
+error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+error_destination_rate_delay = $default_destination_rate_delay
+error_destination_recipient_limit = $default_destination_recipient_limit
+error_extra_recipient_limit = $default_extra_recipient_limit
+error_initial_destination_concurrency = $initial_destination_concurrency
+error_minimum_delivery_slots = $default_minimum_delivery_slots
+error_notice_recipient = postmaster
+error_recipient_limit = $default_recipient_limit
+error_recipient_refill_delay = $default_recipient_refill_delay
+error_recipient_refill_limit = $default_recipient_refill_limit
+error_service_name = error
+error_transport_rate_delay = $default_transport_rate_delay
+execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+expand_owner_alias = no
+export_environment = TZ MAIL_CONFIG LANG
+fallback_transport =
+fallback_transport_maps =
+fast_flush_domains = $relay_domains
+fast_flush_purge_time = 7d
+fast_flush_refresh_time = 12h
+fault_injection_code = 0
+flush_service_name = flush
+fork_attempts = 5
+fork_delay = 1s
+forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
+frozen_delivered_to = yes
+hash_queue_depth = 1
+hash_queue_names = deferred, defer
+header_address_token_limit = 10240
+header_checks =
+header_from_format = standard
+header_size_limit = 102400
+helpful_warnings = yes
+home_mailbox =
+hopcount_limit = 50
+html_directory = no
+ignore_mx_lookup_error = no
+import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
+in_flow_delay = 1s
+inet_interfaces = all
+inet_protocols = all
+initial_destination_concurrency = 5
+internal_mail_filter_classes =
+invalid_hostname_reject_code = 501
+ipc_idle = 5s
+ipc_timeout = 3600s
+ipc_ttl = 1000s
+line_length_limit = 2048
+lmdb_map_size = 16777216
+lmtp_address_preference = any
+lmtp_address_verify_target = rcpt
+lmtp_assume_final = no
+lmtp_balance_inet_protocols = yes
+lmtp_bind_address =
+lmtp_bind_address6 =
+lmtp_body_checks =
+lmtp_cname_overrides_servername = no
+lmtp_connect_timeout = 0s
+lmtp_connection_cache_destinations =
+lmtp_connection_cache_on_demand = yes
+lmtp_connection_cache_time_limit = 2s
+lmtp_connection_reuse_count_limit = 0
+lmtp_connection_reuse_time_limit = 300s
+lmtp_data_done_timeout = 600s
+lmtp_data_init_timeout = 120s
+lmtp_data_xfer_timeout = 180s
+lmtp_defer_if_no_mx_address_found = no
+lmtp_delivery_slot_cost = $default_delivery_slot_cost
+lmtp_delivery_slot_discount = $default_delivery_slot_discount
+lmtp_delivery_slot_loan = $default_delivery_slot_loan
+lmtp_delivery_status_filter = $default_delivery_status_filter
+lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
+lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+lmtp_destination_rate_delay = $default_destination_rate_delay
+lmtp_destination_recipient_limit = $default_destination_recipient_limit
+lmtp_discard_lhlo_keyword_address_maps =
+lmtp_discard_lhlo_keywords =
+lmtp_dns_reply_filter =
+lmtp_dns_resolver_options =
+lmtp_dns_support_level =
+lmtp_enforce_tls = no
+lmtp_extra_recipient_limit = $default_extra_recipient_limit
+lmtp_fallback_relay =
+lmtp_generic_maps =
+lmtp_header_checks =
+lmtp_host_lookup = dns
+lmtp_initial_destination_concurrency = $initial_destination_concurrency
+lmtp_lhlo_name = $myhostname
+lmtp_lhlo_timeout = 300s
+lmtp_line_length_limit = 998
+lmtp_mail_timeout = 300s
+lmtp_mime_header_checks =
+lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
+lmtp_mx_address_limit = 5
+lmtp_mx_session_limit = 2
+lmtp_nested_header_checks =
+lmtp_per_record_deadline = no
+lmtp_pix_workaround_delay_time = 10s
+lmtp_pix_workaround_maps =
+lmtp_pix_workaround_threshold_time = 500s
+lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
+lmtp_quit_timeout = 300s
+lmtp_quote_rfc821_envelope = yes
+lmtp_randomize_addresses = yes
+lmtp_rcpt_timeout = 300s
+lmtp_recipient_limit = $default_recipient_limit
+lmtp_recipient_refill_delay = $default_recipient_refill_delay
+lmtp_recipient_refill_limit = $default_recipient_refill_limit
+lmtp_reply_filter =
+lmtp_rset_timeout = 20s
+lmtp_sasl_auth_cache_name =
+lmtp_sasl_auth_cache_time = 90d
+lmtp_sasl_auth_enable = no
+lmtp_sasl_auth_soft_bounce = yes
+lmtp_sasl_mechanism_filter =
+lmtp_sasl_password_maps =
+lmtp_sasl_path =
+lmtp_sasl_security_options = noplaintext, noanonymous
+lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
+lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
+lmtp_sasl_type = cyrus
+lmtp_send_dummy_mail_auth = no
+lmtp_send_xforward_command = no
+lmtp_sender_dependent_authentication = no
+lmtp_skip_5xx_greeting = yes
+lmtp_skip_quit_response = no
+lmtp_starttls_timeout = 300s
+lmtp_tcp_port = 24
+lmtp_tls_CAfile =
+lmtp_tls_CApath =
+lmtp_tls_block_early_mail_reply = no
+lmtp_tls_cert_file =
+lmtp_tls_ciphers = medium
+lmtp_tls_dcert_file =
+lmtp_tls_dkey_file = $lmtp_tls_dcert_file
+lmtp_tls_eccert_file =
+lmtp_tls_eckey_file = $lmtp_tls_eccert_file
+lmtp_tls_enforce_peername = yes
+lmtp_tls_exclude_ciphers =
+lmtp_tls_fingerprint_cert_match =
+lmtp_tls_fingerprint_digest = md5
+lmtp_tls_force_insecure_host_tlsa_lookup = no
+lmtp_tls_key_file = $lmtp_tls_cert_file
+lmtp_tls_loglevel = 0
+lmtp_tls_mandatory_ciphers = medium
+lmtp_tls_mandatory_exclude_ciphers =
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+lmtp_tls_note_starttls_offer = no
+lmtp_tls_per_site =
+lmtp_tls_policy_maps =
+lmtp_tls_protocols = !SSLv2, !SSLv3
+lmtp_tls_scert_verifydepth = 9
+lmtp_tls_secure_cert_match = nexthop
+lmtp_tls_security_level =
+lmtp_tls_session_cache_database =
+lmtp_tls_session_cache_timeout = 3600s
+lmtp_tls_trust_anchor_file =
+lmtp_tls_verify_cert_match = hostname
+lmtp_tls_wrappermode = no
+lmtp_transport_rate_delay = $default_transport_rate_delay
+lmtp_use_tls = no
+lmtp_xforward_timeout = 300s
+local_command_shell =
+local_delivery_slot_cost = $default_delivery_slot_cost
+local_delivery_slot_discount = $default_delivery_slot_discount
+local_delivery_slot_loan = $default_delivery_slot_loan
+local_delivery_status_filter = $default_delivery_status_filter
+local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+local_destination_concurrency_limit = 2
+local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+local_destination_rate_delay = $default_destination_rate_delay
+local_destination_recipient_limit = 1
+local_extra_recipient_limit = $default_extra_recipient_limit
+local_header_rewrite_clients = permit_inet_interfaces
+local_initial_destination_concurrency = $initial_destination_concurrency
+local_minimum_delivery_slots = $default_minimum_delivery_slots
+local_recipient_limit = $default_recipient_limit
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+local_recipient_refill_delay = $default_recipient_refill_delay
+local_recipient_refill_limit = $default_recipient_refill_limit
+local_transport = local:$myhostname
+local_transport_rate_delay = $default_transport_rate_delay
+luser_relay =
+mail_name = Postfix
+mail_owner = postfix
+mail_release_date = 20181124
+mail_spool_directory = /var/mail
+mail_version = 3.3.2
+mailbox_command =
+mailbox_command_maps =
+mailbox_delivery_lock = fcntl, dotlock
+mailbox_size_limit = 51200000
+mailbox_transport =
+mailbox_transport_maps =
+mailq_path = /usr/bin/mailq
+manpage_directory = /usr/local/man
+maps_rbl_domains =
+maps_rbl_reject_code = 554
+masquerade_classes = envelope_sender, header_sender, header_recipient
+masquerade_domains =
+masquerade_exceptions =
+master_service_disable =
+max_idle = 100s
+max_use = 100
+maximal_backoff_time = 4000s
+maximal_queue_lifetime = 5d
+message_drop_headers = bcc, content-length, resent-bcc, return-path
+message_reject_characters =
+message_size_limit = 10240000
+message_strip_characters =
+meta_directory = /etc/postfix
+milter_command_timeout = 30s
+milter_connect_macros = j {daemon_name} {daemon_addr} v
+milter_connect_timeout = 30s
+milter_content_timeout = 300s
+milter_data_macros = i
+milter_default_action = tempfail
+milter_end_of_data_macros = i
+milter_end_of_header_macros = i
+milter_header_checks =
+milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
+milter_macro_daemon_name = $myhostname
+milter_macro_defaults =
+milter_macro_v = $mail_name $mail_version
+milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
+milter_protocol = 6
+milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
+milter_unknown_command_macros =
+mime_boundary_length_limit = 2048
+mime_header_checks = $header_checks
+mime_nesting_limit = 100
+minimal_backoff_time = 300s
+multi_instance_directories =
+multi_instance_enable = no
+multi_instance_group =
+multi_instance_name =
+multi_instance_wrapper =
+multi_recipient_bounce_reject_code = 550
+mydestination = $myhostname, localhost.$mydomain, localhost
+mydomain = dmz.nausch.org
+myhostname = vml000080.dmz.nausch.org
+mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64
+mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
+myorigin = $myhostname
+nested_header_checks = $header_checks
+newaliases_path = /usr/bin/newaliases
+non_fqdn_reject_code = 504
+non_smtpd_milters =
+notify_classes = resource, software
+openssl_path = openssl
+owner_request_special = yes
+parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
+permit_mx_backup_networks =
+pickup_service_name = pickup
+pipe_delivery_status_filter = $default_delivery_status_filter
+plaintext_reject_code = 450
+postmulti_control_commands = reload flush
+postmulti_start_commands = start
+postmulti_stop_commands = stop abort drain quick-stop
+postscreen_access_list = permit_mynetworks
+postscreen_bare_newline_action = ignore
+postscreen_bare_newline_enable = no
+postscreen_bare_newline_ttl = 30d
+postscreen_blacklist_action = ignore
+postscreen_cache_cleanup_interval = 12h
+postscreen_cache_map = btree:$data_directory/postscreen_cache
+postscreen_cache_retention_time = 7d
+postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
+postscreen_command_count_limit = 20
+postscreen_command_filter =
+postscreen_command_time_limit = ${stress?{10}:{300}}s
+postscreen_disable_vrfy_command = $disable_vrfy_command
+postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
+postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
+postscreen_dnsbl_action = ignore
+postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
+postscreen_dnsbl_min_ttl = 60s
+postscreen_dnsbl_reply_map =
+postscreen_dnsbl_sites =
+postscreen_dnsbl_threshold = 1
+postscreen_dnsbl_timeout = 10s
+postscreen_dnsbl_whitelist_threshold = 0
+postscreen_enforce_tls = $smtpd_enforce_tls
+postscreen_expansion_filter = $smtpd_expansion_filter
+postscreen_forbidden_commands = $smtpd_forbidden_commands
+postscreen_greet_action = ignore
+postscreen_greet_banner = $smtpd_banner
+postscreen_greet_ttl = 1d
+postscreen_greet_wait = ${stress?{2}:{6}}s
+postscreen_helo_required = $smtpd_helo_required
+postscreen_non_smtp_command_action = drop
+postscreen_non_smtp_command_enable = no
+postscreen_non_smtp_command_ttl = 30d
+postscreen_pipelining_action = enforce
+postscreen_pipelining_enable = no
+postscreen_pipelining_ttl = 30d
+postscreen_post_queue_limit = $default_process_limit
+postscreen_pre_queue_limit = $default_process_limit
+postscreen_reject_footer = $smtpd_reject_footer
+postscreen_tls_security_level = $smtpd_tls_security_level
+postscreen_upstream_proxy_protocol =
+postscreen_upstream_proxy_timeout = 5s
+postscreen_use_tls = $smtpd_use_tls
+postscreen_watchdog_timeout = 10s
+postscreen_whitelist_interfaces = static:all
+prepend_delivered_header = command, file, forward
+process_id = 14166
+process_id_directory = pid
+process_name = postconf
+propagate_unmatched_extensions = canonical, virtual
+proxy_interfaces =
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps
+proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
+proxymap_service_name = proxymap
+proxywrite_service_name = proxywrite
+qmgr_clog_warn_time = 300s
+qmgr_daemon_timeout = 1000s
+qmgr_fudge_factor = 100
+qmgr_ipc_timeout = 60s
+qmgr_message_active_limit = 20000
+qmgr_message_recipient_limit = 20000
+qmgr_message_recipient_minimum = 10
+qmqpd_authorized_clients =
+qmqpd_client_port_logging = no
+qmqpd_error_delay = 1s
+qmqpd_timeout = 300s
+queue_directory = /var/spool/postfix
+queue_file_attribute_count_limit = 100
+queue_minfree = 0
+queue_run_delay = 300s
+queue_service_name = qmgr
+rbl_reply_maps =
+readme_directory = no
+receive_override_options =
+recipient_bcc_maps =
+recipient_canonical_classes = envelope_recipient, header_recipient
+recipient_canonical_maps =
+recipient_delimiter =
+reject_code = 554
+reject_tempfail_action = defer_if_permit
+relay_clientcerts =
+relay_delivery_slot_cost = $default_delivery_slot_cost
+relay_delivery_slot_discount = $default_delivery_slot_discount
+relay_delivery_slot_loan = $default_delivery_slot_loan
+relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+relay_destination_concurrency_limit = $default_destination_concurrency_limit
+relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+relay_destination_rate_delay = $default_destination_rate_delay
+relay_destination_recipient_limit = $default_destination_recipient_limit
+relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}}
+relay_domains_reject_code = 554
+relay_extra_recipient_limit = $default_extra_recipient_limit
+relay_initial_destination_concurrency = $initial_destination_concurrency
+relay_minimum_delivery_slots = $default_minimum_delivery_slots
+relay_recipient_limit = $default_recipient_limit
+relay_recipient_maps =
+relay_recipient_refill_delay = $default_recipient_refill_delay
+relay_recipient_refill_limit = $default_recipient_refill_limit
+relay_transport = relay
+relay_transport_rate_delay = $default_transport_rate_delay
+relayhost =
+relocated_maps =
+remote_header_rewrite_domain =
+require_home_directory = no
+reset_owner_alias = no
+resolve_dequoted_address = yes
+resolve_null_domain = no
+resolve_numeric_domain = no
+retry_delivery_slot_cost = $default_delivery_slot_cost
+retry_delivery_slot_discount = $default_delivery_slot_discount
+retry_delivery_slot_loan = $default_delivery_slot_loan
+retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+retry_destination_concurrency_limit = $default_destination_concurrency_limit
+retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+retry_destination_rate_delay = $default_destination_rate_delay
+retry_destination_recipient_limit = $default_destination_recipient_limit
+retry_extra_recipient_limit = $default_extra_recipient_limit
+retry_initial_destination_concurrency = $initial_destination_concurrency
+retry_minimum_delivery_slots = $default_minimum_delivery_slots
+retry_recipient_limit = $default_recipient_limit
+retry_recipient_refill_delay = $default_recipient_refill_delay
+retry_recipient_refill_limit = $default_recipient_refill_limit
+retry_transport_rate_delay = $default_transport_rate_delay
+rewrite_service_name = rewrite
+sample_directory = /etc/postfix
+send_cyrus_sasl_authzid = no
+sender_bcc_maps =
+sender_canonical_classes = envelope_sender, header_sender
+sender_canonical_maps =
+sender_dependent_default_transport_maps =
+sender_dependent_relayhost_maps =
+sendmail_fix_line_endings = always
+sendmail_path = /usr/sbin/sendmail
+service_name =
+service_throttle_time = 60s
+setgid_group = postdrop
+shlib_directory = /usr/lib/postfix
+show_user_unknown_table_name = yes
+showq_service_name = showq
+smtp_address_preference = any
+smtp_address_verify_target = rcpt
+smtp_always_send_ehlo = yes
+smtp_balance_inet_protocols = yes
+smtp_bind_address =
+smtp_bind_address6 =
+smtp_body_checks =
+smtp_cname_overrides_servername = no
+smtp_connect_timeout = 30s
+smtp_connection_cache_destinations =
+smtp_connection_cache_on_demand = yes
+smtp_connection_cache_time_limit = 2s
+smtp_connection_reuse_count_limit = 0
+smtp_connection_reuse_time_limit = 300s
+smtp_data_done_timeout = 600s
+smtp_data_init_timeout = 120s
+smtp_data_xfer_timeout = 180s
+smtp_defer_if_no_mx_address_found = no
+smtp_delivery_slot_cost = $default_delivery_slot_cost
+smtp_delivery_slot_discount = $default_delivery_slot_discount
+smtp_delivery_slot_loan = $default_delivery_slot_loan
+smtp_delivery_status_filter = $default_delivery_status_filter
+smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+smtp_destination_concurrency_limit = $default_destination_concurrency_limit
+smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+smtp_destination_rate_delay = $default_destination_rate_delay
+smtp_destination_recipient_limit = $default_destination_recipient_limit
+smtp_discard_ehlo_keyword_address_maps =
+smtp_discard_ehlo_keywords =
+smtp_dns_reply_filter =
+smtp_dns_resolver_options =
+smtp_dns_support_level =
+smtp_enforce_tls = no
+smtp_extra_recipient_limit = $default_extra_recipient_limit
+smtp_fallback_relay = $fallback_relay
+smtp_generic_maps =
+smtp_header_checks =
+smtp_helo_name = $myhostname
+smtp_helo_timeout = 300s
+smtp_host_lookup = dns
+smtp_initial_destination_concurrency = $initial_destination_concurrency
+smtp_line_length_limit = 998
+smtp_mail_timeout = 300s
+smtp_mime_header_checks =
+smtp_minimum_delivery_slots = $default_minimum_delivery_slots
+smtp_mx_address_limit = 5
+smtp_mx_session_limit = 2
+smtp_nested_header_checks =
+smtp_never_send_ehlo = no
+smtp_per_record_deadline = no
+smtp_pix_workaround_delay_time = 10s
+smtp_pix_workaround_maps =
+smtp_pix_workaround_threshold_time = 500s
+smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
+smtp_quit_timeout = 300s
+smtp_quote_rfc821_envelope = yes
+smtp_randomize_addresses = yes
+smtp_rcpt_timeout = 300s
+smtp_recipient_limit = $default_recipient_limit
+smtp_recipient_refill_delay = $default_recipient_refill_delay
+smtp_recipient_refill_limit = $default_recipient_refill_limit
+smtp_reply_filter =
+smtp_rset_timeout = 20s
+smtp_sasl_auth_cache_name =
+smtp_sasl_auth_cache_time = 90d
+smtp_sasl_auth_enable = no
+smtp_sasl_auth_soft_bounce = yes
+smtp_sasl_mechanism_filter =
+smtp_sasl_password_maps =
+smtp_sasl_path =
+smtp_sasl_security_options = noplaintext, noanonymous
+smtp_sasl_tls_security_options = $smtp_sasl_security_options
+smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
+smtp_sasl_type = cyrus
+smtp_send_dummy_mail_auth = no
+smtp_send_xforward_command = no
+smtp_sender_dependent_authentication = no
+smtp_skip_5xx_greeting = yes
+smtp_skip_quit_response = yes
+smtp_starttls_timeout = 300s
+smtp_tcp_port = smtp
+smtp_tls_CAfile =
+smtp_tls_CApath =
+smtp_tls_block_early_mail_reply = no
+smtp_tls_cert_file =
+smtp_tls_ciphers = medium
+smtp_tls_dane_insecure_mx_policy = dane
+smtp_tls_dcert_file =
+smtp_tls_dkey_file = $smtp_tls_dcert_file
+smtp_tls_eccert_file =
+smtp_tls_eckey_file = $smtp_tls_eccert_file
+smtp_tls_enforce_peername = yes
+smtp_tls_exclude_ciphers =
+smtp_tls_fingerprint_cert_match =
+smtp_tls_fingerprint_digest = md5
+smtp_tls_force_insecure_host_tlsa_lookup = no
+smtp_tls_key_file = $smtp_tls_cert_file
+smtp_tls_loglevel = 0
+smtp_tls_mandatory_ciphers = medium
+smtp_tls_mandatory_exclude_ciphers =
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtp_tls_note_starttls_offer = no
+smtp_tls_per_site =
+smtp_tls_policy_maps =
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_scert_verifydepth = 9
+smtp_tls_secure_cert_match = nexthop, dot-nexthop
+smtp_tls_security_level =
+smtp_tls_session_cache_database =
+smtp_tls_session_cache_timeout = 3600s
+smtp_tls_trust_anchor_file =
+smtp_tls_verify_cert_match = hostname
+smtp_tls_wrappermode = no
+smtp_transport_rate_delay = $default_transport_rate_delay
+smtp_use_tls = no
+smtp_xforward_timeout = 300s
+smtpd_authorized_verp_clients = $authorized_verp_clients
+smtpd_authorized_xclient_hosts =
+smtpd_authorized_xforward_hosts =
+smtpd_banner = $myhostname ESMTP $mail_name
+smtpd_client_auth_rate_limit = 0
+smtpd_client_connection_count_limit = 50
+smtpd_client_connection_rate_limit = 0
+smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
+smtpd_client_message_rate_limit = 0
+smtpd_client_new_tls_session_rate_limit = 0
+smtpd_client_port_logging = no
+smtpd_client_recipient_rate_limit = 0
+smtpd_client_restrictions =
+smtpd_command_filter =
+smtpd_data_restrictions =
+smtpd_delay_open_until_valid_rcpt = yes
+smtpd_delay_reject = yes
+smtpd_discard_ehlo_keyword_address_maps =
+smtpd_discard_ehlo_keywords =
+smtpd_dns_reply_filter =
+smtpd_end_of_data_restrictions =
+smtpd_enforce_tls = no
+smtpd_error_sleep_time = 1s
+smtpd_etrn_restrictions =
+smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
+smtpd_forbidden_commands = CONNECT GET POST
+smtpd_hard_error_limit = ${stress?{1}:{20}}
+smtpd_helo_required = no
+smtpd_helo_restrictions =
+smtpd_history_flush_threshold = 100
+smtpd_junk_command_limit = ${stress?{1}:{100}}
+smtpd_log_access_permit_actions =
+smtpd_milter_maps =
+smtpd_milters =
+smtpd_noop_commands =
+smtpd_null_access_lookup_key = <>
+smtpd_peername_lookup = yes
+smtpd_per_record_deadline = ${stress?{yes}:{no}}
+smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem
+smtpd_policy_service_max_idle = 300s
+smtpd_policy_service_max_ttl = 1000s
+smtpd_policy_service_policy_context =
+smtpd_policy_service_request_limit = 0
+smtpd_policy_service_retry_delay = 1s
+smtpd_policy_service_timeout = 100s
+smtpd_policy_service_try_limit = 2
+smtpd_proxy_ehlo = $myhostname
+smtpd_proxy_filter =
+smtpd_proxy_options =
+smtpd_proxy_timeout = 100s
+smtpd_recipient_limit = 1000
+smtpd_recipient_overshoot_limit = 1000
+smtpd_recipient_restrictions =
+smtpd_reject_footer =
+smtpd_reject_unlisted_recipient = yes
+smtpd_reject_unlisted_sender = no
+smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
+smtpd_restriction_classes =
+smtpd_sasl_auth_enable = no
+smtpd_sasl_authenticated_header = no
+smtpd_sasl_exceptions_networks =
+smtpd_sasl_local_domain =
+smtpd_sasl_path = smtpd
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_service = smtp
+smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
+smtpd_sasl_type = cyrus
+smtpd_sender_login_maps =
+smtpd_sender_restrictions =
+smtpd_service_name = smtpd
+smtpd_soft_error_limit = 10
+smtpd_starttls_timeout = ${stress?{10}:{300}}s
+smtpd_timeout = ${stress?{10}:{300}}s
+smtpd_tls_CAfile =
+smtpd_tls_CApath =
+smtpd_tls_always_issue_session_ids = yes
+smtpd_tls_ask_ccert = no
+smtpd_tls_auth_only = no
+smtpd_tls_ccert_verifydepth = 9
+smtpd_tls_cert_file =
+smtpd_tls_ciphers = medium
+smtpd_tls_dcert_file =
+smtpd_tls_dh1024_param_file =
+smtpd_tls_dh512_param_file =
+smtpd_tls_dkey_file = $smtpd_tls_dcert_file
+smtpd_tls_eccert_file =
+smtpd_tls_eckey_file = $smtpd_tls_eccert_file
+smtpd_tls_eecdh_grade = auto
+smtpd_tls_exclude_ciphers =
+smtpd_tls_fingerprint_digest = md5
+smtpd_tls_key_file = $smtpd_tls_cert_file
+smtpd_tls_loglevel = 0
+smtpd_tls_mandatory_ciphers = medium
+smtpd_tls_mandatory_exclude_ciphers =
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtpd_tls_protocols = !SSLv2, !SSLv3
+smtpd_tls_received_header = no
+smtpd_tls_req_ccert = no
+smtpd_tls_security_level =
+smtpd_tls_session_cache_database =
+smtpd_tls_session_cache_timeout = 3600s
+smtpd_tls_wrappermode = no
+smtpd_upstream_proxy_protocol =
+smtpd_upstream_proxy_timeout = 5s
+smtpd_use_tls = no
+smtputf8_autodetect_classes = sendmail, verify
+smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}}
+soft_bounce = no
+stale_lock_time = 500s
+stress =
+strict_7bit_headers = no
+strict_8bitmime = no
+strict_8bitmime_body = no
+strict_mailbox_ownership = yes
+strict_mime_encoding_domain = no
+strict_rfc821_envelopes = no
+strict_smtputf8 = no
+sun_mailtool_compatibility = no
+swap_bangpath = yes
+syslog_facility = mail
+syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}}
+tcp_windowsize = 0
+tls_append_default_CA = no
+tls_daemon_random_bytes = 32
+tls_dane_digest_agility = on
+tls_dane_digests = sha512 sha256
+tls_dane_trust_anchor_digest_enable = yes
+tls_disable_workarounds =
+tls_eecdh_auto_curves = prime256v1 secp521r1 secp384r1
+tls_eecdh_strong_curve = prime256v1
+tls_eecdh_ultra_curve = secp384r1
+tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH
+tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
+tls_legacy_public_key_fingerprints = no
+tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH
+tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH
+tls_null_cipherlist = eNULL:!aNULL
+tls_preempt_cipherlist = no
+tls_random_bytes = 32
+tls_random_exchange_name = ${data_directory}/prng_exch
+tls_random_prng_update_period = 3600s
+tls_random_reseed_period = 3600s
+tls_random_source = dev:/dev/urandom
+tls_session_ticket_cipher = aes-256-cbc
+tls_ssl_options =
+tls_wildcard_matches_multiple_labels = yes
+tlsmgr_service_name = tlsmgr
+tlsproxy_enforce_tls = $smtpd_enforce_tls
+tlsproxy_service_name = tlsproxy
+tlsproxy_tls_CAfile = $smtpd_tls_CAfile
+tlsproxy_tls_CApath = $smtpd_tls_CApath
+tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
+tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
+tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
+tlsproxy_tls_cert_file = $smtpd_tls_cert_file
+tlsproxy_tls_ciphers = $smtpd_tls_ciphers
+tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
+tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
+tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
+tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
+tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
+tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
+tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
+tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
+tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
+tlsproxy_tls_key_file = $smtpd_tls_key_file
+tlsproxy_tls_loglevel = $smtpd_tls_loglevel
+tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
+tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
+tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
+tlsproxy_tls_protocols = $smtpd_tls_protocols
+tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
+tlsproxy_tls_security_level = $smtpd_tls_security_level
+tlsproxy_use_tls = $smtpd_use_tls
+tlsproxy_watchdog_timeout = 10s
+trace_service_name = trace
+transport_maps =
+transport_retry_time = 60s
+trigger_timeout = 10s
+undisclosed_recipients_header =
+unknown_address_reject_code = 450
+unknown_address_tempfail_action = $reject_tempfail_action
+unknown_client_reject_code = 450
+unknown_helo_hostname_tempfail_action = $reject_tempfail_action
+unknown_hostname_reject_code = 450
+unknown_local_recipient_reject_code = 550
+unknown_relay_recipient_reject_code = 550
+unknown_virtual_alias_reject_code = 550
+unknown_virtual_mailbox_reject_code = 550
+unverified_recipient_defer_code = 450
+unverified_recipient_reject_code = 450
+unverified_recipient_reject_reason =
+unverified_recipient_tempfail_action = $reject_tempfail_action
+unverified_sender_defer_code = 450
+unverified_sender_reject_code = 450
+unverified_sender_reject_reason =
+unverified_sender_tempfail_action = $reject_tempfail_action
+verp_delimiter_filter = -=+
+virtual_alias_address_length_limit = 1000
+virtual_alias_domains = $virtual_alias_maps
+virtual_alias_expansion_limit = 1000
+virtual_alias_maps = $virtual_maps
+virtual_alias_recursion_limit = 1000
+virtual_delivery_slot_cost = $default_delivery_slot_cost
+virtual_delivery_slot_discount = $default_delivery_slot_discount
+virtual_delivery_slot_loan = $default_delivery_slot_loan
+virtual_delivery_status_filter = $default_delivery_status_filter
+virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
+virtual_destination_concurrency_limit = $default_destination_concurrency_limit
+virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
+virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
+virtual_destination_rate_delay = $default_destination_rate_delay
+virtual_destination_recipient_limit = $default_destination_recipient_limit
+virtual_extra_recipient_limit = $default_extra_recipient_limit
+virtual_gid_maps =
+virtual_initial_destination_concurrency = $initial_destination_concurrency
+virtual_mailbox_base =
+virtual_mailbox_domains = $virtual_mailbox_maps
+virtual_mailbox_limit = 51200000
+virtual_mailbox_lock = fcntl, dotlock
+virtual_mailbox_maps =
+virtual_minimum_delivery_slots = $default_minimum_delivery_slots
+virtual_minimum_uid = 100
+virtual_recipient_limit = $default_recipient_limit
+virtual_recipient_refill_delay = $default_recipient_refill_delay
+virtual_recipient_refill_limit = $default_recipient_refill_limit
+virtual_transport = virtual
+virtual_transport_rate_delay = $default_transport_rate_delay
+virtual_uid_maps =
+</code>
+Möchten wir nun einen einzelne Variable abfragen, die nicht den Defaultvorgaben entspricht benutzen wir im Fall von **myorigin** den folgenden Aufruf.
+   # postconf -d myorigin
+  myorigin = $myhostname
+Wollen wir einen Parameter ändern, so benutzen wir die Option **-e**. Als erstes fragen wir den wert einer Variable, im folgenden Beispiel von **//smtpd_client_connection_count_limit//**.
+   # postconf -d smtpd_client_connection_count_limit
+   smtpd_client_connection_count_limit = 50
+Den Defaulwert von **50** ändern wir nun ab auf den Wert **10**.
+   # postconf -e "smtpd_client_connection_count_limit = 10"
+Anschließend muss via **systemctl reload postfix** der laufende Daemon noch von der Änderung an der **main.cf** informiert werden.
+Auf die wichtigsten Konfigurationsparameter für den Betrieb unseres Mailservers gehen wir nun kurz ein:
+  * **myhostname** \\ Definition des Hostnames, über den der Mailserver später erreichbar sein wird. Die IP-Adresse des Mailservers muss später auch reverse auf gelöst werden könnne und dem hier definiertem Hostnamen entsprechen.
+  * **mydomain** \\ Definition der eigenen Domäne. Normalerweise, wird man diesen Wert nie setzen müssen, da der Wert automatisch vom Parameter **myhostname** abgeleitet wird, in dem der Host-Teil abgetrennt wird. Aus **myhostname = mx1.nausch.org** wird so **nausch.org**, ohne dasss wir extra Hand anlegen müssen. Den Parameter **mydomain** wird man also nur setzen müssen, wenn der Wert vom Domain-Teil des Parameters **myhostname** abweicht!
+  * **mydestination** Über diesen Parameter wird definiert, für welche Domains sich unser Postfix als //final destination// fühlt; der MTA also eigentlich eMails annehmen soll. Normalerweise wird dies neben dem Wert ''localhost'' der Domain und Hostname des Servers sein. \\ Der Parameter ''mydestination'' beschreibt __nur__ den realen Hostnamen sowie der realen Domäne des Mailservers. Möchte man virtuelle Domänen verwenden, definiert man diese mit Hilfe der //virtual-table// und __**nicht**__ bei mydestination!
+  * **myorigin** Werden eMails lokal auf dem Mailserverhost generiert, erzeugt Postfix "richtige eMAiladressen", in dem der Mailserver den User-Namen bzw. die User-ID mit dem Wert aus **$myorigin** ergänzt. Der Defaultwert **myorigin = $mydomain** bewirkt also, dass eine eMail von **root** auf unserem Host **mx1.nausch.org** die eMailadresse **root@nausch.org** erhält. Möchte man z.B. für DMZ-interne eMails in der eMailadresse direkt den Hostnamen mit angeben, so wird man hier statt **$mydomain** **$myhostname** angeben; somit würde dann die Adresse **logwatch@pml010043.intra.nausch.org** statt **logwatch@nausch.org** generiert.
+  * **mynetworks** \\ Muss man mehrere verschiedene Netzbereiche, oder einzelne Hosts zum sicheren Relayen freischalten, dann müssen die einzelnen Netzbereiche, bzw. Hosts über den Parameter //mynetworks// definiert werden. **10.10.10.0/24** beschreibt so ein ganzes Netz, **10.0.0.10/32** hingegen nur einen einzelnen Host.
+  * **mynetworks_style** \\ Festlegung des Netzes oder des Netzbereiches, die unser Postfix als //vertrauenswürdig// betrachten soll. Host aus diesem Netzbereichen ist es gestattet, eMails an externe Empfänger einzuliefern, die unser MTA dann wiederum ausliefern wird. **class**, **host** und **subnet** (Defaulteinstellung) können hier ausgewählt werden.
+  * **inet_interfaces** \\ Festlegung der Netzwerk-Adresse, von denen der Mailserver Verbindungen annehmen soll. Bei einfachen Workstations wird man hier den Vorgabewert ''localhost'' belassen. Wollen wir einen richtigen Mailserver betreiben, so definieren wir hier entweder direkt sine IP-Adresse, oder geben das Schlüsselwort ''all'' für alle Netzwerkschnittstellen an.
+  * **inet_protocols** \\ Festlegung des verwendeten Internetprotokolles, abhängig von der Serverkonfiguration selbst. Wurde der [[centos:ipv6_disable|IPv6-Support]] deaktiviert, so definiert man hier entsprechend die Option ''inet_protocols = ipv4''.
+  * **smtpd_banner** \\ Definition des Begrüßungstextes, den der Mailserver nach dem Aufbau eingehender Verbindungenvon externen Mailservern ausgibt. Hier wird man i.d.R. aus Sicherheitsgründen lediglich den Hostnamen und den Namen des Mailservers preis geben, nicht aber Versionsangaben oder weiteres.
+===== Lockup-Tables =====
+Neben den beiden vorgenannten Hauptkonfigurationsdateien **main.cf** und **master.cf** finden wir im Konfigurationsverzeichnis //**/etc/postfix**// noch ein paar Lockup-Tabellen, die bei der RPM-Installation automatisch angelegt wurden.
+   # # ls -l --hide=*.cf --hide=header_checks --hide=*proto /etc/postfix/
+<code>total 112
+-rw-r--r--. 1 root root 21006 Sep 24 19:22 access
+-rw-r--r--. 1 root root 11683 Sep 24 19:22 canonical
+-rw-r--r--. 1 root root  9904 Sep 24 19:22 generic
+-rw-r--r--. 1 root root  6816 Sep 24 19:22 relocated
+-rw-r--r--. 1 root root 12549 Sep 24 19:22 transport
+-rw-r--r--. 1 root root 12510 Sep 24 19:22 virtual
+</code>
+Ferner findet sich dort noch die Konfigurationsdatei **dynamicmaps.cf** und das zugehörige Verzeichnis **dynamicmaps.cf.d** für die dynamischen Mappingtabellen.
+<code>
+-rw-r--r--. 1 root root 164 Jan 17 17:09 dynamicmaps.cf
+drwxr-xr-x. 2 root root     6 Jan 17 17:09 dynamicmaps.cf.d
+</code>
+Den Umgang mit diesen access- und lookup-Tabellen ist im Kapitel [[centos:mail_c7:mta_4|Konfiguration unseres MTAs Postfix 2.11 unter CentOS7]] detailliert beschrieben.
+  * **[[centos:mail_c7:mta_4?&#access|access]]**
+  * **[[centos:mail_c7:mta_4?&#canonical|canonical]]**
+  * **[[centos:mail_c7:mta_4?&#generic|generic]]**
+  * **[[centos:mail_c7:mta_4?&#relocated|relocated]]**
+  * **[[centos:mail_c7:mta_4?&#transport|transport]]**
+  * **[[centos:mail_c7:mta_4?&#virtual|virtual]]**
+===== Header-Checks =====
+Möchte man Informationen im Mailheader zum Bewerten verwenden, um so z.B. eine Nachricht zu blocken, kann man dies mit Hilfe der Konfigurationsdatei **header_checks** realisieren.
+   # less /etc/postfix/header_checks
+<file bash /etc/postfix/header_checks># HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
+#
+# NAME
+#        header_checks - Postfix built-in content inspection
+#
+# SYNOPSIS
+#        header_checks = pcre:/etc/postfix/header_checks
+#        mime_header_checks = pcre:/etc/postfix/mime_header_checks
+#        nested_header_checks = pcre:/etc/postfix/nested_header_checks
+#        body_checks = pcre:/etc/postfix/body_checks
+#
+#        milter_header_checks = pcre:/etc/postfix/milter_header_checks
+#
+#        smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
+#        smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
+#        smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
+#        smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
+#
+#        postmap -q "string" pcre:/etc/postfix/filename
+#        postmap -q - pcre:/etc/postfix/filename <inputfile
+#
+# DESCRIPTION
+#        This  document  describes access control on the content of
+#        message headers and message body lines; it is  implemented
+#        by  the  Postfix  cleanup(8) server before mail is queued.
+#        See access(5) for access control  on  remote  SMTP  client
+#        information.
+#
+#        Each  message  header  or  message  body  line is compared
+#        against a list of patterns.  When a  match  is  found  the
+#        corresponding action is executed, and the matching process
+#        is repeated for the next message header  or  message  body
+#        line.
+#
+#        Note: message headers are examined one logical header at a
+#        time, even when a message  header  spans  multiple  lines.
+#        Body lines are always examined one line at a time.
+#
+#        For  examples, see the EXAMPLES section at the end of this
+#        manual page.
+#
+#        Postfix header or body_checks are designed to stop a flood
+#        of  mail from worms or viruses; they do not decode attach-
+#        ments, and they do not unzip archives. See  the  documents
+#        referenced  below  in the README FILES section if you need
+#        more sophisticated content analysis.
+#
+# FILTERS WHILE RECEIVING MAIL
+#        Postfix implements the  following  four  built-in  content
+#        inspection classes while receiving mail:
+#
+#        header_checks (default: empty)
+#               These   are  applied  to  initial  message  headers
+#               (except for the headers  that  are  processed  with
+#               mime_header_checks).
+#
+#        mime_header_checks (default: $header_checks)
+#               These  are  applied to MIME related message headers
+#               only.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#        nested_header_checks (default: $header_checks)
+#               These  are  applied  to message headers of attached
+#               email messages (except for  the  headers  that  are
+#               processed with mime_header_checks).
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#        body_checks
+#               These are applied to all other  content,  including
+#               multi-part message boundaries.
+#
+#               With Postfix versions before 2.0, all content after
+#               the initial message headers is treated as body con-
+#               tent.
+#
+# FILTERS AFTER RECEIVING MAIL
+#        Postfix  supports a subset of the built-in content inspec-
+#        tion classes after the message is received:
+#
+#        milter_header_checks (default: empty)
+#               These are applied to headers that  are  added  with
+#               Milter applications.
+#
+#               This feature is available in Postfix 2.7 and later.
+#
+# FILTERS WHILE DELIVERING MAIL
+#        Postfix supports all four content inspection classes while
+#        delivering mail via SMTP.
+#
+#        smtp_header_checks (default: empty)
+#
+#        smtp_mime_header_checks (default: empty)
+#
+#        smtp_nested_header_checks (default: empty)
+#
+#        smtp_body_checks (default: empty)
+#               These  features  are  available  in Postfix 2.5 and
+#               later.
+#
+# COMPATIBILITY
+#        With Postfix version 2.2 and earlier specify "postmap -fq"
+#        to query a table that contains case sensitive patterns. By
+#        default, regexp: and pcre: patterns are case  insensitive.
+#
+# TABLE FORMAT
+#        This  document  assumes  that header and body_checks rules
+#        are specified in the form of  Postfix  regular  expression
+#        lookup  tables.  Usually  the best performance is obtained
+#        with pcre (Perl Compatible Regular Expression) tables. The
+#        regexp  (POSIX  regular  expressions)  tables  are usually
+#        slower, but more widely available.  Use the command "post-
+#        conf  -m" to find out what lookup table types your Postfix
+#        system supports.
+#
+#        The general format of Postfix regular expression tables is
+#        given  below.   For  a  discussion  of specific pattern or
+#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+#        respectively.
+#
+#        /pattern/flags action
+#               When  /pattern/  matches  the input string, execute
+#               the corresponding action. See below for a  list  of
+#               possible actions.
+#
+#        !/pattern/flags action
+#               When  /pattern/  does  not  match the input string,
+#               execute the corresponding action.
+#
+#        if /pattern/flags
+#
+#        endif  If the input string matches /pattern/,  then  match
+#               that  input  string against the patterns between if
+#               and endif.  The if..endif can nest.
+#
+#               Note: do not prepend whitespace to patterns  inside
+#               if..endif.
+#
+#        if !/pattern/flags
+#
+#        endif  If  the input string does not match /pattern/, then
+#               match  that  input  string  against  the   patterns
+#               between if and endif. The if..endif can nest.
+#
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+#
+#        multi-line text
+#               A  pattern/action  line  starts with non-whitespace
+#               text. A line that starts with whitespace  continues
+#               a logical line.
+#
+# TABLE SEARCH ORDER
+#        For  each  line of message input, the patterns are applied
+#        in the order as specified in the table. When a pattern  is
+#        found  that  matches  the  input  line,  the corresponding
+#        action is  executed  and  then  the  next  input  line  is
+#        inspected.
+#
+# TEXT SUBSTITUTION
+#        Substitution  of  substrings  from  the matched expression
+#        into the action string is possible using the  conventional
+#        Perl  syntax  ($1,  $2,  etc.).   The macros in the result
+#        string may need to be written as  ${n}  or  $(n)  if  they
+#        aren't followed by whitespace.
+#
+#        Note:  since negated patterns (those preceded by !) return
+#        a result when the expression does not match, substitutions
+#        are not available for negated patterns.
+#
+# ACTIONS
+#        Action names are case insensitive. They are shown in upper
+#        case for consistency with other Postfix documentation.
+#
+#        BCC user@domain
+#               Add the specified address as a BCC  recipient,  and
+#               inspect  the next input line. The address must have
+#               a local part and domain part.  The  number  of  BCC
+#               addresses  that can be added is limited only by the
+#               amount of available storage space.
+#
+#               Note 1: the BCC address is added as if it was spec-
+#               ified  with  NOTIFY=NONE.  The  sender  will not be
+#               notified when the BCC address is undeliverable,  as
+#               long  as  all  down-stream  software implements RFC
+#               3461.
+#
+#               Note 2: this ignores duplicate addresses (with  the
+#               same delivery status notification options).
+#
+#               This feature is available in Postfix 3.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        DISCARD optional text...
+#               Claim  successful delivery and silently discard the
+#               message.  Do not inspect the remainder of the input
+#               message.   Log the optional text if specified, oth-
+#               erwise log a generic message.
+#
+#               Note:  this  action  disables  further  header   or
+#               body_checks  inspection  of the current message and
+#               affects all recipients.  To discard only one recip-
+#               ient without discarding the entire message, use the
+#               transport(5) table to direct mail to the discard(8)
+#               service.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        DUNNO  Pretend  that the input line did not match any pat-
+#               tern, and inspect the next input line. This  action
+#               can be used to shorten the table search.
+#
+#               For  backwards  compatibility reasons, Postfix also
+#               accepts OK but it is (and always has been)  treated
+#               as DUNNO.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#        FILTER transport:destination
+#               Override the content_filter parameter setting,  and
+#               inspect  the next input line.  After the message is
+#               queued, send the entire message through the  speci-
+#               fied  external  content  filter. The transport name
+#               specifies the first field of a mail delivery  agent
+#               definition in master.cf; the syntax of the next-hop
+#               destination is described in the manual page of  the
+#               corresponding  delivery  agent.   More  information
+#               about external content filters is  in  the  Postfix
+#               FILTER_README file.
+#
+#               Note  1: do not use $number regular expression sub-
+#               stitutions for transport or destination unless  you
+#               know that the information has a trusted origin.
+#
+#               Note  2:  this  action  overrides  the main.cf con-
+#               tent_filter setting, and affects all recipients  of
+#               the  message.  In  the  case  that  multiple FILTER
+#               actions fire, only the last one is executed.
+#
+#               Note 3: the purpose of the  FILTER  command  is  to
+#               override  message routing.  To override the recipi-
+#               ent's transport but not the  next-hop  destination,
+#               specify  an  empty  filter destination (Postfix 2.7
+#               and later), or specify a transport:destination that
+#               delivers   through  a  different  Postfix  instance
+#               (Postfix 2.6 and earlier). Other options are  using
+#               the  recipient-dependent transport_maps or the sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        HOLD optional text...
+#               Arrange  for  the  message to be placed on the hold
+#               queue, and inspect the next input line.   The  mes-
+#               sage  remains  on hold until someone either deletes
+#               it or releases it for delivery.  Log  the  optional
+#               text if specified, otherwise log a generic message.
+#
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
+#               released with the postsuper(1) command.
+#
+#               Note: use "postsuper -r" to release mail  that  was
+#               kept  on  hold for a significant fraction of $maxi-
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
+#               longer.  Use "postsuper -H" only for mail that will
+#               not expire within a few delivery attempts.
+#
+#               Note: this action affects  all  recipients  of  the
+#               message.
+#
+#               This feature is available in Postfix 2.0 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        IGNORE Delete the current line from the input, and inspect
+#               the next input line. See STRIP for  an  alternative
+#               that logs the action.
+#
+#        INFO optional text...
+#               Log an "info:" record with the optional text... (or
+#               log a generic text), and  inspect  the  next  input
+#               line.  This action is useful for routine logging or
+#               for debugging.
+#
+#               This feature is available in Postfix 2.8 and later.
+#
+#        PASS optional text...
+#               Log  a "pass:" record with the optional text... (or
+#               log a generic text), and turn off header, body, and
+#               Milter  inspection  for  the remainder of this mes-
+#               sage.
+#
+#               Note: this feature relies on trust  in  information
+#               that is easy to forge.
+#
+#               This feature is available in Postfix 3.2 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        PREPEND text...
+#               Prepend  one  line  with  the  specified  text, and
+#               inspect the next input line.
+#
+#               Notes:
+#
+#               o      The prepended text is output on  a  separate
+#                      line,  immediately  before  the  input  that
+#                      triggered the PREPEND action.
+#
+#               o      The prepended text is not considered part of
+#                      the  input  stream:  it  is  not  subject to
+#                      header/body checks or address rewriting, and
+#                      it does not affect the way that Postfix adds
+#                      missing message headers.
+#
+#               o      When prepending text before a message header
+#                      line,  the  prepended text must begin with a
+#                      valid message header label.
+#
+#               o      This  action  cannot  be  used  to   prepend
+#                      multi-line text.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#               This   feature   is   not   supported   with   mil-
+#               ter_header_checks.
+#
+#        REDIRECT user@domain
+#               Write  a  message  redirection request to the queue
+#               file, and inspect the next input  line.  After  the
+#               message is queued, it will be sent to the specified
+#               address instead of the intended recipient(s).
+#
+#               Note: this action overrides the FILTER action,  and
+#               affects  all recipients of the message. If multiple
+#               REDIRECT actions fire, only the last  one  is  exe-
+#               cuted.
+#
+#               This feature is available in Postfix 2.1 and later.
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        REPLACE text...
+#               Replace  the  current line with the specified text,
+#               and inspect the next input line.
+#
+#               This feature is available in Postfix 2.2 and later.
+#               The  description below applies to Postfix 2.2.2 and
+#               later.
+#
+#               Notes:
+#
+#               o      When replacing a message  header  line,  the
+#                      replacement  text  must  begin  with a valid
+#                      header label.
+#
+#               o      The replaced text remains part of the  input
+#                      stream.  Unlike  the result from the PREPEND
+#                      action, a replaced  message  header  may  be
+#                      subject  to address rewriting and may affect
+#                      the way that Postfix  adds  missing  message
+#                      headers.
+#
+#        REJECT optional text...
+#               Reject  the  entire  message.  Do  not  inspect the
+#               remainder  of  the  input  message.    Reply   with
+#               optional  text...  when the optional text is speci-
+#               fied, otherwise reply with a generic error message.
+#
+#               Note:   this  action  disables  further  header  or
+#               body_checks inspection of the current  message  and
+#               affects all recipients.
+#
+#               Postfix version 2.3 and later support enhanced sta-
+#               tus codes.  When no code is specified at the begin-
+#               ning of optional text..., Postfix inserts a default
+#               enhanced status code of "5.7.1".
+#
+#               This feature is not supported with smtp header/body
+#               checks.
+#
+#        STRIP optional text...
+#               Log a "strip:" record with the optional text... (or
+#               log a generic text), delete the input line from the
+#               input,  and inspect the next input line. See IGNORE
+#               for a silent alternative.
+#
+#               This feature is available in Postfix 3.2 and later.
+#
+#        WARN optional text...
+#               Log  a  "warning:" record with the optional text...
+#               (or log a generic text), and inspect the next input
+#               line.  This  action is useful for debugging and for
+#               testing a  pattern  before  applying  more  drastic
+#               actions.
+#
+# BUGS
+#        Empty lines never match, because some map types mis-behave
+#        when given a zero-length search string.   This  limitation
+#        may  be  removed for regular expression tables in a future
+#        release.
+#
+#        Many people overlook the main limitations  of  header  and
+#        body_checks rules.
+#
+#        o      These  rules  operate on one logical message header
+#               or one body line at a time. A decision made for one
+#               line is not carried over to the next line.
+#
+#        o      If  text  in the message body is encoded (RFC 2045)
+#               then the rules need to be specified for the encoded
+#               form.
+#
+#        o      Likewise,  when  message  headers  are encoded (RFC
+#               2047) then the rules need to be specified  for  the
+#               encoded form.
+#
+#        Message  headers added by the cleanup(8) daemon itself are
+#        excluded from inspection. Examples of such message headers
+#        are From:, To:, Message-ID:, Date:.
+#
+#        Message  headers  deleted by the cleanup(8) daemon will be
+#        examined before they are deleted. Examples are: Bcc:, Con-
+#        tent-Length:, Return-Path:.
+#
+# CONFIGURATION PARAMETERS
+#        body_checks
+#               Lookup tables with content filter rules for message
+#               body lines.  These filters see one physical line at
+#               a  time,  in  chunks  of at most $line_length_limit
+#               bytes.
+#
+#        body_checks_size_limit
+#               The amount of  content  per  message  body  segment
+#               (attachment) that is subjected to $body_checks fil-
+#               tering.
+#
+#        header_checks
+#
+#        mime_header_checks (default: $header_checks)
+#
+#        nested_header_checks (default: $header_checks)
+#               Lookup tables with content filter rules for message
+#               header  lines:  respectively,  these are applied to
+#               the initial message  headers  (not  including  MIME
+#               headers),  to the MIME headers anywhere in the mes-
+#               sage, and to the initial headers of  attached  mes-
+#               sages.
+#
+#               Note:  these filters see one logical message header
+#               at a time, even when a message header spans  multi-
+#               ple  lines.  Message  headers  that are longer than
+#               $header_size_limit characters are truncated.
+#
+#        disable_mime_input_processing
+#               While receiving mail, give no special treatment  to
+#               MIME  related  message  headers; all text after the
+#               initial message headers is considered to be part of
+#               the  message body. This means that header_checks is
+#               applied to all the  initial  message  headers,  and
+#               that body_checks is applied to the remainder of the
+#               message.
+#
+#               Note: when used in this  manner,  body_checks  will
+#               process  a  multi-line message header one line at a
+#               time.
+#
+# EXAMPLES
+#        Header pattern to block attachments  with  bad  file  name
+#        extensions.   For  convenience, the PCRE /x flag is speci-
+#        fied, so that there is no need  to  collapse  the  pattern
+#        into   a   single  line  of  text.   The  purpose  of  the
+#        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
+#        strings.
+#
+#        /etc/postfix/main.cf:
+#            header_checks = pcre:/etc/postfix/header_checks.pcre
+#
+#        /etc/postfix/header_checks.pcre:
+#            /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
+#              ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
+#              hlp|ht[at]|
+#              inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
+#              \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
+#              ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
+#              vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
+#                REJECT Attachment name "$2" may not end with ".$4"
+#
+#        Body pattern to stop a specific HTML browser vulnerability
+#        exploit.
+#
+#        /etc/postfix/main.cf:
+#            body_checks = regexp:/etc/postfix/body_checks
+#
+#        /etc/postfix/body_checks:
+#            /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+#                REJECT IFRAME vulnerability exploit
+#
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue Postfix message
+#        pcre_table(5), format of PCRE lookup tables
+#        regexp_table(5), format of POSIX regular expression tables
+#        postconf(1), Postfix configuration utility
+#        postmap(1), Postfix lookup table management
+#        postsuper(1), Postfix janitor
+#        postcat(1), show Postfix queue file contents
+#        RFC 2045, base64 and quoted-printable encoding rules
+#        RFC 2047, message header encoding for non-ASCII text
+#
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+#        CONTENT_INSPECTION_README, Postfix content inspection overview
+#        BUILTIN_FILTER_README, Postfix built-in content inspection
+#        BACKSCATTER_README, blocking returned forged mail
+#
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+#
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+#
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+#
+#                                                               HEADER_CHECKS(5)</file>
+Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos:mail_c7:mta_3?&#inhaltliche_pruefungen|Grundabsicherung von Postfix]] noch genauer ansehen.
+===== Paketfilter / Firewall =====
+Damit fremde **MTA**s((**M**ail **T**ransfer **A**gent)) auf **[[centos:mail_c7:mta_1#smtpd|SMTP]]**-Port **25** und unsere Kunden mit deren **MUA**s((**M**ail **U**ser **A**gent)) auf dem **[[centos:mail_c7:mta_1#submission|Submission]]**-Port **587** ihre Nachrichten bei unserem Postfix-Mailserver einliefern können, müssen wir für diese noch Änderungen am Paketfilter **firewalld** vornehmen.
+   # firewall-cmd --permanent --zone=public --add-port=25/tcp
+   success
+   # firewall-cmd --permanent --zone=public --add-port=587/tcp
+   success
+Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
+   # firewall-cmd --reload
+   success
+Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
+   # iptables -nvL IN_public_allow
+<code>Chain IN_public_allow (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 ctstate NEW
+     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 ctstate NEW
+</code>
+===== Systemstart =====
+==== erster manueller Start ====
+   # systemctl start postfix.service
+Im Maillog wird der Start unseres Postfix-Servers entsprechend vermerkt.
+   # less /var/log/maillog
+<code>Oct 10 22:41:25 vml000087.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
+Oct 10 22:41:26 vml000087.dmz.nausch.org postfix/master[30590]: daemon started -- version 2.11.1, configuration /etc/postfix
+Oct 10 22:41:26 vml000087.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.
+</code>
+   # systemctl status postfix.service
+<html><pre class="code">
+<font style="color: rgb(0, 255, 0)"><b>● </b></font>postfix.service - Postfix Mail Transport Agent
+   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
+   Active: <font style="color: rgb(0, 255, 0)"><b>active (running)</b></font> since Sat 2019-01-26 21:41:21 CET; 12s ago
+  Process: 14349 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
+  Process: 14346 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
+  Process: 14341 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
+ Main PID: 14423 (master)
+   CGroup: /system.slice/postfix.service
+           ├─14423 /usr/libexec/postfix/master -w
+           ├─14424 pickup -l -t unix -u
+           └─14425 qmgr -l -t unix -u
+Jan 26 21:41:20 vml000080.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent...
+Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/postfix-script[14421]: starting the Postfix mail system
+Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/master[14423]: daemon started -- version 3.3.2, configuration /etc/postfix
+Jan 26 21:41:21 vml000080.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.</font>
+</pre>
+</html>
+Fragen wir nun mit Hilfe des Befehls ''**netstat -tulpen**'' die offenen Ports ab, sehen wir, dass der Port **25** auf beiden zur Verfügung stehenden Netzwerkinterfaces geöffnet wurden.
+   # netstat -tulpen
+<code>Active Internet connections (only servers)
+Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
+tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          48472      14423/master
+tcp6       0      0 ::1:25                  :::*                    LISTEN      0          48473      14423/master</code>
+Alternativ dazu können wr auch den Befehl ''**lsof**'' verwenden.
+   # lsof -i :25
+  COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
+  master  14423 root   13u  IPv4  48472      0t0  TCP localhost:smtp (LISTEN)
+  master  14423 root   14u  IPv6  48473      0t0  TCP localhost:smtp (LISTEN)
+==== automatischer Start beim Systemstart ====
+Wollen wir den Daemon beim Hochfahren des Systems automatisch starten, greifen wir auf den Befehl **systemctl** zurück.
+   # systemctl enable postfix.service
+ Möchten wir uns vergewissern, ob der Daemon beim Systemstart gestartet wird oder nicht, erfahren wir ebenfalls mit dem Befehl **systemctl**.
+   # systemctl is-enabled postfix.service
+   enabled
+Startet der Server nicht automatisch, wird uns ein "**disabled**" zurückgemeldet.
+===== Systemtest =====
+Mit der minimalen Konfiguration unseres Postfix haben wir bereits einen lauffähigen **MTA**. Zum Testen verwenden wir das Programm **telnet**.
+Die Eingaben am testenden Client sind in der Farbe <html><font style="color: rgb(0, 0, 255)"><b>blau</b></font></html> und die Rückmeldungen unseres Dovecot-Servers in der Farbe <html><font style="color: rgb(66, 66, 66)"><b>hellgrau</b></font></html> gekennzeichnet. Die Ausgaben des Befehls **telnet** sind in der Farbe <html><font style="color: rgb(0, 0, 0)"><b>schwarz</b></font></html> eingefärbt.
+<html><pre class="code">
+<font style="color: rgb(0, 0, 255)">$ telnet ::1 25</font>
+<font style="color: rgb(0, 0, 0)">Trying ::1...
+Connected to ::1.
+Escape character is '^]'.</font>
+<font style="color: rgb(66, 66, 66)">220 vml000087.dmz.nausch.org ESMTP Postfix</font>
+<font style="color: rgb(0, 0, 255)">helo foo</font>
+<font style="color: rgb(66, 66, 66)">250 vml000087.dmz.nausch.org</font>
+<font style="color: rgb(0, 0, 255)">mail from:&lt;&gt;</font>
+<font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
+<font style="color: rgb(0, 0, 255)">rcpt to:&lt;django@vml000080.dmz.nausch.org>&gt;</font>
+<font style="color: rgb(66, 66, 66)">250 2.1.0 OK</font>
+<font style="color: rgb(0, 0, 255)">DATA</font>
+<font style="color: rgb(66, 66, 66)">354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF></font>
+<font style="color: rgb(0, 0, 255)">From: michael@nausch.org
+To: django@vml000087.dmz.nausch.org
+Subject: erste testmail
+Date: heute
+test
+.</font>
+<font style="color: rgb(66, 66, 66)">250 2.0.0 Ok: queued as 5FFA5600088</font>
+<font style="color: rgb(0, 0, 255)">quit</font>
+<font style="color: rgb(66, 66, 66)">221 2.0.0 Bye</font>
+<font style="color: rgb(0, 0, 0)">Connection closed by foreign host.</font>
+</pre></html>
+Die Message-ID **5FFA5600088** finden wir dann auch im Maillog wieder.
+   # tail -n7 /var/log/maillog
+<code>Jan 26 22:03:03 vml000080.dmz.nausch.org postfix/smtpd[14470]: connect from localhost[::1]
+Jan 26 22:03:46 vml000080.dmz.nausch.org postfix/smtpd[14470]: 5FFA5600088: client=localhost[::1]
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/cleanup[14474]: 5FFA5600088: message-id=<20190126210346.5FFA5600088@vml000080.dmz.nausch.org>
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/qmgr[14425]: 5FFA5600088: from=<>, size=363, nrcpt=1 (queue active)
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/local[14475]: 5FFA5600088: to=<django@vml000080.dmz.nausch.org>, relay=local, delay=61, delays=60/0.02/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
+Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/qmgr[14425]: 5FFA5600088: removed
+Jan 26 22:04:23 vml000080.dmz.nausch.org postfix/smtpd[14470]: disconnect from localhost[::1] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5</code>
+Auf unserem Festplatten wurde die eMail auch entsprechend abgespeichert.
+<code>/var/spool/mail/
+├── django
+└── root
+</code>
+   # cat /var/spool/mail/django
+<code>From MAILER-DAEMON  Sat Jan 26 22:04:20 2019
+Return-Path: <>
+X-Original-To: django@vml000080.dmz.nausch.org
+Delivered-To: django@vml000080.dmz.nausch.org
+Received: from foo (localhost [IPv6:::1])
+	by vml000080.dmz.nausch.org (Postfix) with SMTP id 5FFA5600088
+	for <django@vml000080.dmz.nausch.org>; Sat, 26 Jan 2019 22:03:19 +0100 (CET)
+From: michael@nausch.org
+To: django@vml000087.dmz.nausch.org
+Subject: erste testmail
+Date: heute
+Message-Id: <20190126210346.5FFA5600088@vml000080.dmz.nausch.org>
+test
+</code>
+====== Links ======
+  * **⇐ [[centos:mail_c7:mta_1|Zurück zum Kapitel "Postfix, der sichere Mailserver (MTA) unter CentOS 7.x"]]**
+  * **⇒ [[centos:mail_c7:mta_3|Weiter zum Kapitel "DNS Einstellungen rund um Mailserver"]]**
+  * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]**
+  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**