Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Vorhergehende Überarbeitung | |||
— | centos:mail_c7:postfix3_1 [18.11.2024 19:12. ] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Installation und Konfigurationsdateien von Postfix 3 unter CentOS 7.x ====== | ||
+ | {{: | ||
+ | Nachdem wir uns einen **[[centos: | ||
+ | |||
+ | Die Neuerungen und größten Änderungen zu der bisherigen Version 2.x finden sich in der von // | ||
+ | \\ \\ | ||
+ | Die wichtigsten Änderungen (in keiner bestimmten Reihenfolge) sind: | ||
+ | * SMTPUTF8-Unterstützung für internationalisierte Domainnamen und Adresslokalteile gemäß RFC 6530 und verwandten Dokumenten. Die Implementierung basiert auf dem von Arnt Gulbrandsen eingebrachten und von CNNIC gesponserten Code. Der SMTPUTF8-Support ist in Arbeit; er wird voraussichtlich während des Entwicklungszyklus von Postfix 3.1 abgeschlossen sein. Eine Zusammenfassung der Einschränkungen findet sich SMTPUTF8_README. | ||
+ | * Unterstützung für Postfix dynamisch verknüpfte Bibliotheken und Datenbank-Plugins. Die Implementierung basiert auf Code von LaMont Jones für Debian Linux. | ||
+ | * Ein OPT-IN Sicherheitsnetz zur selektiven Übernahme neuer Postfix-Standardeinstellungen. Wird nichts besonderes konfiguriert, | ||
+ | * Unterstützung für Operationen auf mehreren Lookup-Tabellen. Der Datenbanktyp pipemap: | ||
+ | * Unterstützung von Pseudotabellen, | ||
+ | * Tabellengesteuerte Transformation von DNS-Lookup-Ergebnissen sowie von Statuscodes und Nachrichten von Zustellern. Typischerweise würde man eine PCRE-Tabelle verwenden, um problematische DNS-Antworten zu beheben oder die Behandlung von Lieferfehlern zu beheben. Siehe smtp_dns_reply_filter, | ||
+ | * Verbesserte Konfigurationsdateisyntax mit Unterstützung für den ternären Operator wie ${name? | ||
+ | * Befehlsprofile pro Sitzung, die am Ende jeder eingehenden SMTP-Sitzung protokolliert werden. So wird beispielsweise ein Bot zum Raten von Passwörtern als " | ||
+ | |||
+ | ===== Installation ===== | ||
+ | Seit CentOS 6.0 wird als **MTA** Postfix installiert - aktuell ist dies der 2.10er Release. Im vorliegenden Konfigurationsbeispiel wollen wir uns aber im Detail mit der __aktuellen__ Version **V3** beschäftigen. Als Installationsquelle nutzen wie hierzu das [[centos: | ||
+ | |||
+ | ==== Repository nausch.org ==== | ||
+ | Damit nun bei der Installation und den späteren Updates nicht mehr den von CentOS 7 bereoitgestellen Postfix in der Version 2.10 sondern die aktuellere Version 3.x aus dem Repository nausch.org verwendet wird, passen wir die zugehörigen Konfigurationsdateien an. Als erstes exkludieren wir dei Postfix-Pakete aus dem CenbtOS-Base-Repository. Hierzu tragen wir die Option '' | ||
+ | # vim / | ||
+ | <file bash / | ||
+ | # | ||
+ | # This file uses a new mirrorlist system developed by Lance Davis for CentOS. | ||
+ | # The mirror system uses the connecting IP address of the client and the | ||
+ | # update status of each mirror to pick mirrors that are updated to and | ||
+ | # geographically close to the client. | ||
+ | # unless you are manually picking other mirrors. | ||
+ | # | ||
+ | # If the mirrorlist= does not work for you, as a fall back you can try the | ||
+ | # remarked out baseurl= line instead. | ||
+ | # | ||
+ | # Version für den Zugriff auf das lokale Centos-Repository | ||
+ | |||
+ | [base-LC] | ||
+ | name=CentOS-7 - Base | ||
+ | baseurl=http:// | ||
+ | priority=1 | ||
+ | exclude=postfix* | ||
+ | gpgcheck=1 | ||
+ | gpgkey=file:/// | ||
+ | |||
+ | #released updates | ||
+ | [updates-LC] | ||
+ | name=CentOS-7 - Updates | ||
+ | baseurl=http:// | ||
+ | priority=1 | ||
+ | exclude=postfix* | ||
+ | gpgcheck=1 | ||
+ | gpgkey=file:/// | ||
+ | |||
+ | #additional packages that may be useful | ||
+ | [extras-LC] | ||
+ | name=CentOS-7 - Extras | ||
+ | baseurl=http:// | ||
+ | priority=1 | ||
+ | gpgcheck=1 | ||
+ | enabled = 1 | ||
+ | gpgkey=file:/// | ||
+ | |||
+ | #additional packages that extend functionality of existing packages | ||
+ | [centosplus-LC] | ||
+ | name=CentOS-7 - Plus | ||
+ | baseurl=http:// | ||
+ | priority=2 | ||
+ | exclude=postfix* | ||
+ | gpgcheck=1 | ||
+ | enabled=1 | ||
+ | gpgkey=file:/// | ||
+ | </ | ||
+ | |||
+ | Als nächstes konfigurieren wir dann die Verwendung des Postfix 3.x-Relase aus dem Zweig **testing** des verwendeten Repositories **nausch.org**. Dazu passen wir die zugehörige Konfigurationsdatei wie folgt an: | ||
+ | # vim / | ||
+ | |||
+ | <file bash / | ||
+ | name=Extra (Mailserver-)Packages for Enterprise Linux 7 - | ||
+ | baseurl=http:// | ||
+ | priority=5 | ||
+ | enabled=1 | ||
+ | # Django : 2019-01-26 | ||
+ | # Postfix 3.x - Installation | ||
+ | exclude=postfix* | ||
+ | gpgcheck=1 | ||
+ | gpgkey=file:/// | ||
+ | |||
+ | |||
+ | [nausch.org-testing] | ||
+ | name=Testing (Mailserver-)Packages for Enterprise Linux 7 - | ||
+ | baseurl=http:// | ||
+ | priority=5 | ||
+ | # Django : 2019-01-26 | ||
+ | # Postfix 3.x - Installation | ||
+ | # default: enabled=0 | ||
+ | enabled=1 | ||
+ | gpgcheck=1 | ||
+ | gpgkey=file:/// | ||
+ | |||
+ | ==== Postfix 3.x ==== | ||
+ | Nun können wir den aktuellen Release von Postfix 3.x wie gewohnt mit Hilfe von **yum** einfach installieren. | ||
+ | # yum install postfix -y | ||
+ | |||
+ | Was uns das RPM-Paket alles mitgebracht hat, erkunden wir bei Bedarf mit Hilfe des Befehls **rpm -qil**. | ||
+ | # rpm -qil postfix | ||
+ | < | ||
+ | Epoch : 2 | ||
+ | Version | ||
+ | Release | ||
+ | Architecture: | ||
+ | Install Date: Sat 26 Jan 2019 07:04:46 PM CET | ||
+ | Group : System Environment/ | ||
+ | Size : 4217445 | ||
+ | License | ||
+ | Signature | ||
+ | Source RPM : postfix-3.3.2-1.el7.src.rpm | ||
+ | Build Date : Thu 17 Jan 2019 05:09:51 PM CET | ||
+ | Build Host : vml000137.dmz.nausch.org | ||
+ | Relocations : (not relocatable) | ||
+ | Packager | ||
+ | URL : http:// | ||
+ | Summary | ||
+ | Description : | ||
+ | Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), | ||
+ | TLS | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== Dokumentation ===== | ||
+ | Die Dokumentation zu unserem **MTA** finden wir wie gewohnt an Ort und Stelle im Verzeichnis // | ||
+ | < | ||
+ | ├── bounce.cf.default | ||
+ | ├── COMPATIBILITY | ||
+ | ├── examples | ||
+ | │ ├── chroot-setup | ||
+ | │ │ └── LINUX2 | ||
+ | │ ├── qmail-local | ||
+ | │ │ └── qmail-local.txt | ||
+ | │ └── smtpd-policy | ||
+ | │ | ||
+ | │ | ||
+ | ├── LICENSE | ||
+ | ├── main.cf.default | ||
+ | ├── README_FILES | ||
+ | │ ├── AAAREADME | ||
+ | │ ├── ADDRESS_CLASS_README | ||
+ | │ ├── ADDRESS_REWRITING_README | ||
+ | │ ├── ADDRESS_VERIFICATION_README | ||
+ | │ ├── BACKSCATTER_README | ||
+ | │ ├── BASIC_CONFIGURATION_README | ||
+ | │ ├── BUILTIN_FILTER_README | ||
+ | │ ├── COMPATIBILITY_README | ||
+ | │ ├── CONNECTION_CACHE_README | ||
+ | │ ├── CONTENT_INSPECTION_README | ||
+ | │ ├── DATABASE_README | ||
+ | │ ├── DB_README | ||
+ | │ ├── DEBUG_README | ||
+ | │ ├── DSN_README | ||
+ | │ ├── ETRN_README | ||
+ | │ ├── FILTER_README | ||
+ | │ ├── FORWARD_SECRECY_README | ||
+ | │ ├── INSTALL | ||
+ | │ ├── IPV6_README | ||
+ | │ ├── LINUX_README | ||
+ | │ ├── LOCAL_RECIPIENT_README | ||
+ | │ ├── MAILDROP_README | ||
+ | │ ├── MEMCACHE_README | ||
+ | │ ├── MILTER_README | ||
+ | │ ├── MULTI_INSTANCE_README | ||
+ | │ ├── NFS_README | ||
+ | │ ├── OVERVIEW | ||
+ | │ ├── PACKAGE_README | ||
+ | │ ├── POSTSCREEN_README | ||
+ | │ ├── QSHAPE_README | ||
+ | │ ├── RELEASE_NOTES | ||
+ | │ ├── RESTRICTION_CLASS_README | ||
+ | │ ├── SASL_README | ||
+ | │ ├── SCHEDULER_README | ||
+ | │ ├── SMTPD_ACCESS_README | ||
+ | │ ├── SMTPD_POLICY_README | ||
+ | │ ├── SMTPD_PROXY_README | ||
+ | │ ├── SOHO_README | ||
+ | │ ├── STANDARD_CONFIGURATION_README | ||
+ | │ ├── STRESS_README | ||
+ | │ ├── TLS_LEGACY_README | ||
+ | │ ├── TLS_README | ||
+ | │ ├── TUNING_README | ||
+ | │ ├── ULTRIX_README | ||
+ | │ ├── UUCP_README | ||
+ | │ ├── VERP_README | ||
+ | │ ├── VIRTUAL_README | ||
+ | │ ├── XCLIENT_README | ||
+ | │ └── XFORWARD_README | ||
+ | ├── README-Postfix-SASL-RedHat.txt | ||
+ | ├── TLS_ACKNOWLEDGEMENTS | ||
+ | └── TLS_LICENSE | ||
+ | </ | ||
+ | |||
+ | Wir tun also gutes daran uns diese Dokumente einzuverleiben bzw. bei Interesse heranzuziehen. | ||
+ | |||
+ | ===== Konfigurationsdateien ===== | ||
+ | Der Großteil der Konfiguration von Postfix erfolgt über die beiden Hauptkonfigurationsdateien **/ | ||
+ | |||
+ | < | ||
+ | ├── access | ||
+ | ├── canonical | ||
+ | ├── dynamicmaps.cf | ||
+ | ├── dynamicmaps.cf.d | ||
+ | ├── generic | ||
+ | ├── header_checks | ||
+ | ├── main.cf | ||
+ | ├── main.cf.proto | ||
+ | ├── master.cf | ||
+ | ├── master.cf.proto | ||
+ | ├── postfix-files | ||
+ | ├── relocated | ||
+ | ├── transport | ||
+ | └── virtual | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== master.cf ==== | ||
+ | Als erstes sehen wir uns die Hauptkonfigurationsdatei **/ | ||
+ | |||
+ | Die Steuerung der in der **[[centos: | ||
+ | Dieser Master-Prozess steuert und überwacht zum einen die einzelnen Postfix-Module, | ||
+ | |||
+ | <WRAP center round info> | ||
+ | Zur besseren Erklärung wurden die einzelnen Dienste und Befehle in der nachfolgenden Konfigurationsdatei mit **Links** zu den zugehörigen erklärenden Abschnitte der Wikiseite **[[centos: | ||
+ | </ | ||
+ | |||
+ | # vim / | ||
+ | |||
+ | <file bash / | ||
+ | # Postfix master process configuration file. For details on the format | ||
+ | # of the file, see the master(5) manual page (command: "man 5 master" | ||
+ | # on-line: http:// | ||
+ | # | ||
+ | # Do not forget to execute " | ||
+ | # | ||
+ | # ========================================================================== | ||
+ | # service type private unpriv | ||
+ | # | ||
+ | # ========================================================================== | ||
+ | smtp inet n | ||
+ | #smtp inet n | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | #submission inet n | ||
+ | # -o syslog_name=postfix/ | ||
+ | # -o smtpd_tls_security_level=encrypt | ||
+ | # -o smtpd_sasl_auth_enable=yes | ||
+ | # -o smtpd_tls_auth_only=yes | ||
+ | # -o smtpd_reject_unlisted_recipient=no | ||
+ | # -o smtpd_client_restrictions=$mua_client_restrictions | ||
+ | # -o smtpd_helo_restrictions=$mua_helo_restrictions | ||
+ | # -o smtpd_sender_restrictions=$mua_sender_restrictions | ||
+ | # -o smtpd_recipient_restrictions= | ||
+ | # -o smtpd_relay_restrictions=permit_sasl_authenticated, | ||
+ | # -o milter_macro_daemon_name=ORIGINATING | ||
+ | # | ||
+ | # -o syslog_name=postfix/ | ||
+ | # -o smtpd_tls_wrappermode=yes | ||
+ | # -o smtpd_sasl_auth_enable=yes | ||
+ | # -o smtpd_reject_unlisted_recipient=no | ||
+ | # -o smtpd_client_restrictions=$mua_client_restrictions | ||
+ | # -o smtpd_helo_restrictions=$mua_helo_restrictions | ||
+ | # -o smtpd_sender_restrictions=$mua_sender_restrictions | ||
+ | # -o smtpd_recipient_restrictions= | ||
+ | # -o smtpd_relay_restrictions=permit_sasl_authenticated, | ||
+ | # -o milter_macro_daemon_name=ORIGINATING | ||
+ | #628 | ||
+ | pickup | ||
+ | cleanup | ||
+ | qmgr unix n | ||
+ | #qmgr | ||
+ | tlsmgr | ||
+ | rewrite | ||
+ | bounce | ||
+ | defer | ||
+ | trace | ||
+ | verify | ||
+ | flush | ||
+ | proxymap | ||
+ | proxywrite unix - | ||
+ | smtp unix - | ||
+ | relay | ||
+ | -o syslog_name=postfix/ | ||
+ | # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 | ||
+ | showq | ||
+ | error | ||
+ | retry | ||
+ | discard | ||
+ | local | ||
+ | virtual | ||
+ | lmtp unix - | ||
+ | anvil | ||
+ | scache | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # Interfaces to non-Postfix software. Be sure to examine the manual | ||
+ | # pages of the non-Postfix software to find out what options it wants. | ||
+ | # | ||
+ | # Many of the following services use the Postfix pipe(8) delivery | ||
+ | # agent. | ||
+ | # and other message envelope options. | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # maildrop. See the Postfix MAILDROP_README file for details. | ||
+ | # Also specify in main.cf: maildrop_destination_recipient_limit=1 | ||
+ | # | ||
+ | # | ||
+ | # flags=DRhu user=vmail argv=/ | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # Recent Cyrus versions can use the existing " | ||
+ | # | ||
+ | # Specify in cyrus.conf: | ||
+ | # | ||
+ | # | ||
+ | # Specify in main.cf one or more of the following: | ||
+ | # mailbox_transport = lmtp: | ||
+ | # virtual_transport = lmtp: | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # Cyrus 2.1.5 (Amos Gouaux) | ||
+ | # Also specify in main.cf: cyrus_destination_recipient_limit=1 | ||
+ | # | ||
+ | # | ||
+ | # user=cyrus argv=/ | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # Old example of delivery via Cyrus. | ||
+ | # | ||
+ | #old-cyrus unix - | ||
+ | # flags=R user=cyrus argv=/ | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # See the Postfix UUCP_README file for configuration details. | ||
+ | # | ||
+ | #uucp unix - | ||
+ | # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) | ||
+ | # | ||
+ | # ==================================================================== | ||
+ | # | ||
+ | # Other external delivery methods. | ||
+ | # | ||
+ | # | ||
+ | # flags=F user=ftn argv=/ | ||
+ | # | ||
+ | # | ||
+ | # flags=Fq. user=bsmtp argv=/ | ||
+ | # | ||
+ | # | ||
+ | # flags=R user=scalemail argv=/ | ||
+ | # ${nexthop} ${user} ${extension} | ||
+ | # | ||
+ | # | ||
+ | # flags=FR user=list argv=/ | ||
+ | # ${nexthop} ${user}</ | ||
+ | |||
+ | ==== main.cf ==== | ||
+ | Die eigentliche Konfiguration unseres Postfix MTAs erfolgt mit Hilfe der Hauptkonfigurationsdatei **main.cf**. Diese Konfigurationsdatei ist durch die vielen sehr guten Dokumentationshinweise doch sehr angewachsen, | ||
+ | |||
+ | In der Standardkonfiguration sind alle wichtigen Parameter bereits mit einem Default-Wert vorbelegt. | ||
+ | |||
+ | So hat //Postfix **2.10**// __**816**__ Defaultparameter. | ||
+ | # postconf -d | grep mail_version | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | # postconf -d | wc -l | ||
+ | |||
+ | 816 | ||
+ | |||
+ | //Postfix **2.11**// bringt uns __**832**__ Defaultparameter mit. | ||
+ | # postconf -d | grep mail_version | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | # postconf -d | wc -l | ||
+ | |||
+ | 847 | ||
+ | |||
+ | Bei der neuen aktuellen Version **//3.x//** von Postfix erhöhte sich bedingt durch die zusätzlichen Features abermals die Anzahl der Defaultparameter auf __**885**__. | ||
+ | # postconf -d | grep mail_version | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | # postconf -d | wc -l | ||
+ | |||
+ | 895 | ||
+ | |||
+ | |||
+ | Werfen wir einfach einen Blick in diese Hauptkonfigurationmsdatei // | ||
+ | # less / | ||
+ | <file bash / | ||
+ | # of all parameters. For the syntax, and for a complete parameter | ||
+ | # list, see the postconf(5) manual page (command: "man 5 postconf" | ||
+ | # | ||
+ | # For common configuration examples, see BASIC_CONFIGURATION_README | ||
+ | # and STANDARD_CONFIGURATION_README. To find these documents, use | ||
+ | # the command " | ||
+ | # http:// | ||
+ | # | ||
+ | # For best results, change no more than 2-3 parameters at a time, | ||
+ | # and test if Postfix still works after every change. | ||
+ | |||
+ | # COMPATIBILITY | ||
+ | # | ||
+ | # The compatibility_level determines what default settings Postfix | ||
+ | # will use for main.cf and master.cf settings. These defaults will | ||
+ | # change over time. | ||
+ | # | ||
+ | # To avoid breaking things, Postfix will use backwards-compatible | ||
+ | # default settings and log where it uses those old backwards-compatible | ||
+ | # default settings, until the system administrator has determined | ||
+ | # if any backwards-compatible default settings need to be made | ||
+ | # permanent in main.cf or master.cf. | ||
+ | # | ||
+ | # When this review is complete, update the compatibility_level setting | ||
+ | # below as recommended in the RELEASE_NOTES file. | ||
+ | # | ||
+ | # The level below is what should be used with new (not upgrade) installs. | ||
+ | # | ||
+ | compatibility_level = 2 | ||
+ | |||
+ | # SOFT BOUNCE | ||
+ | # | ||
+ | # The soft_bounce parameter provides a limited safety net for | ||
+ | # testing. | ||
+ | # would otherwise bounce. This parameter disables locally-generated | ||
+ | # bounces, and prevents the SMTP server from rejecting mail permanently | ||
+ | # (by changing 5xx replies into 4xx replies). However, soft_bounce | ||
+ | # is no cure for address rewriting mistakes or mail routing mistakes. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # LOCAL PATHNAME INFORMATION | ||
+ | # | ||
+ | # The queue_directory specifies the location of the Postfix queue. | ||
+ | # This is also the root directory of Postfix daemons that run chrooted. | ||
+ | # See the files in examples/ | ||
+ | # environments on different UNIX systems. | ||
+ | # | ||
+ | queue_directory = / | ||
+ | |||
+ | # The command_directory parameter specifies the location of all | ||
+ | # postXXX commands. | ||
+ | # | ||
+ | command_directory = /usr/sbin | ||
+ | |||
+ | # The daemon_directory parameter specifies the location of all Postfix | ||
+ | # daemon programs (i.e. programs listed in the master.cf file). This | ||
+ | # directory must be owned by root. | ||
+ | # | ||
+ | daemon_directory = / | ||
+ | |||
+ | # The data_directory parameter specifies the location of Postfix-writable | ||
+ | # data files (caches, random numbers). This directory must be owned | ||
+ | # by the mail_owner account (see below). | ||
+ | # | ||
+ | data_directory = / | ||
+ | |||
+ | # QUEUE AND PROCESS OWNERSHIP | ||
+ | # | ||
+ | # The mail_owner parameter specifies the owner of the Postfix queue | ||
+ | # and of most Postfix daemon processes. | ||
+ | # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS | ||
+ | # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. | ||
+ | # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED | ||
+ | # USER. | ||
+ | # | ||
+ | mail_owner = postfix | ||
+ | |||
+ | # The default_privs parameter specifies the default rights used by | ||
+ | # the local delivery agent for delivery to external file or command. | ||
+ | # These rights are used in the absence of a recipient user context. | ||
+ | # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # INTERNET HOST AND DOMAIN NAMES | ||
+ | # | ||
+ | # The myhostname parameter specifies the internet hostname of this | ||
+ | # mail system. The default is to use the fully-qualified domain name | ||
+ | # from gethostname(). $myhostname is used as a default value for many | ||
+ | # other configuration parameters. | ||
+ | # | ||
+ | #myhostname = host.domain.tld | ||
+ | #myhostname = virtual.domain.tld | ||
+ | |||
+ | # The mydomain parameter specifies the local internet domain name. | ||
+ | # The default is to use $myhostname minus the first component. | ||
+ | # $mydomain is used as a default value for many other configuration | ||
+ | # parameters. | ||
+ | # | ||
+ | #mydomain = domain.tld | ||
+ | |||
+ | # SENDING MAIL | ||
+ | # | ||
+ | # The myorigin parameter specifies the domain that locally-posted | ||
+ | # mail appears to come from. The default is to append $myhostname, | ||
+ | # which is fine for small sites. | ||
+ | # machines, you should (1) change this to $mydomain and (2) set up | ||
+ | # a domain-wide alias database that aliases each user to | ||
+ | # user@that.users.mailhost. | ||
+ | # | ||
+ | # For the sake of consistency between sender and recipient addresses, | ||
+ | # myorigin also specifies the default domain name that is appended | ||
+ | # to recipient addresses that have no @domain part. | ||
+ | # | ||
+ | #myorigin = $myhostname | ||
+ | #myorigin = $mydomain | ||
+ | |||
+ | # RECEIVING MAIL | ||
+ | |||
+ | # The inet_interfaces parameter specifies the network interface | ||
+ | # addresses that this mail system receives mail on. By default, | ||
+ | # the software claims all active interfaces on the machine. The | ||
+ | # parameter also controls delivery of mail to user@[ip.address]. | ||
+ | # | ||
+ | # See also the proxy_interfaces parameter, for network addresses that | ||
+ | # are forwarded to us via a proxy or network address translator. | ||
+ | # | ||
+ | # Note: you need to stop/start Postfix when this parameter changes. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | inet_interfaces = localhost | ||
+ | |||
+ | # Enable IPv4, and IPv6 if supported | ||
+ | # | ||
+ | |||
+ | # The proxy_interfaces parameter specifies the network interface | ||
+ | # addresses that this mail system receives mail on by way of a | ||
+ | # proxy or network address translation unit. This setting extends | ||
+ | # the address list specified with the inet_interfaces parameter. | ||
+ | # | ||
+ | # You must specify your proxy/NAT addresses when your system is a | ||
+ | # backup MX host for other domains, otherwise mail delivery loops | ||
+ | # will happen when the primary MX host is down. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The mydestination parameter specifies the list of domains that this | ||
+ | # machine considers itself the final destination for. | ||
+ | # | ||
+ | # These domains are routed to the delivery agent specified with the | ||
+ | # local_transport parameter setting. By default, that is the UNIX | ||
+ | # compatible delivery agent that lookups all recipients in /etc/passwd | ||
+ | # and / | ||
+ | # | ||
+ | # The default is $myhostname + localhost.$mydomain + localhost. | ||
+ | # a mail domain gateway, you should also include $mydomain. | ||
+ | # | ||
+ | # Do not specify the names of virtual domains - those domains are | ||
+ | # specified elsewhere (see VIRTUAL_README). | ||
+ | # | ||
+ | # Do not specify the names of domains that this machine is backup MX | ||
+ | # host for. Specify those names via the relay_domains settings for | ||
+ | # the SMTP server, or use permit_mx_backup if you are lazy (see | ||
+ | # STANDARD_CONFIGURATION_README). | ||
+ | # | ||
+ | # The local machine is always the final destination for mail addressed | ||
+ | # to user@[the.net.work.address] of an interface that the mail system | ||
+ | # receives mail on (see the inet_interfaces parameter). | ||
+ | # | ||
+ | # Specify a list of host or domain names, /file/name or type:table | ||
+ | # patterns, separated by commas and/or whitespace. A /file/name | ||
+ | # pattern is replaced by its contents; a type:table is matched when | ||
+ | # a name matches a lookup key (the right-hand side is ignored). | ||
+ | # Continue long lines by starting the next line with whitespace. | ||
+ | # | ||
+ | # See also below, section " | ||
+ | # | ||
+ | mydestination = $myhostname, | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # REJECTING MAIL FOR UNKNOWN LOCAL USERS | ||
+ | # | ||
+ | # The local_recipient_maps parameter specifies optional lookup tables | ||
+ | # with all names or addresses of users that are local with respect | ||
+ | # to $mydestination, | ||
+ | # | ||
+ | # If this parameter is defined, then the SMTP server will reject | ||
+ | # mail for unknown local users. This parameter is defined by default. | ||
+ | # | ||
+ | # To turn off local recipient checking in the SMTP server, specify | ||
+ | # local_recipient_maps = (i.e. empty). | ||
+ | # | ||
+ | # The default setting assumes that you use the default Postfix local | ||
+ | # delivery agent for local delivery. You need to update the | ||
+ | # local_recipient_maps setting if: | ||
+ | # | ||
+ | # - You define $mydestination domain recipients in files other than | ||
+ | # / | ||
+ | # For example, you define $mydestination domain recipients in | ||
+ | # the $virtual_mailbox_maps files. | ||
+ | # | ||
+ | # - You redefine the local delivery agent in master.cf. | ||
+ | # | ||
+ | # - You redefine the " | ||
+ | # | ||
+ | # - You use the " | ||
+ | # | ||
+ | # | ||
+ | # Details are described in the LOCAL_RECIPIENT_README file. | ||
+ | # | ||
+ | # Beware: if the Postfix SMTP server runs chrooted, you probably have | ||
+ | # to access the passwd file via the proxymap service, in order to | ||
+ | # overcome chroot restrictions. The alternative, | ||
+ | # the system passwd file in the chroot jail is just not practical. | ||
+ | # | ||
+ | # The right-hand side of the lookup tables is conveniently ignored. | ||
+ | # In the left-hand side, specify a bare username, an @domain.tld | ||
+ | # wild-card, or specify a user@domain.tld address. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The unknown_local_recipient_reject_code specifies the SMTP server | ||
+ | # response code when a recipient domain matches $mydestination or | ||
+ | # ${proxy, | ||
+ | # and the recipient address or address local-part is not found. | ||
+ | # | ||
+ | # The default setting is 550 (reject mail) but it is safer to start | ||
+ | # with 450 (try again later) until you are certain that your | ||
+ | # local_recipient_maps settings are OK. | ||
+ | # | ||
+ | unknown_local_recipient_reject_code = 550 | ||
+ | |||
+ | # TRUST AND RELAY CONTROL | ||
+ | |||
+ | # The mynetworks parameter specifies the list of " | ||
+ | # clients that have more privileges than " | ||
+ | # | ||
+ | # In particular, " | ||
+ | # through Postfix. | ||
+ | # in postconf(5). | ||
+ | # | ||
+ | # You can specify the list of " | ||
+ | # or you can let Postfix do it for you (which is the default). | ||
+ | # | ||
+ | # By default (mynetworks_style = subnet), Postfix " | ||
+ | # clients in the same IP subnetworks as the local machine. | ||
+ | # On Linux, this does works correctly only with interfaces specified | ||
+ | # with the " | ||
+ | # | ||
+ | # Specify " | ||
+ | # clients in the same IP class A/B/C networks as the local machine. | ||
+ | # Don't do this with a dialup site - it would cause Postfix to " | ||
+ | # your entire provider' | ||
+ | # mynetworks list by hand, as described below. | ||
+ | # | ||
+ | # Specify " | ||
+ | # only the local machine. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Alternatively, | ||
+ | # which case Postfix ignores the mynetworks_style setting. | ||
+ | # | ||
+ | # Specify an explicit list of network/ | ||
+ | # mask specifies the number of bits in the network part of a host | ||
+ | # address. | ||
+ | # | ||
+ | # You can also specify the absolute pathname of a pattern file instead | ||
+ | # of listing the patterns here. Specify type:table for table-based lookups | ||
+ | # (the value on the table right-hand side is not used). | ||
+ | # | ||
+ | #mynetworks = 168.100.189.0/ | ||
+ | #mynetworks = $config_directory/ | ||
+ | #mynetworks = hash:/ | ||
+ | |||
+ | # The relay_domains parameter restricts what destinations this system will | ||
+ | # relay mail to. See the smtpd_recipient_restrictions description in | ||
+ | # postconf(5) for detailed information. | ||
+ | # | ||
+ | # By default, Postfix relays mail | ||
+ | # - from " | ||
+ | # - from " | ||
+ | # | ||
+ | # The default relay_domains value is $mydestination. | ||
+ | # | ||
+ | # In addition to the above, the Postfix SMTP server by default accepts mail | ||
+ | # that Postfix is final destination for: | ||
+ | # - destinations that match $inet_interfaces or $proxy_interfaces, | ||
+ | # - destinations that match $mydestination | ||
+ | # - destinations that match $virtual_alias_domains, | ||
+ | # - destinations that match $virtual_mailbox_domains. | ||
+ | # These destinations do not need to be listed in $relay_domains. | ||
+ | # | ||
+ | # Specify a list of hosts or domains, /file/name patterns or type:name | ||
+ | # lookup tables, separated by commas and/or whitespace. | ||
+ | # long lines by starting the next line with whitespace. A file name | ||
+ | # is replaced by its contents; a type:name table is matched when a | ||
+ | # (parent) domain appears as lookup key. | ||
+ | # | ||
+ | # NOTE: Postfix will not automatically forward mail for domains that | ||
+ | # list this system as their primary or backup MX host. See the | ||
+ | # permit_mx_backup restriction description in postconf(5). | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # INTERNET OR INTRANET | ||
+ | |||
+ | # The relayhost parameter specifies the default host to send mail to | ||
+ | # when no entry is matched in the optional transport(5) table. When | ||
+ | # no relayhost is given, mail is routed directly to the destination. | ||
+ | # | ||
+ | # On an intranet, specify the organizational domain name. If your | ||
+ | # internal DNS uses no MX records, specify the name of the intranet | ||
+ | # gateway host instead. | ||
+ | # | ||
+ | # In the case of SMTP, specify a domain, host, host:port, [host]: | ||
+ | # [address] or [address]: | ||
+ | # | ||
+ | # If you're connected via UUCP, see also the default_transport parameter. | ||
+ | # | ||
+ | #relayhost = $mydomain | ||
+ | #relayhost = [gateway.my.domain] | ||
+ | #relayhost = [mailserver.isp.tld] | ||
+ | #relayhost = uucphost | ||
+ | #relayhost = [an.ip.add.ress] | ||
+ | |||
+ | # REJECTING UNKNOWN RELAY USERS | ||
+ | # | ||
+ | # The relay_recipient_maps parameter specifies optional lookup tables | ||
+ | # with all addresses in the domains that match $relay_domains. | ||
+ | # | ||
+ | # If this parameter is defined, then the SMTP server will reject | ||
+ | # mail for unknown relay users. This feature is off by default. | ||
+ | # | ||
+ | # The right-hand side of the lookup tables is conveniently ignored. | ||
+ | # In the left-hand side, specify an @domain.tld wild-card, or specify | ||
+ | # a user@domain.tld address. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # INPUT RATE CONTROL | ||
+ | # | ||
+ | # The in_flow_delay configuration parameter implements mail input | ||
+ | # flow control. This feature is turned on by default, although it | ||
+ | # still needs further development (it's disabled on SCO UNIX due | ||
+ | # to an SCO bug). | ||
+ | # | ||
+ | # A Postfix process will pause for $in_flow_delay seconds before | ||
+ | # accepting a new message, when the message arrival rate exceeds the | ||
+ | # message delivery rate. With the default 100 SMTP server process | ||
+ | # limit, this limits the mail inflow to 100 messages a second more | ||
+ | # than the number of messages delivered per second. | ||
+ | # | ||
+ | # Specify 0 to disable the feature. Valid delays are 0..10. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # ADDRESS REWRITING | ||
+ | # | ||
+ | # The ADDRESS_REWRITING_README document gives information about | ||
+ | # address masquerading or other forms of address rewriting including | ||
+ | # username-> | ||
+ | |||
+ | # ADDRESS REDIRECTION (VIRTUAL DOMAIN) | ||
+ | # | ||
+ | # The VIRTUAL_README document gives information about the many forms | ||
+ | # of domain hosting that Postfix supports. | ||
+ | |||
+ | # "USER HAS MOVED" BOUNCE MESSAGES | ||
+ | # | ||
+ | # See the discussion in the ADDRESS_REWRITING_README document. | ||
+ | |||
+ | # TRANSPORT MAP | ||
+ | # | ||
+ | # See the discussion in the ADDRESS_REWRITING_README document. | ||
+ | |||
+ | # ALIAS DATABASE | ||
+ | # | ||
+ | # The alias_maps parameter specifies the list of alias databases used | ||
+ | # by the local delivery agent. The default list is system dependent. | ||
+ | # | ||
+ | # On systems with NIS, the default is to search the local alias | ||
+ | # database, then the NIS alias database. See aliases(5) for syntax | ||
+ | # details. | ||
+ | # | ||
+ | # If you change the alias database, run " | ||
+ | # wherever your system stores the mail alias file), or simply run | ||
+ | # " | ||
+ | # | ||
+ | # It will take a minute or so before changes become visible. | ||
+ | # " | ||
+ | # | ||
+ | #alias_maps = dbm:/ | ||
+ | alias_maps = hash:/ | ||
+ | #alias_maps = hash:/ | ||
+ | #alias_maps = netinfo:/ | ||
+ | |||
+ | # The alias_database parameter specifies the alias database(s) that | ||
+ | # are built with " | ||
+ | # configuration parameter, because alias_maps (see above) may specify | ||
+ | # tables that are not necessarily all under control by Postfix. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | alias_database = hash:/ | ||
+ | # | ||
+ | |||
+ | # ADDRESS EXTENSIONS (e.g., user+foo) | ||
+ | # | ||
+ | # The recipient_delimiter parameter specifies the separator between | ||
+ | # user names and address extensions (user+foo). See canonical(5), | ||
+ | # local(8), relocated(5) and virtual(5) for the effects this has on | ||
+ | # aliases, canonical, virtual, relocated and .forward file lookups. | ||
+ | # Basically, the software tries user+foo and .forward+foo before | ||
+ | # trying user and .forward. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # DELIVERY TO MAILBOX | ||
+ | # | ||
+ | # The home_mailbox parameter specifies the optional pathname of a | ||
+ | # mailbox file relative to a user's home directory. The default | ||
+ | # mailbox file is / | ||
+ | # " | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The mail_spool_directory parameter specifies the directory where | ||
+ | # UNIX-style mailboxes are kept. The default setting depends on the | ||
+ | # system type. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The mailbox_command parameter specifies the optional external | ||
+ | # command to use instead of mailbox delivery. The command is run as | ||
+ | # the recipient with proper HOME, SHELL and LOGNAME environment settings. | ||
+ | # Exception: | ||
+ | # | ||
+ | # Other environment variables of interest: USER (recipient username), | ||
+ | # EXTENSION (address extension), DOMAIN (domain part of address), | ||
+ | # and LOCAL (the address localpart). | ||
+ | # | ||
+ | # Unlike other Postfix configuration parameters, the mailbox_command | ||
+ | # parameter is not subjected to $parameter substitutions. This is to | ||
+ | # make it easier to specify shell syntax (see example below). | ||
+ | # | ||
+ | # Avoid shell meta characters because they will force Postfix to run | ||
+ | # an expensive shell process. Procmail alone is expensive enough. | ||
+ | # | ||
+ | # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, | ||
+ | # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The mailbox_transport specifies the optional transport in master.cf | ||
+ | # to use after processing aliases and .forward files. This parameter | ||
+ | # has precedence over the mailbox_command, | ||
+ | # luser_relay parameters. | ||
+ | # | ||
+ | # Specify a string of the form transport: | ||
+ | # the name of a mail delivery transport defined in master.cf. | ||
+ | # :nexthop part is optional. For more details see the sample transport | ||
+ | # configuration file. | ||
+ | # | ||
+ | # NOTE: if you use this feature for accounts not in the UNIX password | ||
+ | # file, then you must update the " | ||
+ | # the main.cf file, otherwise the SMTP server will reject mail for | ||
+ | # non-UNIX accounts with "User unknown in local recipient table" | ||
+ | # | ||
+ | # Cyrus IMAP over LMTP. Specify ``lmtpunix | ||
+ | # listen="/ | ||
+ | # | ||
+ | |||
+ | # If using the cyrus-imapd IMAP server deliver local mail to the IMAP | ||
+ | # server using LMTP (Local Mail Transport Protocol), this is prefered | ||
+ | # over the older cyrus deliver program by setting the | ||
+ | # mailbox_transport as below: | ||
+ | # | ||
+ | # mailbox_transport = lmtp: | ||
+ | # | ||
+ | # The efficiency of LMTP delivery for cyrus-imapd can be enhanced via | ||
+ | # these settings. | ||
+ | # | ||
+ | # local_destination_recipient_limit = 300 | ||
+ | # local_destination_concurrency_limit = 5 | ||
+ | # | ||
+ | # Of course you should adjust these settings as appropriate for the | ||
+ | # capacity of the hardware you are using. The recipient limit setting | ||
+ | # can be used to take advantage of the single instance message store | ||
+ | # capability of Cyrus. The concurrency limit can be used to control | ||
+ | # how many simultaneous LMTP sessions will be permitted to the Cyrus | ||
+ | # message store. | ||
+ | # | ||
+ | # Cyrus IMAP via command line. Uncomment the " | ||
+ | # subsequent line in master.cf. | ||
+ | # | ||
+ | |||
+ | # The fallback_transport specifies the optional transport in master.cf | ||
+ | # to use for recipients that are not found in the UNIX passwd database. | ||
+ | # This parameter has precedence over the luser_relay parameter. | ||
+ | # | ||
+ | # Specify a string of the form transport: | ||
+ | # the name of a mail delivery transport defined in master.cf. | ||
+ | # :nexthop part is optional. For more details see the sample transport | ||
+ | # configuration file. | ||
+ | # | ||
+ | # NOTE: if you use this feature for accounts not in the UNIX password | ||
+ | # file, then you must update the " | ||
+ | # the main.cf file, otherwise the SMTP server will reject mail for | ||
+ | # non-UNIX accounts with "User unknown in local recipient table" | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The luser_relay parameter specifies an optional destination address | ||
+ | # for unknown recipients. | ||
+ | # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned | ||
+ | # as undeliverable. | ||
+ | # | ||
+ | # The following expansions are done on luser_relay: | ||
+ | # username), $shell (recipient shell), $home (recipient home directory), | ||
+ | # $recipient (full recipient address), $extension (recipient address | ||
+ | # extension), $domain (recipient domain), $local (entire recipient | ||
+ | # localpart), $recipient_delimiter. Specify ${name? | ||
+ | # ${name: | ||
+ | # | ||
+ | # luser_relay works only for the default Postfix local delivery agent. | ||
+ | # | ||
+ | # NOTE: if you use this feature for accounts not in the UNIX password | ||
+ | # file, then you must specify " | ||
+ | # the main.cf file, otherwise the SMTP server will reject mail for | ||
+ | # non-UNIX accounts with "User unknown in local recipient table" | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | | ||
+ | # JUNK MAIL CONTROLS | ||
+ | # | ||
+ | # The controls listed here are only a very small subset. The file | ||
+ | # SMTPD_ACCESS_README provides an overview. | ||
+ | |||
+ | # The header_checks parameter specifies an optional table with patterns | ||
+ | # that each logical message header is matched against, including | ||
+ | # headers that span multiple physical lines. | ||
+ | # | ||
+ | # By default, these patterns also apply to MIME headers and to the | ||
+ | # headers of attached messages. With older Postfix versions, MIME and | ||
+ | # attached message headers were treated as body text. | ||
+ | # | ||
+ | # For details, see "man header_checks" | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # FAST ETRN SERVICE | ||
+ | # | ||
+ | # Postfix maintains per-destination logfiles with information about | ||
+ | # deferred mail, so that mail can be flushed quickly with the SMTP | ||
+ | # "ETRN domain.tld" | ||
+ | # See the ETRN_README document for a detailed description. | ||
+ | # | ||
+ | # The fast_flush_domains parameter controls what destinations are | ||
+ | # eligible for this service. By default, they are all domains that | ||
+ | # this server is willing to relay mail to. | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # SHOW SOFTWARE VERSION OR NOT | ||
+ | # | ||
+ | # The smtpd_banner parameter specifies the text that follows the 220 | ||
+ | # code in the SMTP server' | ||
+ | # the mail version advertised. By default, Postfix shows no version. | ||
+ | # | ||
+ | # You MUST specify $myhostname at the start of the text. That is an | ||
+ | # RFC requirement. Postfix itself does not care. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # PARALLEL DELIVERY TO THE SAME DESTINATION | ||
+ | # | ||
+ | # How many parallel deliveries to the same user or domain? With local | ||
+ | # delivery, it does not make sense to do massively parallel delivery | ||
+ | # to the same user, because mailbox updates must happen sequentially, | ||
+ | # and expensive pipelines in .forward files can cause disasters when | ||
+ | # too many are run at the same time. With SMTP deliveries, 10 | ||
+ | # simultaneous connections to the same domain could be sufficient to | ||
+ | # raise eyebrows. | ||
+ | # | ||
+ | # Each message delivery transport has its XXX_destination_concurrency_limit | ||
+ | # parameter. | ||
+ | # most delivery transports. For the local delivery agent the default is 2. | ||
+ | |||
+ | # | ||
+ | # | ||
+ | |||
+ | # DEBUGGING CONTROL | ||
+ | # | ||
+ | # The debug_peer_level parameter specifies the increment in verbose | ||
+ | # logging level when an SMTP client or server host name or address | ||
+ | # matches a pattern in the debug_peer_list parameter. | ||
+ | # | ||
+ | debug_peer_level = 2 | ||
+ | |||
+ | # The debug_peer_list parameter specifies an optional list of domain | ||
+ | # or network patterns, /file/name patterns or type:name tables. When | ||
+ | # an SMTP client or server host name or address matches a pattern, | ||
+ | # increase the verbose logging level by the amount specified in the | ||
+ | # debug_peer_level parameter. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # The debugger_command specifies the external command that is executed | ||
+ | # when a Postfix daemon program is run with the -D option. | ||
+ | # | ||
+ | # Use " | ||
+ | # the process marches on. If you use an X-based debugger, be sure to | ||
+ | # set up your XAUTHORITY environment variable before starting Postfix. | ||
+ | # | ||
+ | debugger_command = | ||
+ | PATH=/ | ||
+ | ddd $daemon_directory/ | ||
+ | |||
+ | # If you can't use X, use this to capture the call stack when a | ||
+ | # daemon crashes. The result is in a file in the configuration | ||
+ | # directory, and is named after the process name and the process ID. | ||
+ | # | ||
+ | # debugger_command = | ||
+ | # | ||
+ | # echo where) | gdb $daemon_directory/ | ||
+ | # | ||
+ | # | ||
+ | # Another possibility is to run gdb under a detached screen session. | ||
+ | # To attach to the screen session, su root and run " | ||
+ | # < | ||
+ | # sessions (from " | ||
+ | # | ||
+ | # debugger_command = | ||
+ | # | ||
+ | # -dmS $process_name gdb $daemon_directory/ | ||
+ | # | ||
+ | |||
+ | # INSTALL-TIME CONFIGURATION INFORMATION | ||
+ | # | ||
+ | # The following parameters are used when installing a new Postfix version. | ||
+ | # | ||
+ | # sendmail_path: | ||
+ | # This is the Sendmail-compatible mail posting interface. | ||
+ | # | ||
+ | sendmail_path = / | ||
+ | |||
+ | # newaliases_path: | ||
+ | # This is the Sendmail-compatible command to build alias databases. | ||
+ | # | ||
+ | newaliases_path = / | ||
+ | |||
+ | # mailq_path: The full pathname of the Postfix mailq command. | ||
+ | # is the Sendmail-compatible mail queue listing command. | ||
+ | # | ||
+ | mailq_path = / | ||
+ | |||
+ | # setgid_group: | ||
+ | # commands. | ||
+ | # is not shared with other accounts, not even with the Postfix account. | ||
+ | # | ||
+ | setgid_group = postdrop | ||
+ | |||
+ | # html_directory: | ||
+ | # | ||
+ | html_directory = no | ||
+ | |||
+ | # manpage_directory: | ||
+ | # | ||
+ | manpage_directory = / | ||
+ | |||
+ | # sample_directory: | ||
+ | # This parameter is obsolete as of Postfix 2.1. | ||
+ | # | ||
+ | sample_directory = / | ||
+ | |||
+ | # readme_directory: | ||
+ | # | ||
+ | readme_directory = / | ||
+ | meta_directory = / | ||
+ | shlib_directory = / | ||
+ | |||
+ | Mit Hilfe des Programms **postconf** können wir während des laufenden Betriebes einzelnen Parameter, abfragen und auch ändern. Wollen wir uns alle Definitionen ansehen, die von den Standardvorgaben abweichen, verwenden wir den folgenden Aufruf: | ||
+ | # postconf -n | ||
+ | <code bash> | ||
+ | alias_maps = hash:/ | ||
+ | command_directory = /usr/sbin | ||
+ | compatibility_level = 2 | ||
+ | daemon_directory = / | ||
+ | data_directory = / | ||
+ | debug_peer_level = 2 | ||
+ | debugger_command = PATH=/ | ||
+ | html_directory = no | ||
+ | inet_interfaces = localhost | ||
+ | mail_owner = postfix | ||
+ | mailq_path = / | ||
+ | manpage_directory = / | ||
+ | meta_directory = / | ||
+ | mydestination = $myhostname, | ||
+ | newaliases_path = / | ||
+ | queue_directory = / | ||
+ | readme_directory = / | ||
+ | sample_directory = / | ||
+ | sendmail_path = / | ||
+ | setgid_group = postdrop | ||
+ | shlib_directory = / | ||
+ | unknown_local_recipient_reject_code = 550 | ||
+ | </ | ||
+ | |||
+ | Wollen wir uns alle Standard-Definitionen ansehen verwenden wir den folgenden Aufruf: | ||
+ | # postconf -d | ||
+ | |||
+ | < | ||
+ | access_map_defer_code = 450 | ||
+ | access_map_reject_code = 554 | ||
+ | address_verify_cache_cleanup_interval = 12h | ||
+ | address_verify_default_transport = $default_transport | ||
+ | address_verify_local_transport = $local_transport | ||
+ | address_verify_map = btree: | ||
+ | address_verify_negative_cache = yes | ||
+ | address_verify_negative_expire_time = 3d | ||
+ | address_verify_negative_refresh_time = 3h | ||
+ | address_verify_pending_request_limit = 5000 | ||
+ | address_verify_poll_count = ${stress? | ||
+ | address_verify_poll_delay = 3s | ||
+ | address_verify_positive_expire_time = 31d | ||
+ | address_verify_positive_refresh_time = 7d | ||
+ | address_verify_relay_transport = $relay_transport | ||
+ | address_verify_relayhost = $relayhost | ||
+ | address_verify_sender = $double_bounce_sender | ||
+ | address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps | ||
+ | address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps | ||
+ | address_verify_sender_ttl = 0s | ||
+ | address_verify_service_name = verify | ||
+ | address_verify_transport_maps = $transport_maps | ||
+ | address_verify_virtual_transport = $virtual_transport | ||
+ | alias_database = hash:/ | ||
+ | alias_maps = hash:/ | ||
+ | allow_mail_to_commands = alias, forward | ||
+ | allow_mail_to_files = alias, forward | ||
+ | allow_min_user = no | ||
+ | allow_percent_hack = yes | ||
+ | allow_untrusted_routing = no | ||
+ | alternate_config_directories = | ||
+ | always_add_missing_headers = no | ||
+ | always_bcc = | ||
+ | anvil_rate_time_unit = 60s | ||
+ | anvil_status_update_time = 600s | ||
+ | append_at_myorigin = yes | ||
+ | append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}} | ||
+ | application_event_drain_time = 100s | ||
+ | authorized_flush_users = static: | ||
+ | authorized_mailq_users = static: | ||
+ | authorized_submit_users = static: | ||
+ | backwards_bounce_logfile_compatibility = yes | ||
+ | berkeley_db_create_buffer_size = 16777216 | ||
+ | berkeley_db_read_buffer_size = 131072 | ||
+ | best_mx_transport = | ||
+ | biff = yes | ||
+ | body_checks = | ||
+ | body_checks_size_limit = 51200 | ||
+ | bounce_notice_recipient = postmaster | ||
+ | bounce_queue_lifetime = 5d | ||
+ | bounce_service_name = bounce | ||
+ | bounce_size_limit = 50000 | ||
+ | bounce_template_file = | ||
+ | broken_sasl_auth_clients = no | ||
+ | canonical_classes = envelope_sender, | ||
+ | canonical_maps = | ||
+ | cleanup_service_name = cleanup | ||
+ | command_directory = /usr/sbin | ||
+ | command_execution_directory = | ||
+ | command_expansion_filter = 1234567890!@%-_=+:, | ||
+ | command_time_limit = 1000s | ||
+ | compatibility_level = 0 | ||
+ | config_directory = / | ||
+ | confirm_delay_cleared = no | ||
+ | connection_cache_protocol_timeout = 5s | ||
+ | connection_cache_service_name = scache | ||
+ | connection_cache_status_update_time = 600s | ||
+ | connection_cache_ttl_limit = 2s | ||
+ | content_filter = | ||
+ | cyrus_sasl_config_path = | ||
+ | daemon_directory = / | ||
+ | daemon_table_open_error_is_fatal = no | ||
+ | daemon_timeout = 18000s | ||
+ | data_directory = / | ||
+ | debug_peer_level = 2 | ||
+ | debug_peer_list = | ||
+ | debugger_command = | ||
+ | default_database_type = hash | ||
+ | default_delivery_slot_cost = 5 | ||
+ | default_delivery_slot_discount = 50 | ||
+ | default_delivery_slot_loan = 3 | ||
+ | default_delivery_status_filter = | ||
+ | default_destination_concurrency_failed_cohort_limit = 1 | ||
+ | default_destination_concurrency_limit = 20 | ||
+ | default_destination_concurrency_negative_feedback = 1 | ||
+ | default_destination_concurrency_positive_feedback = 1 | ||
+ | default_destination_rate_delay = 0s | ||
+ | default_destination_recipient_limit = 50 | ||
+ | default_extra_recipient_limit = 1000 | ||
+ | default_filter_nexthop = | ||
+ | default_minimum_delivery_slots = 3 | ||
+ | default_privs = nobody | ||
+ | default_process_limit = 100 | ||
+ | default_rbl_reply = $rbl_code Service unavailable; | ||
+ | default_recipient_limit = 20000 | ||
+ | default_recipient_refill_delay = 5s | ||
+ | default_recipient_refill_limit = 100 | ||
+ | default_transport = smtp | ||
+ | default_transport_rate_delay = 0s | ||
+ | default_verp_delimiters = += | ||
+ | defer_code = 450 | ||
+ | defer_service_name = defer | ||
+ | defer_transports = | ||
+ | delay_logging_resolution_limit = 2 | ||
+ | delay_notice_recipient = postmaster | ||
+ | delay_warning_time = 0h | ||
+ | deliver_lock_attempts = 20 | ||
+ | deliver_lock_delay = 1s | ||
+ | destination_concurrency_feedback_debug = no | ||
+ | detect_8bit_encoding_header = yes | ||
+ | disable_dns_lookups = no | ||
+ | disable_mime_input_processing = no | ||
+ | disable_mime_output_conversion = no | ||
+ | disable_verp_bounces = no | ||
+ | disable_vrfy_command = no | ||
+ | dns_ncache_ttl_fix_enable = no | ||
+ | dnsblog_reply_delay = 0s | ||
+ | dnsblog_service_name = dnsblog | ||
+ | dont_remove = 0 | ||
+ | double_bounce_sender = double-bounce | ||
+ | duplicate_filter_limit = 1000 | ||
+ | empty_address_default_transport_maps_lookup_key = <> | ||
+ | empty_address_recipient = MAILER-DAEMON | ||
+ | empty_address_relayhost_maps_lookup_key = <> | ||
+ | enable_idna2003_compatibility = no | ||
+ | enable_long_queue_ids = no | ||
+ | enable_original_recipient = yes | ||
+ | error_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | error_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | error_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | error_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | error_destination_rate_delay = $default_destination_rate_delay | ||
+ | error_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | error_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | error_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | error_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | error_notice_recipient = postmaster | ||
+ | error_recipient_limit = $default_recipient_limit | ||
+ | error_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | error_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | error_service_name = error | ||
+ | error_transport_rate_delay = $default_transport_rate_delay | ||
+ | execution_directory_expansion_filter = 1234567890!@%-_=+:, | ||
+ | expand_owner_alias = no | ||
+ | export_environment = TZ MAIL_CONFIG LANG | ||
+ | fallback_transport = | ||
+ | fallback_transport_maps = | ||
+ | fast_flush_domains = $relay_domains | ||
+ | fast_flush_purge_time = 7d | ||
+ | fast_flush_refresh_time = 12h | ||
+ | fault_injection_code = 0 | ||
+ | flush_service_name = flush | ||
+ | fork_attempts = 5 | ||
+ | fork_delay = 1s | ||
+ | forward_expansion_filter = 1234567890!@%-_=+:, | ||
+ | forward_path = $home/ | ||
+ | frozen_delivered_to = yes | ||
+ | hash_queue_depth = 1 | ||
+ | hash_queue_names = deferred, defer | ||
+ | header_address_token_limit = 10240 | ||
+ | header_checks = | ||
+ | header_from_format = standard | ||
+ | header_size_limit = 102400 | ||
+ | helpful_warnings = yes | ||
+ | home_mailbox = | ||
+ | hopcount_limit = 50 | ||
+ | html_directory = no | ||
+ | ignore_mx_lookup_error = no | ||
+ | import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C | ||
+ | in_flow_delay = 1s | ||
+ | inet_interfaces = all | ||
+ | inet_protocols = all | ||
+ | initial_destination_concurrency = 5 | ||
+ | internal_mail_filter_classes = | ||
+ | invalid_hostname_reject_code = 501 | ||
+ | ipc_idle = 5s | ||
+ | ipc_timeout = 3600s | ||
+ | ipc_ttl = 1000s | ||
+ | line_length_limit = 2048 | ||
+ | lmdb_map_size = 16777216 | ||
+ | lmtp_address_preference = any | ||
+ | lmtp_address_verify_target = rcpt | ||
+ | lmtp_assume_final = no | ||
+ | lmtp_balance_inet_protocols = yes | ||
+ | lmtp_bind_address = | ||
+ | lmtp_bind_address6 = | ||
+ | lmtp_body_checks = | ||
+ | lmtp_cname_overrides_servername = no | ||
+ | lmtp_connect_timeout = 0s | ||
+ | lmtp_connection_cache_destinations = | ||
+ | lmtp_connection_cache_on_demand = yes | ||
+ | lmtp_connection_cache_time_limit = 2s | ||
+ | lmtp_connection_reuse_count_limit = 0 | ||
+ | lmtp_connection_reuse_time_limit = 300s | ||
+ | lmtp_data_done_timeout = 600s | ||
+ | lmtp_data_init_timeout = 120s | ||
+ | lmtp_data_xfer_timeout = 180s | ||
+ | lmtp_defer_if_no_mx_address_found = no | ||
+ | lmtp_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | lmtp_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | lmtp_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | lmtp_delivery_status_filter = $default_delivery_status_filter | ||
+ | lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | lmtp_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | lmtp_destination_rate_delay = $default_destination_rate_delay | ||
+ | lmtp_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | lmtp_discard_lhlo_keyword_address_maps = | ||
+ | lmtp_discard_lhlo_keywords = | ||
+ | lmtp_dns_reply_filter = | ||
+ | lmtp_dns_resolver_options = | ||
+ | lmtp_dns_support_level = | ||
+ | lmtp_enforce_tls = no | ||
+ | lmtp_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | lmtp_fallback_relay = | ||
+ | lmtp_generic_maps = | ||
+ | lmtp_header_checks = | ||
+ | lmtp_host_lookup = dns | ||
+ | lmtp_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | lmtp_lhlo_name = $myhostname | ||
+ | lmtp_lhlo_timeout = 300s | ||
+ | lmtp_line_length_limit = 998 | ||
+ | lmtp_mail_timeout = 300s | ||
+ | lmtp_mime_header_checks = | ||
+ | lmtp_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | lmtp_mx_address_limit = 5 | ||
+ | lmtp_mx_session_limit = 2 | ||
+ | lmtp_nested_header_checks = | ||
+ | lmtp_per_record_deadline = no | ||
+ | lmtp_pix_workaround_delay_time = 10s | ||
+ | lmtp_pix_workaround_maps = | ||
+ | lmtp_pix_workaround_threshold_time = 500s | ||
+ | lmtp_pix_workarounds = disable_esmtp, | ||
+ | lmtp_quit_timeout = 300s | ||
+ | lmtp_quote_rfc821_envelope = yes | ||
+ | lmtp_randomize_addresses = yes | ||
+ | lmtp_rcpt_timeout = 300s | ||
+ | lmtp_recipient_limit = $default_recipient_limit | ||
+ | lmtp_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | lmtp_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | lmtp_reply_filter = | ||
+ | lmtp_rset_timeout = 20s | ||
+ | lmtp_sasl_auth_cache_name = | ||
+ | lmtp_sasl_auth_cache_time = 90d | ||
+ | lmtp_sasl_auth_enable = no | ||
+ | lmtp_sasl_auth_soft_bounce = yes | ||
+ | lmtp_sasl_mechanism_filter = | ||
+ | lmtp_sasl_password_maps = | ||
+ | lmtp_sasl_path = | ||
+ | lmtp_sasl_security_options = noplaintext, | ||
+ | lmtp_sasl_tls_security_options = $lmtp_sasl_security_options | ||
+ | lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options | ||
+ | lmtp_sasl_type = cyrus | ||
+ | lmtp_send_dummy_mail_auth = no | ||
+ | lmtp_send_xforward_command = no | ||
+ | lmtp_sender_dependent_authentication = no | ||
+ | lmtp_skip_5xx_greeting = yes | ||
+ | lmtp_skip_quit_response = no | ||
+ | lmtp_starttls_timeout = 300s | ||
+ | lmtp_tcp_port = 24 | ||
+ | lmtp_tls_CAfile = | ||
+ | lmtp_tls_CApath = | ||
+ | lmtp_tls_block_early_mail_reply = no | ||
+ | lmtp_tls_cert_file = | ||
+ | lmtp_tls_ciphers = medium | ||
+ | lmtp_tls_dcert_file = | ||
+ | lmtp_tls_dkey_file = $lmtp_tls_dcert_file | ||
+ | lmtp_tls_eccert_file = | ||
+ | lmtp_tls_eckey_file = $lmtp_tls_eccert_file | ||
+ | lmtp_tls_enforce_peername = yes | ||
+ | lmtp_tls_exclude_ciphers = | ||
+ | lmtp_tls_fingerprint_cert_match = | ||
+ | lmtp_tls_fingerprint_digest = md5 | ||
+ | lmtp_tls_force_insecure_host_tlsa_lookup = no | ||
+ | lmtp_tls_key_file = $lmtp_tls_cert_file | ||
+ | lmtp_tls_loglevel = 0 | ||
+ | lmtp_tls_mandatory_ciphers = medium | ||
+ | lmtp_tls_mandatory_exclude_ciphers = | ||
+ | lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
+ | lmtp_tls_note_starttls_offer = no | ||
+ | lmtp_tls_per_site = | ||
+ | lmtp_tls_policy_maps = | ||
+ | lmtp_tls_protocols = !SSLv2, !SSLv3 | ||
+ | lmtp_tls_scert_verifydepth = 9 | ||
+ | lmtp_tls_secure_cert_match = nexthop | ||
+ | lmtp_tls_security_level = | ||
+ | lmtp_tls_session_cache_database = | ||
+ | lmtp_tls_session_cache_timeout = 3600s | ||
+ | lmtp_tls_trust_anchor_file = | ||
+ | lmtp_tls_verify_cert_match = hostname | ||
+ | lmtp_tls_wrappermode = no | ||
+ | lmtp_transport_rate_delay = $default_transport_rate_delay | ||
+ | lmtp_use_tls = no | ||
+ | lmtp_xforward_timeout = 300s | ||
+ | local_command_shell = | ||
+ | local_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | local_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | local_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | local_delivery_status_filter = $default_delivery_status_filter | ||
+ | local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | local_destination_concurrency_limit = 2 | ||
+ | local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | local_destination_rate_delay = $default_destination_rate_delay | ||
+ | local_destination_recipient_limit = 1 | ||
+ | local_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | local_header_rewrite_clients = permit_inet_interfaces | ||
+ | local_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | local_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | local_recipient_limit = $default_recipient_limit | ||
+ | local_recipient_maps = proxy: | ||
+ | local_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | local_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | local_transport = local: | ||
+ | local_transport_rate_delay = $default_transport_rate_delay | ||
+ | luser_relay = | ||
+ | mail_name = Postfix | ||
+ | mail_owner = postfix | ||
+ | mail_release_date = 20181124 | ||
+ | mail_spool_directory = /var/mail | ||
+ | mail_version = 3.3.2 | ||
+ | mailbox_command = | ||
+ | mailbox_command_maps = | ||
+ | mailbox_delivery_lock = fcntl, dotlock | ||
+ | mailbox_size_limit = 51200000 | ||
+ | mailbox_transport = | ||
+ | mailbox_transport_maps = | ||
+ | mailq_path = / | ||
+ | manpage_directory = / | ||
+ | maps_rbl_domains = | ||
+ | maps_rbl_reject_code = 554 | ||
+ | masquerade_classes = envelope_sender, | ||
+ | masquerade_domains = | ||
+ | masquerade_exceptions = | ||
+ | master_service_disable = | ||
+ | max_idle = 100s | ||
+ | max_use = 100 | ||
+ | maximal_backoff_time = 4000s | ||
+ | maximal_queue_lifetime = 5d | ||
+ | message_drop_headers = bcc, content-length, | ||
+ | message_reject_characters = | ||
+ | message_size_limit = 10240000 | ||
+ | message_strip_characters = | ||
+ | meta_directory = / | ||
+ | milter_command_timeout = 30s | ||
+ | milter_connect_macros = j {daemon_name} {daemon_addr} v | ||
+ | milter_connect_timeout = 30s | ||
+ | milter_content_timeout = 300s | ||
+ | milter_data_macros = i | ||
+ | milter_default_action = tempfail | ||
+ | milter_end_of_data_macros = i | ||
+ | milter_end_of_header_macros = i | ||
+ | milter_header_checks = | ||
+ | milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} | ||
+ | milter_macro_daemon_name = $myhostname | ||
+ | milter_macro_defaults = | ||
+ | milter_macro_v = $mail_name $mail_version | ||
+ | milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} | ||
+ | milter_protocol = 6 | ||
+ | milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} | ||
+ | milter_unknown_command_macros = | ||
+ | mime_boundary_length_limit = 2048 | ||
+ | mime_header_checks = $header_checks | ||
+ | mime_nesting_limit = 100 | ||
+ | minimal_backoff_time = 300s | ||
+ | multi_instance_directories = | ||
+ | multi_instance_enable = no | ||
+ | multi_instance_group = | ||
+ | multi_instance_name = | ||
+ | multi_instance_wrapper = | ||
+ | multi_recipient_bounce_reject_code = 550 | ||
+ | mydestination = $myhostname, | ||
+ | mydomain = dmz.nausch.org | ||
+ | myhostname = vml000080.dmz.nausch.org | ||
+ | mynetworks = 127.0.0.0/8 10.0.0.0/24 [::1]/128 [fe80::]/64 | ||
+ | mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}} | ||
+ | myorigin = $myhostname | ||
+ | nested_header_checks = $header_checks | ||
+ | newaliases_path = / | ||
+ | non_fqdn_reject_code = 504 | ||
+ | non_smtpd_milters = | ||
+ | notify_classes = resource, software | ||
+ | openssl_path = openssl | ||
+ | owner_request_special = yes | ||
+ | parent_domain_matches_subdomains = debug_peer_list, | ||
+ | permit_mx_backup_networks = | ||
+ | pickup_service_name = pickup | ||
+ | pipe_delivery_status_filter = $default_delivery_status_filter | ||
+ | plaintext_reject_code = 450 | ||
+ | postmulti_control_commands = reload flush | ||
+ | postmulti_start_commands = start | ||
+ | postmulti_stop_commands = stop abort drain quick-stop | ||
+ | postscreen_access_list = permit_mynetworks | ||
+ | postscreen_bare_newline_action = ignore | ||
+ | postscreen_bare_newline_enable = no | ||
+ | postscreen_bare_newline_ttl = 30d | ||
+ | postscreen_blacklist_action = ignore | ||
+ | postscreen_cache_cleanup_interval = 12h | ||
+ | postscreen_cache_map = btree: | ||
+ | postscreen_cache_retention_time = 7d | ||
+ | postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit | ||
+ | postscreen_command_count_limit = 20 | ||
+ | postscreen_command_filter = | ||
+ | postscreen_command_time_limit = ${stress? | ||
+ | postscreen_disable_vrfy_command = $disable_vrfy_command | ||
+ | postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps | ||
+ | postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords | ||
+ | postscreen_dnsbl_action = ignore | ||
+ | postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl? | ||
+ | postscreen_dnsbl_min_ttl = 60s | ||
+ | postscreen_dnsbl_reply_map = | ||
+ | postscreen_dnsbl_sites = | ||
+ | postscreen_dnsbl_threshold = 1 | ||
+ | postscreen_dnsbl_timeout = 10s | ||
+ | postscreen_dnsbl_whitelist_threshold = 0 | ||
+ | postscreen_enforce_tls = $smtpd_enforce_tls | ||
+ | postscreen_expansion_filter = $smtpd_expansion_filter | ||
+ | postscreen_forbidden_commands = $smtpd_forbidden_commands | ||
+ | postscreen_greet_action = ignore | ||
+ | postscreen_greet_banner = $smtpd_banner | ||
+ | postscreen_greet_ttl = 1d | ||
+ | postscreen_greet_wait = ${stress? | ||
+ | postscreen_helo_required = $smtpd_helo_required | ||
+ | postscreen_non_smtp_command_action = drop | ||
+ | postscreen_non_smtp_command_enable = no | ||
+ | postscreen_non_smtp_command_ttl = 30d | ||
+ | postscreen_pipelining_action = enforce | ||
+ | postscreen_pipelining_enable = no | ||
+ | postscreen_pipelining_ttl = 30d | ||
+ | postscreen_post_queue_limit = $default_process_limit | ||
+ | postscreen_pre_queue_limit = $default_process_limit | ||
+ | postscreen_reject_footer = $smtpd_reject_footer | ||
+ | postscreen_tls_security_level = $smtpd_tls_security_level | ||
+ | postscreen_upstream_proxy_protocol = | ||
+ | postscreen_upstream_proxy_timeout = 5s | ||
+ | postscreen_use_tls = $smtpd_use_tls | ||
+ | postscreen_watchdog_timeout = 10s | ||
+ | postscreen_whitelist_interfaces = static:all | ||
+ | prepend_delivered_header = command, file, forward | ||
+ | process_id = 14166 | ||
+ | process_id_directory = pid | ||
+ | process_name = postconf | ||
+ | propagate_unmatched_extensions = canonical, virtual | ||
+ | proxy_interfaces = | ||
+ | proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps | ||
+ | proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map | ||
+ | proxymap_service_name = proxymap | ||
+ | proxywrite_service_name = proxywrite | ||
+ | qmgr_clog_warn_time = 300s | ||
+ | qmgr_daemon_timeout = 1000s | ||
+ | qmgr_fudge_factor = 100 | ||
+ | qmgr_ipc_timeout = 60s | ||
+ | qmgr_message_active_limit = 20000 | ||
+ | qmgr_message_recipient_limit = 20000 | ||
+ | qmgr_message_recipient_minimum = 10 | ||
+ | qmqpd_authorized_clients = | ||
+ | qmqpd_client_port_logging = no | ||
+ | qmqpd_error_delay = 1s | ||
+ | qmqpd_timeout = 300s | ||
+ | queue_directory = / | ||
+ | queue_file_attribute_count_limit = 100 | ||
+ | queue_minfree = 0 | ||
+ | queue_run_delay = 300s | ||
+ | queue_service_name = qmgr | ||
+ | rbl_reply_maps = | ||
+ | readme_directory = no | ||
+ | receive_override_options = | ||
+ | recipient_bcc_maps = | ||
+ | recipient_canonical_classes = envelope_recipient, | ||
+ | recipient_canonical_maps = | ||
+ | recipient_delimiter = | ||
+ | reject_code = 554 | ||
+ | reject_tempfail_action = defer_if_permit | ||
+ | relay_clientcerts = | ||
+ | relay_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | relay_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | relay_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | relay_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | relay_destination_rate_delay = $default_destination_rate_delay | ||
+ | relay_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} | ||
+ | relay_domains_reject_code = 554 | ||
+ | relay_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | relay_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | relay_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | relay_recipient_limit = $default_recipient_limit | ||
+ | relay_recipient_maps = | ||
+ | relay_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | relay_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | relay_transport = relay | ||
+ | relay_transport_rate_delay = $default_transport_rate_delay | ||
+ | relayhost = | ||
+ | relocated_maps = | ||
+ | remote_header_rewrite_domain = | ||
+ | require_home_directory = no | ||
+ | reset_owner_alias = no | ||
+ | resolve_dequoted_address = yes | ||
+ | resolve_null_domain = no | ||
+ | resolve_numeric_domain = no | ||
+ | retry_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | retry_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | retry_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | retry_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | retry_destination_rate_delay = $default_destination_rate_delay | ||
+ | retry_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | retry_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | retry_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | retry_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | retry_recipient_limit = $default_recipient_limit | ||
+ | retry_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | retry_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | retry_transport_rate_delay = $default_transport_rate_delay | ||
+ | rewrite_service_name = rewrite | ||
+ | sample_directory = / | ||
+ | send_cyrus_sasl_authzid = no | ||
+ | sender_bcc_maps = | ||
+ | sender_canonical_classes = envelope_sender, | ||
+ | sender_canonical_maps = | ||
+ | sender_dependent_default_transport_maps = | ||
+ | sender_dependent_relayhost_maps = | ||
+ | sendmail_fix_line_endings = always | ||
+ | sendmail_path = / | ||
+ | service_name = | ||
+ | service_throttle_time = 60s | ||
+ | setgid_group = postdrop | ||
+ | shlib_directory = / | ||
+ | show_user_unknown_table_name = yes | ||
+ | showq_service_name = showq | ||
+ | smtp_address_preference = any | ||
+ | smtp_address_verify_target = rcpt | ||
+ | smtp_always_send_ehlo = yes | ||
+ | smtp_balance_inet_protocols = yes | ||
+ | smtp_bind_address = | ||
+ | smtp_bind_address6 = | ||
+ | smtp_body_checks = | ||
+ | smtp_cname_overrides_servername = no | ||
+ | smtp_connect_timeout = 30s | ||
+ | smtp_connection_cache_destinations = | ||
+ | smtp_connection_cache_on_demand = yes | ||
+ | smtp_connection_cache_time_limit = 2s | ||
+ | smtp_connection_reuse_count_limit = 0 | ||
+ | smtp_connection_reuse_time_limit = 300s | ||
+ | smtp_data_done_timeout = 600s | ||
+ | smtp_data_init_timeout = 120s | ||
+ | smtp_data_xfer_timeout = 180s | ||
+ | smtp_defer_if_no_mx_address_found = no | ||
+ | smtp_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | smtp_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | smtp_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | smtp_delivery_status_filter = $default_delivery_status_filter | ||
+ | smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | smtp_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | smtp_destination_rate_delay = $default_destination_rate_delay | ||
+ | smtp_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | smtp_discard_ehlo_keyword_address_maps = | ||
+ | smtp_discard_ehlo_keywords = | ||
+ | smtp_dns_reply_filter = | ||
+ | smtp_dns_resolver_options = | ||
+ | smtp_dns_support_level = | ||
+ | smtp_enforce_tls = no | ||
+ | smtp_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | smtp_fallback_relay = $fallback_relay | ||
+ | smtp_generic_maps = | ||
+ | smtp_header_checks = | ||
+ | smtp_helo_name = $myhostname | ||
+ | smtp_helo_timeout = 300s | ||
+ | smtp_host_lookup = dns | ||
+ | smtp_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | smtp_line_length_limit = 998 | ||
+ | smtp_mail_timeout = 300s | ||
+ | smtp_mime_header_checks = | ||
+ | smtp_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | smtp_mx_address_limit = 5 | ||
+ | smtp_mx_session_limit = 2 | ||
+ | smtp_nested_header_checks = | ||
+ | smtp_never_send_ehlo = no | ||
+ | smtp_per_record_deadline = no | ||
+ | smtp_pix_workaround_delay_time = 10s | ||
+ | smtp_pix_workaround_maps = | ||
+ | smtp_pix_workaround_threshold_time = 500s | ||
+ | smtp_pix_workarounds = disable_esmtp, | ||
+ | smtp_quit_timeout = 300s | ||
+ | smtp_quote_rfc821_envelope = yes | ||
+ | smtp_randomize_addresses = yes | ||
+ | smtp_rcpt_timeout = 300s | ||
+ | smtp_recipient_limit = $default_recipient_limit | ||
+ | smtp_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | smtp_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | smtp_reply_filter = | ||
+ | smtp_rset_timeout = 20s | ||
+ | smtp_sasl_auth_cache_name = | ||
+ | smtp_sasl_auth_cache_time = 90d | ||
+ | smtp_sasl_auth_enable = no | ||
+ | smtp_sasl_auth_soft_bounce = yes | ||
+ | smtp_sasl_mechanism_filter = | ||
+ | smtp_sasl_password_maps = | ||
+ | smtp_sasl_path = | ||
+ | smtp_sasl_security_options = noplaintext, | ||
+ | smtp_sasl_tls_security_options = $smtp_sasl_security_options | ||
+ | smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options | ||
+ | smtp_sasl_type = cyrus | ||
+ | smtp_send_dummy_mail_auth = no | ||
+ | smtp_send_xforward_command = no | ||
+ | smtp_sender_dependent_authentication = no | ||
+ | smtp_skip_5xx_greeting = yes | ||
+ | smtp_skip_quit_response = yes | ||
+ | smtp_starttls_timeout = 300s | ||
+ | smtp_tcp_port = smtp | ||
+ | smtp_tls_CAfile = | ||
+ | smtp_tls_CApath = | ||
+ | smtp_tls_block_early_mail_reply = no | ||
+ | smtp_tls_cert_file = | ||
+ | smtp_tls_ciphers = medium | ||
+ | smtp_tls_dane_insecure_mx_policy = dane | ||
+ | smtp_tls_dcert_file = | ||
+ | smtp_tls_dkey_file = $smtp_tls_dcert_file | ||
+ | smtp_tls_eccert_file = | ||
+ | smtp_tls_eckey_file = $smtp_tls_eccert_file | ||
+ | smtp_tls_enforce_peername = yes | ||
+ | smtp_tls_exclude_ciphers = | ||
+ | smtp_tls_fingerprint_cert_match = | ||
+ | smtp_tls_fingerprint_digest = md5 | ||
+ | smtp_tls_force_insecure_host_tlsa_lookup = no | ||
+ | smtp_tls_key_file = $smtp_tls_cert_file | ||
+ | smtp_tls_loglevel = 0 | ||
+ | smtp_tls_mandatory_ciphers = medium | ||
+ | smtp_tls_mandatory_exclude_ciphers = | ||
+ | smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
+ | smtp_tls_note_starttls_offer = no | ||
+ | smtp_tls_per_site = | ||
+ | smtp_tls_policy_maps = | ||
+ | smtp_tls_protocols = !SSLv2, !SSLv3 | ||
+ | smtp_tls_scert_verifydepth = 9 | ||
+ | smtp_tls_secure_cert_match = nexthop, dot-nexthop | ||
+ | smtp_tls_security_level = | ||
+ | smtp_tls_session_cache_database = | ||
+ | smtp_tls_session_cache_timeout = 3600s | ||
+ | smtp_tls_trust_anchor_file = | ||
+ | smtp_tls_verify_cert_match = hostname | ||
+ | smtp_tls_wrappermode = no | ||
+ | smtp_transport_rate_delay = $default_transport_rate_delay | ||
+ | smtp_use_tls = no | ||
+ | smtp_xforward_timeout = 300s | ||
+ | smtpd_authorized_verp_clients = $authorized_verp_clients | ||
+ | smtpd_authorized_xclient_hosts = | ||
+ | smtpd_authorized_xforward_hosts = | ||
+ | smtpd_banner = $myhostname ESMTP $mail_name | ||
+ | smtpd_client_auth_rate_limit = 0 | ||
+ | smtpd_client_connection_count_limit = 50 | ||
+ | smtpd_client_connection_rate_limit = 0 | ||
+ | smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions: | ||
+ | smtpd_client_message_rate_limit = 0 | ||
+ | smtpd_client_new_tls_session_rate_limit = 0 | ||
+ | smtpd_client_port_logging = no | ||
+ | smtpd_client_recipient_rate_limit = 0 | ||
+ | smtpd_client_restrictions = | ||
+ | smtpd_command_filter = | ||
+ | smtpd_data_restrictions = | ||
+ | smtpd_delay_open_until_valid_rcpt = yes | ||
+ | smtpd_delay_reject = yes | ||
+ | smtpd_discard_ehlo_keyword_address_maps = | ||
+ | smtpd_discard_ehlo_keywords = | ||
+ | smtpd_dns_reply_filter = | ||
+ | smtpd_end_of_data_restrictions = | ||
+ | smtpd_enforce_tls = no | ||
+ | smtpd_error_sleep_time = 1s | ||
+ | smtpd_etrn_restrictions = | ||
+ | smtpd_expansion_filter = \t\40!"# | ||
+ | smtpd_forbidden_commands = CONNECT GET POST | ||
+ | smtpd_hard_error_limit = ${stress? | ||
+ | smtpd_helo_required = no | ||
+ | smtpd_helo_restrictions = | ||
+ | smtpd_history_flush_threshold = 100 | ||
+ | smtpd_junk_command_limit = ${stress? | ||
+ | smtpd_log_access_permit_actions = | ||
+ | smtpd_milter_maps = | ||
+ | smtpd_milters = | ||
+ | smtpd_noop_commands = | ||
+ | smtpd_null_access_lookup_key = <> | ||
+ | smtpd_peername_lookup = yes | ||
+ | smtpd_per_record_deadline = ${stress? | ||
+ | smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem | ||
+ | smtpd_policy_service_max_idle = 300s | ||
+ | smtpd_policy_service_max_ttl = 1000s | ||
+ | smtpd_policy_service_policy_context = | ||
+ | smtpd_policy_service_request_limit = 0 | ||
+ | smtpd_policy_service_retry_delay = 1s | ||
+ | smtpd_policy_service_timeout = 100s | ||
+ | smtpd_policy_service_try_limit = 2 | ||
+ | smtpd_proxy_ehlo = $myhostname | ||
+ | smtpd_proxy_filter = | ||
+ | smtpd_proxy_options = | ||
+ | smtpd_proxy_timeout = 100s | ||
+ | smtpd_recipient_limit = 1000 | ||
+ | smtpd_recipient_overshoot_limit = 1000 | ||
+ | smtpd_recipient_restrictions = | ||
+ | smtpd_reject_footer = | ||
+ | smtpd_reject_unlisted_recipient = yes | ||
+ | smtpd_reject_unlisted_sender = no | ||
+ | smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, | ||
+ | smtpd_restriction_classes = | ||
+ | smtpd_sasl_auth_enable = no | ||
+ | smtpd_sasl_authenticated_header = no | ||
+ | smtpd_sasl_exceptions_networks = | ||
+ | smtpd_sasl_local_domain = | ||
+ | smtpd_sasl_path = smtpd | ||
+ | smtpd_sasl_security_options = noanonymous | ||
+ | smtpd_sasl_service = smtp | ||
+ | smtpd_sasl_tls_security_options = $smtpd_sasl_security_options | ||
+ | smtpd_sasl_type = cyrus | ||
+ | smtpd_sender_login_maps = | ||
+ | smtpd_sender_restrictions = | ||
+ | smtpd_service_name = smtpd | ||
+ | smtpd_soft_error_limit = 10 | ||
+ | smtpd_starttls_timeout = ${stress? | ||
+ | smtpd_timeout = ${stress? | ||
+ | smtpd_tls_CAfile = | ||
+ | smtpd_tls_CApath = | ||
+ | smtpd_tls_always_issue_session_ids = yes | ||
+ | smtpd_tls_ask_ccert = no | ||
+ | smtpd_tls_auth_only = no | ||
+ | smtpd_tls_ccert_verifydepth = 9 | ||
+ | smtpd_tls_cert_file = | ||
+ | smtpd_tls_ciphers = medium | ||
+ | smtpd_tls_dcert_file = | ||
+ | smtpd_tls_dh1024_param_file = | ||
+ | smtpd_tls_dh512_param_file = | ||
+ | smtpd_tls_dkey_file = $smtpd_tls_dcert_file | ||
+ | smtpd_tls_eccert_file = | ||
+ | smtpd_tls_eckey_file = $smtpd_tls_eccert_file | ||
+ | smtpd_tls_eecdh_grade = auto | ||
+ | smtpd_tls_exclude_ciphers = | ||
+ | smtpd_tls_fingerprint_digest = md5 | ||
+ | smtpd_tls_key_file = $smtpd_tls_cert_file | ||
+ | smtpd_tls_loglevel = 0 | ||
+ | smtpd_tls_mandatory_ciphers = medium | ||
+ | smtpd_tls_mandatory_exclude_ciphers = | ||
+ | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 | ||
+ | smtpd_tls_protocols = !SSLv2, !SSLv3 | ||
+ | smtpd_tls_received_header = no | ||
+ | smtpd_tls_req_ccert = no | ||
+ | smtpd_tls_security_level = | ||
+ | smtpd_tls_session_cache_database = | ||
+ | smtpd_tls_session_cache_timeout = 3600s | ||
+ | smtpd_tls_wrappermode = no | ||
+ | smtpd_upstream_proxy_protocol = | ||
+ | smtpd_upstream_proxy_timeout = 5s | ||
+ | smtpd_use_tls = no | ||
+ | smtputf8_autodetect_classes = sendmail, verify | ||
+ | smtputf8_enable = ${{$compatibility_level} < {1} ? {no} : {yes}} | ||
+ | soft_bounce = no | ||
+ | stale_lock_time = 500s | ||
+ | stress = | ||
+ | strict_7bit_headers = no | ||
+ | strict_8bitmime = no | ||
+ | strict_8bitmime_body = no | ||
+ | strict_mailbox_ownership = yes | ||
+ | strict_mime_encoding_domain = no | ||
+ | strict_rfc821_envelopes = no | ||
+ | strict_smtputf8 = no | ||
+ | sun_mailtool_compatibility = no | ||
+ | swap_bangpath = yes | ||
+ | syslog_facility = mail | ||
+ | syslog_name = ${multi_instance_name? | ||
+ | tcp_windowsize = 0 | ||
+ | tls_append_default_CA = no | ||
+ | tls_daemon_random_bytes = 32 | ||
+ | tls_dane_digest_agility = on | ||
+ | tls_dane_digests = sha512 sha256 | ||
+ | tls_dane_trust_anchor_digest_enable = yes | ||
+ | tls_disable_workarounds = | ||
+ | tls_eecdh_auto_curves = prime256v1 secp521r1 secp384r1 | ||
+ | tls_eecdh_strong_curve = prime256v1 | ||
+ | tls_eecdh_ultra_curve = secp384r1 | ||
+ | tls_export_cipherlist = aNULL: | ||
+ | tls_high_cipherlist = aNULL: | ||
+ | tls_legacy_public_key_fingerprints = no | ||
+ | tls_low_cipherlist = aNULL: | ||
+ | tls_medium_cipherlist = aNULL: | ||
+ | tls_null_cipherlist = eNULL: | ||
+ | tls_preempt_cipherlist = no | ||
+ | tls_random_bytes = 32 | ||
+ | tls_random_exchange_name = ${data_directory}/ | ||
+ | tls_random_prng_update_period = 3600s | ||
+ | tls_random_reseed_period = 3600s | ||
+ | tls_random_source = dev:/ | ||
+ | tls_session_ticket_cipher = aes-256-cbc | ||
+ | tls_ssl_options = | ||
+ | tls_wildcard_matches_multiple_labels = yes | ||
+ | tlsmgr_service_name = tlsmgr | ||
+ | tlsproxy_enforce_tls = $smtpd_enforce_tls | ||
+ | tlsproxy_service_name = tlsproxy | ||
+ | tlsproxy_tls_CAfile = $smtpd_tls_CAfile | ||
+ | tlsproxy_tls_CApath = $smtpd_tls_CApath | ||
+ | tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids | ||
+ | tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert | ||
+ | tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth | ||
+ | tlsproxy_tls_cert_file = $smtpd_tls_cert_file | ||
+ | tlsproxy_tls_ciphers = $smtpd_tls_ciphers | ||
+ | tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file | ||
+ | tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file | ||
+ | tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file | ||
+ | tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file | ||
+ | tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file | ||
+ | tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file | ||
+ | tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade | ||
+ | tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers | ||
+ | tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest | ||
+ | tlsproxy_tls_key_file = $smtpd_tls_key_file | ||
+ | tlsproxy_tls_loglevel = $smtpd_tls_loglevel | ||
+ | tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers | ||
+ | tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers | ||
+ | tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols | ||
+ | tlsproxy_tls_protocols = $smtpd_tls_protocols | ||
+ | tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert | ||
+ | tlsproxy_tls_security_level = $smtpd_tls_security_level | ||
+ | tlsproxy_use_tls = $smtpd_use_tls | ||
+ | tlsproxy_watchdog_timeout = 10s | ||
+ | trace_service_name = trace | ||
+ | transport_maps = | ||
+ | transport_retry_time = 60s | ||
+ | trigger_timeout = 10s | ||
+ | undisclosed_recipients_header = | ||
+ | unknown_address_reject_code = 450 | ||
+ | unknown_address_tempfail_action = $reject_tempfail_action | ||
+ | unknown_client_reject_code = 450 | ||
+ | unknown_helo_hostname_tempfail_action = $reject_tempfail_action | ||
+ | unknown_hostname_reject_code = 450 | ||
+ | unknown_local_recipient_reject_code = 550 | ||
+ | unknown_relay_recipient_reject_code = 550 | ||
+ | unknown_virtual_alias_reject_code = 550 | ||
+ | unknown_virtual_mailbox_reject_code = 550 | ||
+ | unverified_recipient_defer_code = 450 | ||
+ | unverified_recipient_reject_code = 450 | ||
+ | unverified_recipient_reject_reason = | ||
+ | unverified_recipient_tempfail_action = $reject_tempfail_action | ||
+ | unverified_sender_defer_code = 450 | ||
+ | unverified_sender_reject_code = 450 | ||
+ | unverified_sender_reject_reason = | ||
+ | unverified_sender_tempfail_action = $reject_tempfail_action | ||
+ | verp_delimiter_filter = -=+ | ||
+ | virtual_alias_address_length_limit = 1000 | ||
+ | virtual_alias_domains = $virtual_alias_maps | ||
+ | virtual_alias_expansion_limit = 1000 | ||
+ | virtual_alias_maps = $virtual_maps | ||
+ | virtual_alias_recursion_limit = 1000 | ||
+ | virtual_delivery_slot_cost = $default_delivery_slot_cost | ||
+ | virtual_delivery_slot_discount = $default_delivery_slot_discount | ||
+ | virtual_delivery_slot_loan = $default_delivery_slot_loan | ||
+ | virtual_delivery_status_filter = $default_delivery_status_filter | ||
+ | virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit | ||
+ | virtual_destination_concurrency_limit = $default_destination_concurrency_limit | ||
+ | virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback | ||
+ | virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback | ||
+ | virtual_destination_rate_delay = $default_destination_rate_delay | ||
+ | virtual_destination_recipient_limit = $default_destination_recipient_limit | ||
+ | virtual_extra_recipient_limit = $default_extra_recipient_limit | ||
+ | virtual_gid_maps = | ||
+ | virtual_initial_destination_concurrency = $initial_destination_concurrency | ||
+ | virtual_mailbox_base = | ||
+ | virtual_mailbox_domains = $virtual_mailbox_maps | ||
+ | virtual_mailbox_limit = 51200000 | ||
+ | virtual_mailbox_lock = fcntl, dotlock | ||
+ | virtual_mailbox_maps = | ||
+ | virtual_minimum_delivery_slots = $default_minimum_delivery_slots | ||
+ | virtual_minimum_uid = 100 | ||
+ | virtual_recipient_limit = $default_recipient_limit | ||
+ | virtual_recipient_refill_delay = $default_recipient_refill_delay | ||
+ | virtual_recipient_refill_limit = $default_recipient_refill_limit | ||
+ | virtual_transport = virtual | ||
+ | virtual_transport_rate_delay = $default_transport_rate_delay | ||
+ | virtual_uid_maps = | ||
+ | </ | ||
+ | |||
+ | Möchten wir nun einen einzelne Variable abfragen, die nicht den Defaultvorgaben entspricht benutzen wir im Fall von **myorigin** den folgenden Aufruf. | ||
+ | # postconf -d myorigin | ||
+ | |||
+ | myorigin = $myhostname | ||
+ | |||
+ | Wollen wir einen Parameter ändern, so benutzen wir die Option **-e**. Als erstes fragen wir den wert einer Variable, im folgenden Beispiel von **// | ||
+ | # postconf -d smtpd_client_connection_count_limit | ||
+ | |||
+ | | ||
+ | Den Defaulwert von **50** ändern wir nun ab auf den Wert **10**. | ||
+ | # postconf -e " | ||
+ | |||
+ | Anschließend muss via **systemctl reload postfix** der laufende Daemon noch von der Änderung an der **main.cf** informiert werden. | ||
+ | |||
+ | Auf die wichtigsten Konfigurationsparameter für den Betrieb unseres Mailservers gehen wir nun kurz ein: | ||
+ | * **myhostname** \\ Definition des Hostnames, über den der Mailserver später erreichbar sein wird. Die IP-Adresse des Mailservers muss später auch reverse auf gelöst werden könnne und dem hier definiertem Hostnamen entsprechen. | ||
+ | * **mydomain** \\ Definition der eigenen Domäne. Normalerweise, | ||
+ | * **mydestination** Über diesen Parameter wird definiert, für welche Domains sich unser Postfix als //final destination// | ||
+ | * **myorigin** Werden eMails lokal auf dem Mailserverhost generiert, erzeugt Postfix " | ||
+ | * **mynetworks** \\ Muss man mehrere verschiedene Netzbereiche, | ||
+ | * **mynetworks_style** \\ Festlegung des Netzes oder des Netzbereiches, | ||
+ | * **inet_interfaces** \\ Festlegung der Netzwerk-Adresse, | ||
+ | * **inet_protocols** \\ Festlegung des verwendeten Internetprotokolles, | ||
+ | * **smtpd_banner** \\ Definition des Begrüßungstextes, | ||
+ | |||
+ | ===== Lockup-Tables ===== | ||
+ | Neben den beiden vorgenannten Hauptkonfigurationsdateien **main.cf** und **master.cf** finden wir im Konfigurationsverzeichnis // | ||
+ | # # ls -l --hide=*.cf --hide=header_checks --hide=*proto / | ||
+ | < | ||
+ | -rw-r--r--. 1 root root 21006 Sep 24 19:22 access | ||
+ | -rw-r--r--. 1 root root 11683 Sep 24 19:22 canonical | ||
+ | -rw-r--r--. 1 root root 9904 Sep 24 19:22 generic | ||
+ | -rw-r--r--. 1 root root 6816 Sep 24 19:22 relocated | ||
+ | -rw-r--r--. 1 root root 12549 Sep 24 19:22 transport | ||
+ | -rw-r--r--. 1 root root 12510 Sep 24 19:22 virtual | ||
+ | </ | ||
+ | |||
+ | Ferner findet sich dort noch die Konfigurationsdatei **dynamicmaps.cf** und das zugehörige Verzeichnis **dynamicmaps.cf.d** für die dynamischen Mappingtabellen. | ||
+ | < | ||
+ | -rw-r--r--. 1 root root 164 Jan 17 17:09 dynamicmaps.cf | ||
+ | drwxr-xr-x. 2 root root 6 Jan 17 17:09 dynamicmaps.cf.d | ||
+ | </ | ||
+ | Den Umgang mit diesen access- und lookup-Tabellen ist im Kapitel [[centos: | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | |||
+ | ===== Header-Checks ===== | ||
+ | Möchte man Informationen im Mailheader zum Bewerten verwenden, um so z.B. eine Nachricht zu blocken, kann man dies mit Hilfe der Konfigurationsdatei **header_checks** realisieren. | ||
+ | # less / | ||
+ | <file bash / | ||
+ | # | ||
+ | # NAME | ||
+ | # header_checks - Postfix built-in content inspection | ||
+ | # | ||
+ | # SYNOPSIS | ||
+ | # header_checks = pcre:/ | ||
+ | # mime_header_checks = pcre:/ | ||
+ | # nested_header_checks = pcre:/ | ||
+ | # body_checks = pcre:/ | ||
+ | # | ||
+ | # milter_header_checks = pcre:/ | ||
+ | # | ||
+ | # smtp_header_checks = pcre:/ | ||
+ | # smtp_mime_header_checks = pcre:/ | ||
+ | # smtp_nested_header_checks = pcre:/ | ||
+ | # smtp_body_checks = pcre:/ | ||
+ | # | ||
+ | # postmap -q " | ||
+ | # postmap -q - pcre:/ | ||
+ | # | ||
+ | # DESCRIPTION | ||
+ | # This document | ||
+ | # message headers and message body lines; it is implemented | ||
+ | # by the Postfix | ||
+ | # See access(5) for access control | ||
+ | # information. | ||
+ | # | ||
+ | # Each message | ||
+ | # against a list of patterns. | ||
+ | # corresponding action is executed, and the matching process | ||
+ | # is repeated for the next message header | ||
+ | # line. | ||
+ | # | ||
+ | # Note: message headers are examined one logical header at a | ||
+ | # time, even when a message | ||
+ | # Body lines are always examined one line at a time. | ||
+ | # | ||
+ | # For examples, see the EXAMPLES section at the end of this | ||
+ | # manual page. | ||
+ | # | ||
+ | # Postfix header or body_checks are designed to stop a flood | ||
+ | # of mail from worms or viruses; they do not decode attach- | ||
+ | # ments, and they do not unzip archives. See the documents | ||
+ | # referenced | ||
+ | # more sophisticated content analysis. | ||
+ | # | ||
+ | # FILTERS WHILE RECEIVING MAIL | ||
+ | # Postfix implements the following | ||
+ | # inspection classes while receiving mail: | ||
+ | # | ||
+ | # header_checks (default: empty) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # mime_header_checks (default: $header_checks) | ||
+ | # | ||
+ | # only. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.0 and later. | ||
+ | # | ||
+ | # nested_header_checks (default: $header_checks) | ||
+ | # | ||
+ | # email messages (except for the headers | ||
+ | # | ||
+ | # | ||
+ | # This feature is available in Postfix 2.0 and later. | ||
+ | # | ||
+ | # body_checks | ||
+ | # These are applied to all other content, | ||
+ | # | ||
+ | # | ||
+ | # With Postfix versions before 2.0, all content after | ||
+ | # the initial message headers is treated as body con- | ||
+ | # tent. | ||
+ | # | ||
+ | # FILTERS AFTER RECEIVING MAIL | ||
+ | # Postfix | ||
+ | # tion classes after the message is received: | ||
+ | # | ||
+ | # milter_header_checks (default: empty) | ||
+ | # These are applied to headers that are added with | ||
+ | # | ||
+ | # | ||
+ | # This feature is available in Postfix 2.7 and later. | ||
+ | # | ||
+ | # FILTERS WHILE DELIVERING MAIL | ||
+ | # Postfix supports all four content inspection classes while | ||
+ | # delivering mail via SMTP. | ||
+ | # | ||
+ | # smtp_header_checks (default: empty) | ||
+ | # | ||
+ | # smtp_mime_header_checks (default: empty) | ||
+ | # | ||
+ | # smtp_nested_header_checks (default: empty) | ||
+ | # | ||
+ | # smtp_body_checks (default: empty) | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # COMPATIBILITY | ||
+ | # With Postfix version 2.2 and earlier specify " | ||
+ | # to query a table that contains case sensitive patterns. By | ||
+ | # default, regexp: and pcre: patterns are case insensitive. | ||
+ | # | ||
+ | # TABLE FORMAT | ||
+ | # This document | ||
+ | # are specified in the form of Postfix | ||
+ | # lookup | ||
+ | # with pcre (Perl Compatible Regular Expression) tables. The | ||
+ | # regexp | ||
+ | # slower, but more widely available. | ||
+ | # conf -m" to find out what lookup table types your Postfix | ||
+ | # system supports. | ||
+ | # | ||
+ | # The general format of Postfix regular expression tables is | ||
+ | # given below. | ||
+ | # flags syntax, | ||
+ | # respectively. | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | # the corresponding action. See below for a list of | ||
+ | # | ||
+ | # | ||
+ | # !/ | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # if / | ||
+ | # | ||
+ | # endif If the input string matches / | ||
+ | # | ||
+ | # and endif. | ||
+ | # | ||
+ | # Note: do not prepend whitespace to patterns | ||
+ | # | ||
+ | # | ||
+ | # if !/ | ||
+ | # | ||
+ | # endif If the input string does not match /pattern/, then | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # blank lines and comments | ||
+ | # | ||
+ | # as are lines whose first non-whitespace | ||
+ | # is a `#'. | ||
+ | # | ||
+ | # multi-line text | ||
+ | # | ||
+ | # text. A line that starts with whitespace | ||
+ | # a logical line. | ||
+ | # | ||
+ | # TABLE SEARCH ORDER | ||
+ | # For each line of message input, the patterns are applied | ||
+ | # in the order as specified in the table. When a pattern | ||
+ | # found that matches | ||
+ | # action is executed | ||
+ | # inspected. | ||
+ | # | ||
+ | # TEXT SUBSTITUTION | ||
+ | # Substitution | ||
+ | # into the action string is possible using the conventional | ||
+ | # Perl syntax | ||
+ | # string may need to be written as ${n} or $(n) if they | ||
+ | # aren't followed by whitespace. | ||
+ | # | ||
+ | # Note: since negated patterns (those preceded by !) return | ||
+ | # a result when the expression does not match, substitutions | ||
+ | # are not available for negated patterns. | ||
+ | # | ||
+ | # ACTIONS | ||
+ | # Action names are case insensitive. They are shown in upper | ||
+ | # case for consistency with other Postfix documentation. | ||
+ | # | ||
+ | # BCC user@domain | ||
+ | # Add the specified address as a BCC recipient, | ||
+ | # | ||
+ | # a local part and domain part. The number | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Note 1: the BCC address is added as if it was spec- | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # 3461. | ||
+ | # | ||
+ | # Note 2: this ignores duplicate addresses (with the | ||
+ | # same delivery status notification options). | ||
+ | # | ||
+ | # This feature is available in Postfix 3.0 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # DISCARD optional text... | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # ient without discarding the entire message, use the | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # This feature is available in Postfix 2.0 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # DUNNO Pretend | ||
+ | # tern, and inspect the next input line. This action | ||
+ | # can be used to shorten the table search. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # as DUNNO. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.1 and later. | ||
+ | # | ||
+ | # FILTER transport: | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # about external content filters is in the Postfix | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # know that the information has a trusted origin. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Note 3: the purpose of the FILTER | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # and later), or specify a transport: | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # _maps features. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.0 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # HOLD optional text... | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # it or releases it for delivery. | ||
+ | # text if specified, otherwise log a generic message. | ||
+ | # | ||
+ | # Mail that is placed on hold can be examined | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Note: use " | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # not expire within a few delivery attempts. | ||
+ | # | ||
+ | # Note: this action affects | ||
+ | # | ||
+ | # | ||
+ | # This feature is available in Postfix 2.0 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # IGNORE Delete the current line from the input, and inspect | ||
+ | # the next input line. See STRIP for an alternative | ||
+ | # that logs the action. | ||
+ | # | ||
+ | # INFO optional text... | ||
+ | # Log an " | ||
+ | # log a generic text), and inspect | ||
+ | # | ||
+ | # for debugging. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.8 and later. | ||
+ | # | ||
+ | # PASS optional text... | ||
+ | # | ||
+ | # log a generic text), and turn off header, body, and | ||
+ | # | ||
+ | # sage. | ||
+ | # | ||
+ | # Note: this feature relies on trust in information | ||
+ | # that is easy to forge. | ||
+ | # | ||
+ | # This feature is available in Postfix 3.2 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # PREPEND text... | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # line, immediately | ||
+ | # triggered the PREPEND action. | ||
+ | # | ||
+ | # | ||
+ | # the input stream: | ||
+ | # header/body checks or address rewriting, and | ||
+ | # it does not affect the way that Postfix adds | ||
+ | # missing message headers. | ||
+ | # | ||
+ | # | ||
+ | # line, the prepended text must begin with a | ||
+ | # valid message header label. | ||
+ | # | ||
+ | # | ||
+ | # multi-line text. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.1 and later. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # REDIRECT user@domain | ||
+ | # | ||
+ | # file, and inspect the next input line. After the | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Note: this action overrides the FILTER action, | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # This feature is available in Postfix 2.1 and later. | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # REPLACE text... | ||
+ | # | ||
+ | # and inspect the next input line. | ||
+ | # | ||
+ | # This feature is available in Postfix 2.2 and later. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # replacement | ||
+ | # header label. | ||
+ | # | ||
+ | # | ||
+ | # stream. | ||
+ | # action, a replaced | ||
+ | # subject | ||
+ | # the way that Postfix | ||
+ | # headers. | ||
+ | # | ||
+ | # REJECT optional text... | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # fied, otherwise reply with a generic error message. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # tus codes. | ||
+ | # ning of optional text..., Postfix inserts a default | ||
+ | # | ||
+ | # | ||
+ | # This feature is not supported with smtp header/body | ||
+ | # | ||
+ | # | ||
+ | # STRIP optional text... | ||
+ | # Log a " | ||
+ | # log a generic text), delete the input line from the | ||
+ | # | ||
+ | # for a silent alternative. | ||
+ | # | ||
+ | # This feature is available in Postfix 3.2 and later. | ||
+ | # | ||
+ | # WARN optional text... | ||
+ | # | ||
+ | # (or log a generic text), and inspect the next input | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # BUGS | ||
+ | # Empty lines never match, because some map types mis-behave | ||
+ | # when given a zero-length search string. | ||
+ | # may be removed for regular expression tables in a future | ||
+ | # release. | ||
+ | # | ||
+ | # Many people overlook the main limitations | ||
+ | # body_checks rules. | ||
+ | # | ||
+ | # o These rules operate on one logical message header | ||
+ | # or one body line at a time. A decision made for one | ||
+ | # line is not carried over to the next line. | ||
+ | # | ||
+ | # o If text in the message body is encoded (RFC 2045) | ||
+ | # then the rules need to be specified for the encoded | ||
+ | # form. | ||
+ | # | ||
+ | # o Likewise, | ||
+ | # 2047) then the rules need to be specified | ||
+ | # | ||
+ | # | ||
+ | # Message | ||
+ | # excluded from inspection. Examples of such message headers | ||
+ | # are From:, To:, Message-ID:, | ||
+ | # | ||
+ | # Message | ||
+ | # examined before they are deleted. Examples are: Bcc:, Con- | ||
+ | # tent-Length:, | ||
+ | # | ||
+ | # CONFIGURATION PARAMETERS | ||
+ | # body_checks | ||
+ | # | ||
+ | # body lines. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # body_checks_size_limit | ||
+ | # The amount of content | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # header_checks | ||
+ | # | ||
+ | # mime_header_checks (default: $header_checks) | ||
+ | # | ||
+ | # nested_header_checks (default: $header_checks) | ||
+ | # | ||
+ | # | ||
+ | # the initial message | ||
+ | # | ||
+ | # sage, and to the initial headers of attached | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # at a time, even when a message header spans multi- | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # disable_mime_input_processing | ||
+ | # While receiving mail, give no special treatment | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # that body_checks is applied to the remainder of the | ||
+ | # | ||
+ | # | ||
+ | # Note: when used in this manner, | ||
+ | # | ||
+ | # time. | ||
+ | # | ||
+ | # EXAMPLES | ||
+ | # Header pattern to block attachments | ||
+ | # extensions. | ||
+ | # fied, so that there is no need to collapse | ||
+ | # into | ||
+ | # [[: | ||
+ | # strings. | ||
+ | # | ||
+ | # / | ||
+ | # header_checks = pcre:/ | ||
+ | # | ||
+ | # / | ||
+ | # / | ||
+ | # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| | ||
+ | # hlp|ht[at]| | ||
+ | # inf|ins|isp|jse? | ||
+ | # \{[[: | ||
+ | # ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| | ||
+ | # vb[esx]? | ||
+ | # REJECT Attachment name " | ||
+ | # | ||
+ | # Body pattern to stop a specific HTML browser vulnerability | ||
+ | # exploit. | ||
+ | # | ||
+ | # / | ||
+ | # body_checks = regexp:/ | ||
+ | # | ||
+ | # / | ||
+ | # / | ||
+ | # REJECT IFRAME vulnerability exploit | ||
+ | # | ||
+ | # SEE ALSO | ||
+ | # cleanup(8), canonicalize and enqueue Postfix message | ||
+ | # pcre_table(5), | ||
+ | # regexp_table(5), | ||
+ | # postconf(1), | ||
+ | # postmap(1), Postfix lookup table management | ||
+ | # postsuper(1), | ||
+ | # postcat(1), show Postfix queue file contents | ||
+ | # RFC 2045, base64 and quoted-printable encoding rules | ||
+ | # RFC 2047, message header encoding for non-ASCII text | ||
+ | # | ||
+ | # README FILES | ||
+ | # Use " | ||
+ | # tory" to locate this information. | ||
+ | # DATABASE_README, | ||
+ | # CONTENT_INSPECTION_README, | ||
+ | # BUILTIN_FILTER_README, | ||
+ | # BACKSCATTER_README, | ||
+ | # | ||
+ | # LICENSE | ||
+ | # The Secure | ||
+ | # software. | ||
+ | # | ||
+ | # AUTHOR(S) | ||
+ | # Wietse Venema | ||
+ | # IBM T.J. Watson Research | ||
+ | # P.O. Box 704 | ||
+ | # Yorktown Heights, NY 10598, USA | ||
+ | # | ||
+ | # Wietse Venema | ||
+ | # Google, Inc. | ||
+ | # 111 8th Avenue | ||
+ | # New York, NY 10011, USA | ||
+ | # | ||
+ | # | ||
+ | |||
+ | Wie dies im Detail von Statten geht werden wir uns in einem separaten Schritt [[centos: | ||
+ | ===== Paketfilter / Firewall ===== | ||
+ | Damit fremde **MTA**s((**M**ail **T**ransfer **A**gent)) auf **[[centos: | ||
+ | |||
+ | # firewall-cmd --permanent --zone=public --add-port=25/ | ||
+ | |||
+ | | ||
+ | |||
+ | # firewall-cmd --permanent --zone=public --add-port=587/ | ||
+ | |||
+ | | ||
+ | |||
+ | Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, | ||
+ | # firewall-cmd --reload | ||
+ | |||
+ | | ||
+ | |||
+ | Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist. | ||
+ | # iptables -nvL IN_public_allow | ||
+ | < | ||
+ | pkts bytes target | ||
+ | 0 0 ACCEPT | ||
+ | 0 0 ACCEPT | ||
+ | 0 0 ACCEPT | ||
+ | </ | ||
+ | |||
+ | ===== Systemstart ===== | ||
+ | ==== erster manueller Start ==== | ||
+ | |||
+ | # systemctl start postfix.service | ||
+ | |||
+ | Im Maillog wird der Start unseres Postfix-Servers entsprechend vermerkt. | ||
+ | # less / | ||
+ | < | ||
+ | Oct 10 22:41:26 vml000087.dmz.nausch.org postfix/ | ||
+ | Oct 10 22:41:26 vml000087.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent. | ||
+ | </ | ||
+ | |||
+ | # systemctl status postfix.service | ||
+ | |||
+ | < | ||
+ | <font style=" | ||
+ | | ||
+ | | ||
+ | Process: 14349 ExecStart=/ | ||
+ | Process: 14346 ExecStartPre=/ | ||
+ | Process: 14341 ExecStartPre=/ | ||
+ | Main PID: 14423 (master) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Jan 26 21:41:20 vml000080.dmz.nausch.org systemd[1]: Starting Postfix Mail Transport Agent... | ||
+ | Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 21:41:21 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 21:41:21 vml000080.dmz.nausch.org systemd[1]: Started Postfix Mail Transport Agent.</ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Fragen wir nun mit Hilfe des Befehls '' | ||
+ | # netstat -tulpen | ||
+ | |||
+ | < | ||
+ | Proto Recv-Q Send-Q Local Address | ||
+ | tcp 0 0 127.0.0.1: | ||
+ | tcp6 | ||
+ | |||
+ | Alternativ dazu können wr auch den Befehl '' | ||
+ | # lsof -i :25 | ||
+ | |||
+ | COMMAND | ||
+ | master | ||
+ | master | ||
+ | |||
+ | |||
+ | ==== automatischer Start beim Systemstart ==== | ||
+ | Wollen wir den Daemon beim Hochfahren des Systems automatisch starten, greifen wir auf den Befehl **systemctl** zurück. | ||
+ | # systemctl enable postfix.service | ||
+ | |||
+ | | ||
+ | # systemctl is-enabled postfix.service | ||
+ | |||
+ | | ||
+ | |||
+ | Startet der Server nicht automatisch, | ||
+ | |||
+ | ===== Systemtest ===== | ||
+ | |||
+ | Mit der minimalen Konfiguration unseres Postfix haben wir bereits einen lauffähigen **MTA**. Zum Testen verwenden wir das Programm **telnet**. | ||
+ | Die Eingaben am testenden Client sind in der Farbe < | ||
+ | |||
+ | < | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | Connected to ::1. | ||
+ | Escape character is ' | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | To: django@vml000087.dmz.nausch.org | ||
+ | Subject: erste testmail | ||
+ | Date: heute | ||
+ | |||
+ | test | ||
+ | .</ | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | <font style=" | ||
+ | </ | ||
+ | |||
+ | Die Message-ID **5FFA5600088** finden wir dann auch im Maillog wieder. | ||
+ | |||
+ | # tail -n7 / | ||
+ | |||
+ | < | ||
+ | Jan 26 22:03:46 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 22:04:20 vml000080.dmz.nausch.org postfix/ | ||
+ | Jan 26 22:04:23 vml000080.dmz.nausch.org postfix/ | ||
+ | |||
+ | Auf unserem Festplatten wurde die eMail auch entsprechend abgespeichert. | ||
+ | < | ||
+ | ├── django | ||
+ | └── root | ||
+ | </ | ||
+ | |||
+ | # cat / | ||
+ | |||
+ | < | ||
+ | Return-Path: | ||
+ | X-Original-To: | ||
+ | Delivered-To: | ||
+ | Received: from foo (localhost [IPv6:::1]) | ||
+ | by vml000080.dmz.nausch.org (Postfix) with SMTP id 5FFA5600088 | ||
+ | for < | ||
+ | From: michael@nausch.org | ||
+ | To: django@vml000087.dmz.nausch.org | ||
+ | Subject: erste testmail | ||
+ | Date: heute | ||
+ | Message-Id: < | ||
+ | |||
+ | test | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Links ====== | ||
+ | * **⇐ [[centos: | ||
+ | * **⇒ [[centos: | ||
+ | * **[[centos: | ||
+ | * **[[wiki: | ||
+ | * **[[http:// | ||
+ | |||