Child pages
  • Serversetup multi-tenant Zarafa+Postfix+SASL+SpamAssassin+Clamav+openLDAP (Ubuntu 14.04 LTS)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

No Format
title/etc/postfix/main.cf
smtpd_banner            = $myhostname ESMTP NO UCE
myhostname              = mail.example.com
biff                    = no
append_dot_mydomain     = no
mynetworks              = 127.0.0.0/8, 10.1.0.0/16
recipient_delimiter     = +
inet_interfaces         = all
inet_protocols          = ipv4
myorigin                = $myhostname
mydestination           = $myhostname localhost.example.com, localhost

virtual_mailbox_domains = example.com, example.net, example.org
virtual_mailbox_maps    = ldap:/etc/postfix/ldap-users.cf
virtual_alias_maps      = ldap:/etc/postfix/ldap-aliases.cf
virtual_transport       = lmtp:127.0.0.1:2003

# SASL
smtpd_sasl_auth_enable          = yes
broken_sasl_auth_clients        = yes

# TLS encryptiion
smtpd_tls_security_level        = may
smtpd_tls_auth_only             = yes
smtpd_tls_cert_file             = /etc/postfix/keys/postfix.crt
smtpd_tls_key_file              = /etc/postfix/keys/postfix.key
smtpd_tls_CAfile                = /etc/postfix/keys/postfix.pem
smtpd_tls_loglevel              = 0
smtpd_tls_received_header       = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source               = dev:/dev/urandom

### Before-220 tests (postscreen / DNSBL)
postscreen_access_list          = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_reply_map      = pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_blacklist_action     = drop
postscreen_dnsbl_action         = enforce
postscreen_greet_action         = enforce
postscreen_dnsbl_threshold      = 4
postscreen_dnsbl_sites =
        zen.spamhaus.org*3
        b.barracudacentral.org*2
        bl.spameatingmonkey.net*2
        bl.spamcop.net
        dnsbl.sorbs.net
        psbl.surriel.com
        bl.mailspike.net
        swl.spamhaus.org*-4
postscreen_whitelist_interfaces = $mynetworks, static:all
 
### End of before-220 tests
### After-220 tests
### WARNING -- See "Tests after the 220 SMTP server greeting" in the
### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the
### following tests! This basically enables some kind of greylisting!
#postscreen_bare_newline_action = enforce
#postscreen_bare_newline_enable = yes
#postscreen_non_smtp_command_enable = yes
#postscreen_pipelining_enable = yes
### ADDENDUM: Any one of the foregoing three *_enable settings may cause
### significant and annoying mail delays.


# CLAMAV integration via clamsmtp proxy
content_filter                  = scan:127.0.0.1:10025
receive_override_options        = no_address_mappings
 
# check incoming mail for 'stuff'
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unknown_recipient_domain,
        reject_non_fqdn_recipient,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname

smtpd_data_restrictions =
        reject_unauth_pipelining

# client restrictions
smtpd_client_restrictions =
        permit_mynetworks,
        permit_auth_destination,
        permit_sasl_authenticated

# anybody out there?
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        reject_non_fqdn_hostname

# who may send
smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_non_fqdn_sender,
        permit_sasl_authenticated,
        permit_mynetworks

# mail reject codes
unknown_address_reject_code             = 554
unknown_client_reject_code              = 554
unknown_hostname_reject_code            = 554
unknown_local_recipient_reject_code     = 554
unknown_relay_recipient_reject_code     = 554
unknown_virtual_alias_reject_code       = 550
unknown_virtual_mailbox_reject_code     = 550
# deferred mail intervals

# (default: 300 seconds; before Postfix 2.4: 1000s)
# How often the queue manager scans the queue for deferred mail.
queue_run_delay                 = 900

# (default: 300 seconds; before Postfix 2.4: 1000s)
# The minimal amount of time a message won't be looked at, and the minimal amount of time to stay away from a "dead" destination.
minimal_backoff_time            = 450

# (default: 4000 seconds)
# The maximal amount of time a message won't be looked at after a delivery failure.
maximal_backoff_time            = 1800

# (default: 5 days)
# How long a message stays in the queue before it is sent back as undeliverable. Specify 0 for mail that should be returned immediately after the first unsuccessful delivery attempt.
maximal_queue_lifetime          = 14

# (default: 5 days, available with Postfix version 2.1 and later)
# How long a MAILER-DAEMON message stays in the queue before it is considered undeliverable. Specify 0 for mail that should be tried only once.
bounce_queue_lifetime           = 14

# (default: 20000)
# The size of many in-memory queue manager data structures. Among others, this parameter limits the size of the short-term, in-memory list of "dead" destinations. Destinations that don't fit the list are not added.
qmgr_message_recipient_limit    = 1000000

# max message size (15M)
message_size_limit              = 15360000

...