[postfix-users] Tipps für Neuerungen Konfiguration Antispam ...
Matthias Haegele
mathias.haegele at gmx.de
Sa Aug 13 18:56:55 CEST 2011
Hallo Ihr!
Da ich mich eine Weile (so ca. 2 Jahre) kaum mehr intensiv mit Postfix
beschäftigt habe habt ihr ein paar Tipps für mich was ich evtl. anpassen
sollte hauptsächlich im Bezug auf Antispam usw.
postscreen will ich mir mal angucken, da es ja auch so lobend im
Linuxmag erwähnt wurde ...
Grüsse & Danke im Voraus ...
MH
Installierte Versionen usw.:
--
ii postfix 2.8.3-1~bpo60+1
High-performance mail transport agent
ii postfix-doc 2.5.5-1.1
Documentation for Postfix
ii postfix-ldap 2.8.3-1~bpo60+1 LDAP
map support for Postfix
ii postfix-mysql 2.8.3-1~bpo60+1 MySQL
map support for Postfix
ii postfix-pcre 2.8.3-1~bpo60+1 PCRE
map support for Postfix
ii amavisd-new 1:2.6.4-3
Interface between MTA and virus
scanner/content filters
ii spamassassin 3.3.1-1
Perl-based spam filter using
text analysis
postconf -n
address_verify_map = btree:/var/spool/postfix/verified_senders
address_verify_negative_cache = yes
address_verify_negative_refresh_time = 6m
address_verify_poll_count = 1
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_size_limit = 1000
config_directory = /etc/postfix
content_filter = amavisd-new:[127.0.0.1]:10024
delay_warning_time = 1h
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $mydomain, $myhostname localhost
mydomain = linuxrocks.dyndns.org
myhostname = hermes.linuxrocks.dyndns.org
mynetworks = 127.0.0.0/8
myorigin = $mydomain
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 15
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
reject_unlisted_recipient, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_destination,
check_sender_access hash:/etc/postfix/disallow_my_domain
check_sender_access hash:/etc/postfix/blacklist_sender
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
sleep 1, reject_unauth_pipelining,
reject_unknown_reverse_client_hostname reject_invalid_helo_hostname,
check_helo_access pcre:/etc/postfix/helo_checks
check_client_access pcre:/etc/postfix/client-checks
check_sender_mx_access cidr:/etc/postfix/bogus_mx reject_rbl_client
zen.spamhaus.org, warn_if_reject reject_rhsbl_sender
bogusmx.rfc-ignorant.org, reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rbl_client ix.dnsbl.manitu.net reject_unknown_sender_domain
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 5
smtpd_tls_security_level = may
unverified_sender_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_mailbox_aliases
virtual_gid_maps = static:1003
virtual_mailbox_base = /var/spool/virtual_mailboxes
virtual_mailbox_domains = haegele-clan.eu
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_recipients
virtual_uid_maps = static:1003
cat /etc/postfix/master.cf | grep -v ^#
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop
-f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
tlsmgr unix - - - 1000? 1 tlsmgr
scache unix - - - - 1 scache
discard unix - - - - - discard
retry unix - - - - - error
--
Mehr Informationen über die Mailingliste postfix-users