# # 2009 Nico Schottelius (nico-configfiles at schottelius.org) # # This file is part of nsconfigfiles. # # nsconfigfiles is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # nsconfigfiles is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with nsconfigfiles. If not, see . # # # Working configuration from mx3.schottelius.org # alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mx3.schottelius.org myhostname = mx3.schottelius.org mydestination = mx3.schottelius.org inet_interfaces = mx3.schottelius.org smtpd_banner = Little Tux serves $myhostname with ESMTP biff = no append_dot_mydomain = no readme_directory = no # # TLS parameters # smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_use_tls=yes smtpd_tls_cert_file=/etc/ssl/mx3.schottelius.org.crt smtpd_tls_key_file=/etc/ssl/mx3.schottelius.org.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # # SASL: cyrus-sasl-SQL!!!!! # smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = no smtpd_tls_auth_only = yes #smtpd_sasl_path = smtpd # not needed #smtpd_sasl_local_domain = relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 62.65.138.64/27 77.109.138.192/27 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 #recipient_delimiter = + # Groesse: 100MiB message_size_limit = 104857600 virtual_mailbox_limit = 104857600 # Fehler: Wie lange verzoegern, nach wie vielen verzoegern, nach wie vielen abbrechen smtpd_error_sleep_time = 23s smtpd_soft_error_limit = 1 smtpd_hard_error_limit = 3 # Beschraenkung von Nachrichten und Verbindungen pro Zeitraum # Zeitraum ist 60 Sekunden anvil_rate_time_unit = 60s # Die Rechner sind nicht davon betroffen smtpd_client_event_limit_exceptions = 77.109.138.192/27 # Wie viele Verbindungen maximal parallel smtpd_client_connection_count_limit = 5 # Wie viele Verbindungen maximal innerhalb des spezifizierten Zeitraumes smtpd_client_connection_rate_limit = 30 # Wie viele Nachrichten smtpd_client_message_rate_limit = 30 # Wie viele Empfaenger pro Nachricht maximal #smtpd_client_recipient_rate_limit = 50 smtpd_client_recipient_rate_limit = 150 # # Client # # sbl = known spammers # xbl = known exploited boxes # http://dsbl.org/faq = open proxies # sorbs: http://www.de.sorbs.net/using.shtml # Blocken falsch: # reject_rbl_client cbl.anti-spam.org.cn # reject_rbl_client problems.dnsbl.sorbs.net smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_client reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client list.dsbl.org reject_rbl_client combined.rbl.msrbl.net reject_rbl_client psbl.surriel.com # # HELO: muss da sein # smtpd_helo_required = yes # Helo: muss valide sein, wir hoeren nur auf MTAs smtpd_helo_restrictions = permit_sasl_authenticated reject_non_fqdn_hostname # reject_unknown_hostname # reject_invalid_hostname # # Verify-Einsteillungeniziert haben: hier noetig? => jup! # address_verify_map = btree:/home/server/postfix/cache/verified # catch greylisting and co with a very small timeout address_verify_negative_expire_time = 3m # # Senderbeschraenkungen # smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_non_fqdn_sender reject_unverified_sender # # Empfaenger # # check_client_access: fuer smtp-after-pop: hier nicht noetig. # reject_unverified_recipient: koennen wir hier machen. # #reject_unknown_recipient_domain smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unauth_destination #reject_unverified_recipient # wir sind nur empfaenger, NICHT VERIFY! #check_client_access mysql:/etc/postfix/mysql-pbs.cf # # Databeschraenkungen # # Block clients that speak too early. smtpd_data_restrictions = reject_unauth_pipelining # transport: not virtual #transport_maps = pgsql:/etc/postfix/virtual-transport.sql # # Virtual Mailboxes # # all virtual domains, like rcphosts != DESTINATION! virtual_mailbox_domains = pgsql:/etc/postfix/virtual-domains.sql # under which directory are all maildirs virtual_mailbox_base = /home/server/mail # the mappings and alias mappings # account path_relative_to_virtual_mailbox_base # DARF NIE MIT DESTINATION GLEICH SEIN! (laut netzdoku) virtual_mailbox_maps = pgsql:/etc/postfix/virtual-mailbox.sql # spaeter auch die! virtual_alias_maps = pgsql:/etc/postfix/virtual-alias-maps.sql # mailman stuff (see postfix-to-mailman.py in mailman git) relay_domains = l.schottelius.org, l.eof.name, lists.eof.name transport_maps = hash:/etc/postfix/transport mailman_destination_recipient_limit = 1 # needed? # virtual_transport = # minimum uid: for securiy virtual_minimum_uid = 1000 virtual_uid_maps = static:1006 virtual_gid_maps = static:1006 #debug_peer_list = 62.65.149.149 127.0.0.1 62.65.138.77