roddewig-online DokuWiki

Zuletzt angesehen:
Sie befinden sich hier: start » howto » zarafa » main.cf

Dies ist eine alte Version des Dokuments! 

#Informationen über den Server
smtpd_banner = $myhostname ESMTP Mailserver

#Lokale Benutzer über neue Mails informieren
biff = no

#Mailadressen durch den eignen Hostname vervollständigen
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

content_filter=smtp-amavis:[127.0.0.1]:10024

# TLS parameters
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

maximal_queue_lifetime = 2h
bounce_queue_lifetime = 2h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m
delay_warning_time = 5m
bounce_template_file = /etc/postfix/bounce.cf

#TLS Ankommend
smtp_tls_security_level = may
smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
smtp_tls_key_file = /etc/postfix/ssl/privkey.pem
smtp_tls_CAfile = /etc/postfix/ssl/fullchain.pem
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#TLS Ausgehend
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/privkey.pem
smtpd_tls_CAfile = /etc/postfix/ssl/fullchain.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = fpoc.roddewig-online.de
mydomain = int.roddewig-online.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = mail.bunti.loc, mail1804.bunti.loc, mail1804.int.roddewig-online.de,  localhost.bunti.loc, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
mailbox_size_limit = 0
message_size_limit = 41943040
recipient_delimiter = +
inet_interfaces = all

virtual_mailbox_domains = roddewig-online.de, edv-wak.de, super-mueller.de, elm-net.de
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:127.0.0.1:2003

# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_helo_required = yes
smtpd_helo_restrictions =   permit_mynetworks
                           # reject_invalid_helo_hostname
                           # reject_non_fqdn_helo_hostname
                           # reject_unknown_helo_hostname
                reject_unknown_reverse_client_hostname

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_sender_restrictions = pcre:/etc/postfix/rejected_domains
#reject_unauth_destinations = pcre:/etc/postfitx/rejected_domains

# No open relay!
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access hash:/etc/postfix/black-whitelist
    check_sender_access hash:/etc/postfix/black-whitelist

#    check_policy_service unix:private/policy-spf
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_sender_domain
    reject_unknown_recipient_domain
    reject_unknown_helo_hostname
    reject_unauth_pipelining
    reject_unauth_destination
    reject_rbl_client zen.spamhaus.org
#    reject_rbl_client bl.spamcop.net
#    reject_rbl_client dul.dnsbl.sorbs.net
#    reject_rbl_client bl.spamcop.net
#    reject_rbl_client ix.dnsbl.manitu.net
#    reject_rbl_client cbl.abuseat.org
    reject_rhsbl_helo db1.spamhaus.org
    reject_rhsbl_sender db1.spamhaus.org
#    check_policy_service inet:127.0.0.1:10023
    permit

#postscreen_access_list = permit_mynetworks
#postscreen_blacklist_action = drop

#postscreen_greet_action = drop
#postscreen_dnsbl_threshold = 2
#postscreen_dnsbl_sites = dnsbl.sorbs.net*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*2 #, zen.spamhaus.org*2
#postscreen_dnsbl_action = drop
Zuletzt geändert: 2019/06/10 15:02
CC Attribution-Noncommercial 4.0 International Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial 4.0 International