[postfix-users] Check und Meinungen zur postfix konfiguration

Wed, 21 Sep 2011 23:10:51 -0700 

Hallo,

wie in einer vorhergehend Mail angekündigt bitte ich euch um eure
Meinungen zu der geposteten postfix Konfiguration.

Habe das übliche postfix-sandwich gebaut smtpd->amavisd-new->smtpd

###postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
disable_vrfy_command = yes
home_mailbox = inet_interfaces = all 

# Brauch ich das wenn ich über transport dovecot ausliefere
mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 

mydestination = external.none.at,lvps46-163-74-15.dedicated.hosteurope.de,
                localhost.dedicated.hosteurope.de, localhost

myhostname = external.none.at
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = -
relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access \
                            hash:/etc/postfix/client_restrictions

smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
                               reject_non_fqdn_hostname,
                               reject_non_fqdn_sender,
                               reject_non_fqdn_recipient,
                               reject_unknown_sender_domain,
                               reject_unknown_recipient_domain,
                               reject_unknown_client,
                               reject_unknown_hostname,
                               permit_mynetworks,
                               reject_unauth_destination,
           check_recipient_access hash:/etc/postfix/recipient_checks,
           check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
           check_helo_access hash:/etc/postfix/helo_checks,
           check_sender_access hash:/etc/postfix/sender_checks,
           check_sender_access pcre:/etc/postfix/sender_checks.pcre,
           check_client_access hash:/etc/postfix/client_checks,
           check_client_access pcre:/etc/postfix/client_checks.pcre,
           reject_rbl_client zen.spamhaus.org,
           permit

smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = smtpd_sasl_path = private/auth 
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = smtpd_tls_auth_only = no 
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/

virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
###

###master.conf
...standard
submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
...standard
#amavis part
amavisfeed unix    -       -       n       -       2     smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o
    
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=
    -o syslog_name=amavis-postfix
#amavis part end

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
  -d ${user}@${nexthop} -a ${recipient}
###

Ich würde gerne die nicht benutzen delivery methoden

ifmail, bsmtp, scalemail-backend, mailman, uucp, maildrop

auskommentiern, sollte ja keine negativen Auswirkungen habe, oder?

@postscreen bin ich noch am lesen von
http://www.postfix.org/POSTSCREEN_README.html um zu entscheiden welche
Einstellungen ich genau haben will.

Vielen dank im voraus für eure Meinung.

LG
Aleks
_______________________________________________
postfix-users mailing list
[email protected]
http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users

Antwort per Email an