Willy De la Court wrote: > Hi all, > > I'm new to postfix coming from another MTA. I just want some feedback on > the configuration I use at the moment and get some reponse for improving > that configuration. > > Setup Debian (Lenny) all packages from the standard repository. > > postfix 2.5.5-1.1 > postfix-mysql 2.5.5-1.1 > postfixadmin 2.3rc4 > maildrop 2.0.4-3 > spamassassin 3.2.5-2 > > postconf -n > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases >
Not used, remove/comment them if you like (removes confusion later). Only local(8) will use these and you disabled this below. (Unless your transport_maps includes local) [snip] > local_recipient_maps = $virtual_mailbox_maps > local_transport = virtual > This is not recommended because it doesn't follow the Address Class definitions. http://www.postfix.org/ADDRESS_CLASS_README.html This may break in the future. > mailbox_command = procmail -a "$EXTENSION" > mailbox_size_limit = 0 > Only local(8) will use these two. [snip] > receive_override_options = no_address_mappings > Is this necessary? You continually override it in master.cf. It is *easier* to read if you remove it from here and only put it in master.cf where needed. > recipient_delimiter = + > relay_domains = proxy:mysql:/etc/postfix/mysql/relay-domains.cf > No relay_recipient_maps? Possible BackScatter source. [snip] > smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_non_fqdn_hostname, reject_invalid_hostname, permit > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_pipelining, > reject_non_fqdn_recipient, reject_unknown_recipient_domain, > reject_unauth_destination, reject_invalid_hostname, reject_rbl_client > bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit > smtpd_sender_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_sender, > reject_unknown_sender_domain, permit I hope you have a caching DNS server locally. DNS failures will cause delays of mail delivery. permits on the end are "nice" to the eye. They are also implied if you remove them too. [snip] > smtpd_use_tls = yes > Deprecated, prefer 'smtpd_tls_security_level = may' [snip]