On 4/8/2010 12:34 PM, postfix-us...@tja-server.de wrote:
And finally, to showcase my config, the "postconf -n" outputs, modified
to remove real hostnames and IP-addresses.
A "client" server:
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
This should use $data_directory rather than $queue_directory.
$data_directory must be a directory owned by $mail_owner
(default "postfix") and not used by any other programs. On
most systems this defaults to /var/lib/postfix.
http://www.postfix.org/postconf.5.html#data_directory
http://www.postfix.org/postconf.5.html#smtp_tls_session_cache_database
smtpd_client_restrictions = reject_unknown_reverse_client_hostname,
check_client_access hash:/etc/postfix/client_access
All smtpd_*_restrictions should start with "permit_mynetworks,
permit_sasl_authenticated" to prevent rejecting authorized
clients.
smtpd_helo_restrictions = reject_invalid_helo_hostname
Same comment as above.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient_access
OK.
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access
same comment as smtpd_client_restrictions.
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
same comment as smtp_tls_session_cache_database
smtpd_use_tls = yes
This parameter is obsolete. Rather use
smtpd_tls_security_level = may
http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
And the IMAP server (Server B):
Same comments as above.
-- Noel Jones
