Re: Postfix for internet

Sun, 27 May 2012 05:24:22 -0700 

On 05/27/2012 05:47 AM, Carlos Raúl Laguna Mendoza wrote:

El 26/05/12 22:58, Noel Jones escribió:

On 5/26/2012 9:18 PM, Carlos Raúl Laguna Mendoza wrote:

Hello everyone i am setting up a server for internet but i has no
experience with this setup so i would like
some advice here what kind of considerations should i take.


...


'postconf -n'

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0

It's generally better to set an insanely large limit rather than no
limit at all.


mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = jovenclub.cu
myhostname = nscu.jovenclub.cu
mynetworks = 127.0.0.0/8, 172.16.1.7
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = jovenclub.cu *.jovenclub.cu cubava.cu *.cubava.cu
ecured.cu *.ecured.cu

The relay_domains parameter is documented.
http://www.postfix.org/postconf.5.html#relay_domains
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to

With the default setting of parent_domain_matches_subdomains, a
domain will automatically match all subdomains.


relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_error_sleep_time = 60

Not a good idea, this will DOS yourself.  Leave this at the default 1s.


smtpd_hard_error_limit = 10

This disables the built-in stress parameters.  Better:
   smtpd_hard_error_limit = ${stress?1}${stress:10}


smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,reject_non_fqdn_recipient,
reject_unknown_sender_domain,    reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000    check_policy_service
unix:private/policy-spf

OK.


smtpd_soft_error_limit = 60

Why do you set this so high?  The default of 10 should be generous
enough.



transport_maps = hash:/etc/postfix/transport

I added the spf and the postgrey deamon but no sure if this conf is ok
Actually have no idea if postfix accept the declarations of
subdamins like this
relay_domains = jovenclub.cu *.jovenclub.cu cubava.cu *.cubava.cu
ecured.cu *.ecured.cu some light ove here would be fine and any
suggestion would be appreciated. Regards

http://www.postfix.org/documentation.html




   -- Noel Jones
Thank for answer me back so fast, one more question should i add tls support for this server ?
Only if you expect users to submit mail over the submission port (587), or need to relay mail from an untrusted network.
In other words, impossible to say without knowing what you intend to do with this server. 

--
J.

Reply via email to