Hello my dear Postfix users :)
I got a "new" server, that still runs older software: Debian 6.0.9 with
Postfix 2.7.1
I tried to start anew and tried to get my configuration as small as
possible, with only few changes to the default settings.
I am using "grossd" as greylisting server on port 5525
Esp. at the smtpd_*_restrictions i am unsure if i did too much ... or
too few :)
Maybe someone could have a look at those things?
Did i do wrong?
Thank you very much!
I came out with the following:
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
DEFAULT=$HOME/MyMail/ MAILDIR=$HOME/MyMail
mailbox_size_limit = 1073741824
message_size_limit = 41943040
mydestination = $myhostname, localhost.$mydomain, localhost,
/etc/postfix/mydomains
myhostname = MYFQHN
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, MYOWNIP/32
mynetworks_style = host
recipient_delimiter = .
relocated_maps = hash:/etc/postfix/relocated
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/client_access, permit_inet_interfaces,
permit_mynetworks, permit_sasl_authenticated,
reject_unknown_reverse_client_hostname, reject_unknown_client_hostname,
permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access
hash:/etc/postfix/helo_access, permit_mynetworks,
permit_sasl_authenticated, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname,
reject_invalid_hostname, permit
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access, permit_mynetworks,
permit_sasl_authenticated, reject_unlisted_recipient,
reject_non_fqdn_recipient, reject_unauth_destination,
reject_unknown_recipient_domain, check_policy_service
inet:localhost:5525, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unknown_address, permit
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
At client_access, i added some otherwise problematic clients.
At header_checks, i remove some header lines (User-Agent and initial
Received "by" server).
At helo_access, i added some otherwise problematic servers.
At mydomains, i list all domains i am hosting.
At recipient_access, i redirect or reject some "sub-domains" (some
spammed mail-adresses).
At relocated, i bounce (or send information about) some old and unused
mail-adresses.
sender_access is currently empty.
