Postfix: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 62: | Line 62: | ||
<pre> | <pre> | ||
# Tripany edits | # Tripany edits | ||
# Prevent backscatter (goeds under mydestination | |||
local_recipient_maps = proxy:unix:passwd.byname $alias_maps | |||
# prevent backscatter | |||
unverified_recipient_reject_code = 550 | |||
unverified_sender_reject_code = 550 | |||
message_size_limit = 15000000 | |||
# Add virtual accounts and all the domains into these two files | # Add virtual accounts and all the domains into these two files | ||
virtual_alias_maps = hash:/etc/postfix/virtual | virtual_alias_maps = hash:/etc/postfix/virtual | ||
virtual_alias_domains = /etc/postfix/virtual-domains | virtual_alias_domains = /etc/postfix/virtual-domains | ||
# To make aliases add them to these files | |||
alias_maps = hash:/etc/postfix/aliases | |||
alias_database = hash:/etc/postfix/aliases | |||
virtual_mailbox_base = /var/spool/mail | virtual_mailbox_base = /var/spool/mail | ||
# Anti Spam measures | |||
smtpd_recipient_restrictions = permit_mynetworks, | smtpd_recipient_restrictions = permit_mynetworks, | ||
permit_sasl_authenticated, | |||
reject_unauth_destination, | reject_unauth_destination, | ||
reject_unknown_recipient_domain, | |||
reject_unlisted_recipient, | |||
reject_unverified_recipient, | |||
reject_non_fqdn_sender, | reject_non_fqdn_sender, | ||
reject_non_fqdn_recipient, | |||
reject_non_fqdn_hostname, | |||
reject_unknown_sender_domain, | reject_unknown_sender_domain, | ||
reject_unauth_destination, | reject_unauth_destination, | ||
reject_unauth_pipelining, | |||
reject_invalid_hostname, | |||
reject_rbl_client zen.spamhaus.org, | reject_rbl_client zen.spamhaus.org, | ||
reject_rbl_client bl.spamcop.net, | reject_rbl_client bl.spamcop.net, | ||
permit | permit | ||
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client sbl.spamhaus.org, | smtpd_client_restrictions = permit_mynetworks, | ||
reject_rbl_client sbl.spamhaus.org, | |||
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit | permit | ||
smtpd_sender_restrictions = reject_unknown_sender_domain, permit | smtpd_helo_restrictions = permit_mynetworks, | ||
reject_invalid_hostname, | |||
permit | |||
smtpd_sender_restrictions = warn_if_reject, | |||
reject_non_fqdn_sender, | |||
warn_if_reject, | |||
reject_unknown_sender_domain, | |||
warn_if_reject, | |||
reject_unknown_address, | |||
permit | |||
smtpd_data_restrictions = reject_unauth_pipelining, | |||
permit | |||
smtpd_helo_required = yes | smtpd_helo_required = yes | ||
disable_vrfy_command = yes | disable_vrfy_command = yes | ||
default_process_limit = 100 | default_process_limit = 100 | ||
# This is what postfix will act as an SMTP server for | # This is what postfix will act as an SMTP server for | ||
relay_domains = /etc/postfix/relay-domains | relay_domains = /etc/postfix/relay-domains | ||
| Line 94: | Line 123: | ||
transport_maps = hash:/etc/postfix/transport | transport_maps = hash:/etc/postfix/transport | ||
mailman_destination_recipient_limit = 1 | mailman_destination_recipient_limit = 1 | ||
</pre> | </pre> | ||
Revision as of 13:09, 15 September 2009
Changes for a new install on Debian:
/etc/postfix
touch relay-domains
touch virtual
touch virtual-domains
touch transport
#This is the list of domains we will transport mail for over smtp, using different protocols.
# This is a hashfile, so postmap transport after editing.
apt-get install popa3d
# get rid of the postfix pop daemon
/etc/logrotate.d/postfix:
------------------------------
/var/log/mail/popa3d.log /var/log/mail/mail.err /var/log/mail/mail.info /var/log/mail/mail.warn /var/log/mail/mail.log {
prerotate
/opt/triphost/statisticstripghostmail.sh
endscript
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 640 root adm
------------------------------
add the following to /etc/rsyslogd.conf
!popa3d
*.* /var/log/mail/popa3d.log
touch /var/log/mail/popa3d.log
Check configuration postconf -n /etc/postfix/virtual # In order to translate any mailbox address from one domain to a mapped user on another domain add the following entries: # account1@olddomain.ext account1 # account2@olddomain.ext account2 # newdomain.ext DOMAIN # @newdomain.ext @olddomain.ext # this will ensure that account1@olddomain.ext AND account1@newdomain.ext is delivered to account1 and account2@[newdomain or olddomain].ext goes to account2 # After changing this file run # postmap virtual # Catchalls are set up with # @domain.ext userid /etc/postfix/virtual-domains # This file contains the domains for which postfix will accept email # It's not a hash file, so no need to run postmap on it.
These are the /etc/postfix/main.cf edits
# Tripany edits
# Prevent backscatter (goeds under mydestination
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
# prevent backscatter
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
message_size_limit = 15000000
# Add virtual accounts and all the domains into these two files
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = /etc/postfix/virtual-domains
# To make aliases add them to these files
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail
# Anti Spam measures
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unverified_recipient,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit
smtpd_client_restrictions = permit_mynetworks,
reject_rbl_client sbl.spamhaus.org,
permit
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
permit
smtpd_sender_restrictions = warn_if_reject,
reject_non_fqdn_sender,
warn_if_reject,
reject_unknown_sender_domain,
warn_if_reject,
reject_unknown_address,
permit
smtpd_data_restrictions = reject_unauth_pipelining,
permit
smtpd_helo_required = yes
disable_vrfy_command = yes
default_process_limit = 100
# This is what postfix will act as an SMTP server for
relay_domains = /etc/postfix/relay-domains
# For delayed delivery using etrn
defer_transports = etrn-only
fast_flush_domains = $relay_domains
smtpd_etrn_restrictions = permit_mynetworks, reject
# This is all added for Mailman
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
To accept messages in the mailqueue and defer them untill the primary MX server is up again, add the domain.ext to /etc/postfix/relay-domains and in transport add domain.ext etrn-only: The mail will then be delivered when sendmail -q is sent, or when telnet mailserver 25, helo originating.domain etrn defermaildomain.ext mails get defered - you can see them in mailq also in /var/spool/postfix/flush/ (see also http://lists.freebsd.org/pipermail/freebsd-questions/2006-February/112246.html http://www.postfix.org/ETRN_README.html http://archives.neohapsis.com/archives/postfix/2001-07/0730.html) postfix reload reloads the config http://wiki.ev-15.com/debian:mail_system for how to set up squirrelmail and cyrus for IMAP with postfix
You can also force the queue delivery by running
postqueue -f
or deliver a specific message by
postsuper -r queue_id
You can see the structure of the queues by using
qshape
you can see the active / incoming / deferred / hold queues by doing
qshape deferred
you may have to wait a bit for the output though.
To kill all deferred messages in the queue you can use
postsuper -d ALL deferred
An example from http://sysop.com.cn/document/Postfix.The.Definitive.Guide/0596002122_postfix-chp-5-sect-2.html
Example 5-1. Perl script to delete queued messages by email address
#!/usr/bin/perl -w
#
# pfdel - deletes message containing specified address from
# Postfix queue. Matches either sender or recipient address.
#
# Usage: pfdel <email_address>
#
use strict;
# Change these paths if necessary.
my $LISTQ = "/usr/sbin/postqueue -p";
my $POSTSUPER = "/usr/sbin/postsuper";
my $email_addr = "";
my $qid = "";
my $euid = $>;
if ( @ARGV != 1 ) {
die "Usage: pfdel <email_address>\n";
} else {
$email_addr = $ARGV[0];
}
if ( $euid != 0 ) {
die "You must be root to delete queue files.\n";
}
open(QUEUE, "$LISTQ |") ||
die "Can't get pipe to $LISTQ: $!\n";
my $entry = <QUEUE>; # skip single header line
$/ = ""; # Rest of queue entries print on
# multiple lines.
while ( $entry = <QUEUE> ) {
if ( $entry =~ / $email_addr$/m ) {
($qid) = split(/\s+/, $entry, 2);
$qid =~ s/[\*\!]//;
next unless ($qid);
#
# Execute postsuper -d with the queue id.
# postsuper provides feedback when it deletes
# messages. Let its output go through.
#
if ( system($POSTSUPER, "-d", $qid) != 0 ) {
# If postsuper has a problem, bail.
die "Error executing $POSTSUPER: error " .
"code " . ($?/256) . "\n";
}
}
}
close(QUEUE);
if (! $qid ) {
die "No messages with the address <$email_addr> " .
"found in queue.\n";
}
exit 0;
Postgrey is a greylister that rejects email from a server on the first try, using the fact that most spammers do not retry to send their email, whereas almost all normal mail servers do.