Home | Comics | wishlist | Impressum | Datenschutzerklärung | 54.162.159.33


Mailhub Configuration Mailhub

Besonderes Augenmerk sollte der Anti Spam Sektion gelten!
Have a look at the Anti Spam section!

biff = no
# wir haben kein biff / we don't have biff -- nobody uses this

content_filter = amavis:[localhost]:10024
# I created a dedicated transport called "amavis" in master.cf

notify_classes = resource, software
queue_minfree = 20480000

mydomain = arschkrebs.de
# see how I don't need to set $myhostname and $mydomain?

mydestination = 
   $mydomain
   $myhostname 
   www.$mydomain

mynetworks = 
   127.0.0.0/8, 
   134.169.69.192/26 

smtpd_helo_required     = yes
strict_rfc821_envelopes = yes
# Strenge Syntax / Strict syntax

disable_vrfy_command = yes
# kein VRFY / no VRFY command

unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554
# permanent error codes for these reject_unknown_* things

alias_maps = hash:/etc/postfix/aliases hash:/var/lib/mailman/data/aliases
alias_database = $alias_maps
# Additonal maps since we use mailman

owner_request_special = no
# for mailman 

recipient_canonical_maps = hash:/etc/postfix/canonical
   
relocated_maps = hash:/etc/postfix/relocated
   
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
virtual_domain_maps = hash:/etc/postfix/virtual_domains
   
relay_domains = hash:/etc/postfix/relay_domains

transport_maps = hash:/etc/postfix/transport

local_recipient_maps = 
   $relocated_maps,
   $alias_maps,
   proxy:unix:passwd.byname
# Damit wird Mail fuer unbekannte User direkt am SMTP port geblockt  

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = 
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_unauth_destination,
   check_recipient_access regexp:/etc/postfix/recipient_checks.regexp,
   check_recipient_access hash:/etc/postfix/recipient_checks,
   check_sender_access    hash:/etc/postfix/sender_checks,
   check_client_access    hash:/etc/postfix/client_checks,
   reject_unauth_pipelining,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_rbl_client      ix.dnsbl.manitu.net
   reject_rbl_client      zen.spamhaus.org
   reject_rbl_client      list.dsbl.org
   check_sender_access    hash:/etc/postfix/rhsbl_sender_domain_exceptions,
   reject_rhsbl_sender    dsn.rfc-ignorant.org
   check_sender_access    hash:/etc/postfix/frequently_forged_senders
   permit
# reject non FQ sender/recipients and unknown domains
# then allow local networks
# check for relaying
# apply recipient, sender and client checks first (to be able to make exceptions)
# refuse unauthorized pipelining
# check the HELO/EHLO parameter
# Perform lookups in DNS based blacklists
# reject mail from clients without hostname

address_verify_map = hash:/etc/postfix/verify
# Sender address verification cache

smtpd_etrn_restrictions = 
   permit_mynetworks, 
   check_client_access $relay_domains
   reject 

header_checks = pcre:/etc/postfix/header_checks.regexp
body_checks =   pcre:/etc/postfix/body_checks.regexp

message_size_limit = 20480000

delay_warning_time = 4h

home_mailbox = Maildir/
# lokale Zustellung in Maildir Mailboxen

unknown_local_recipient_reject_code = 554
unverified_sender_reject_code = 550

header_checks.pcre:

/[^[:print:]][^[:print:]][^[:print:]][^[:print:]][^[:print:]][^[:print:]][^[:print:]][^[:print:]]/   REJECT

recipient_checks.pcre:

/[@!%].*[@!%]/          550 Please use user@domain address forms only.

and in recipient_checks:

postmaster@       OK
abuse@            OK                          
# always allow mail to postmaster and abuse!!
# man 5 access
# this is safe since it takes place after the relay test

© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

This file was last modified 28. Apr 2007 by root