mailsystem

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
mailsystem [2012/01/08 23:59] – [Sonstiges] brotmailsystem [2016/08/09 08:15] (current) – [Konfiguration] brot
Line 1: Line 1:
 ====== Das minad.de Mailsystem ====== ====== Das minad.de Mailsystem ======
  
-===== recent-changes ===== +=== recent-changes ===
- +
-  * added sender verification (no more sending mail from biggest_penis_ever@minad.de when logged in as reiter) +
-  * dovecot now is also a pigeonhole (managesieve :) )+
  
 +  * der Postfix handhabt nun auch domains neben minad.de und kann zuordnen wer welche domain nutzen darf
 ===== sieve-Regeln ===== ===== sieve-Regeln =====
  
Line 53: Line 51:
   - exit   - exit
   - echo "user: user" >> /etc/mail/aliases   - echo "user: user" >> /etc/mail/aliases
-  - postalias /etc/mail/aliases+  - postmap /etc/mail/aliases 
 +  - eintragen "user@minad.de" in die /etc/mail/domainmap 
 +    - "user@minad.de     user" 
 +  - postmap /etc/mail/domainmap
  
 +Damit hat der User die "user@minad.de" Addresse. Für weitere Addressen und die zuordnung zu den "Virtuellen Addressen" gibt es 2 configs. Eingehend die "/etc/mail/virtual" (quasi als nicht-minad alias-db) und ausgehend die "/etc/mail/domainmap" (zuordnung der erlaubten ausgehenden mail-addressen nach linux-User). Nach dem bearbeiten beider Dateien müssen diese mit "postmap /etc/mail/virtual" bzw "postmap /etc/mail/domainmap" aktualisert werden.
 +
 +<file - /etc/mail/virtual>
 +user@anderedomain.de  user
 +</file>
 +
 +<file - /etc/mail/domainmap>
 +user@minad.de        user
 +user@anderedomain.de user
 +</file>
 ===== Sonstiges ===== ===== Sonstiges =====
  
Line 67: Line 78:
   - sudo sa-learn -D --spam /home/brot/.maildir/cur/1326066065.M755115P24231.minad,S=1762,W=1806:2,S --dbpath /var/amavis/.spamassassin/   - sudo sa-learn -D --spam /home/brot/.maildir/cur/1326066065.M755115P24231.minad,S=1762,W=1806:2,S --dbpath /var/amavis/.spamassassin/
  
-eine email als spam lernen (FU "SP Gaming Club - ultimative Weltklassespiele!"+eine email als spam lernen
 ===== Informationen über das Mailsystem ===== ===== Informationen über das Mailsystem =====
 ==== Verwendete Software ==== ==== Verwendete Software ====
Line 75: Line 85:
   * Dovecot (IMAP,Auth)   * Dovecot (IMAP,Auth)
   * Amavisd (Spamassassin und Clamd)   * Amavisd (Spamassassin und Clamd)
 +
 +==== Mailrouting ====
 +
 +  - Eingang via SMTP auf den Postfix
 +    - Prüfung ob valides Postfach (aliases, virtual, ...)
 +  - Zustellen LMTP an den Amavisd
 +    - Spamassassin ( inkl Blacklists )
 +    - ClamAV
 +  - Zurück an Postfix
 +  - Postfix nutzt Dovecot zum einsortieren in Postfächer
 +  - Dovecot ruft sieving-Regeln auf
 +
  
 ==== Konfiguration ==== ==== Konfiguration ====
  
-FIXME upload config files+=== Postfix === 
 +<file bash /etc/postfix/main.cf> 
 +# Global Postfix configuration file. This file lists only a subset 
 +# of all parameters. For the syntax, and for a complete parameter 
 +# list, see the postconf(5) manual page (command: "man 5 postconf"). 
 +
 +# For common configuration examples, see BASIC_CONFIGURATION_README 
 +# and STANDARD_CONFIGURATION_README. To find these documents, use 
 +# the command "postconf html_directory readme_directory", or go to 
 +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. 
 +
 +# For best results, change no more than 2-3 parameters at a time, 
 +# and test if Postfix still works after every change. 
 + 
 +# SOFT BOUNCE 
 +
 +# The soft_bounce parameter provides a limited safety net for 
 +# testing.  When soft_bounce is enabled, mail will remain queued that 
 +# would otherwise bounce. This parameter disables locally-generated 
 +# bounces, and prevents the SMTP server from rejecting mail permanently 
 +# (by changing 5xx replies into 4xx replies). However, soft_bounce 
 +# is no cure for address rewriting mistakes or mail routing mistakes. 
 +
 +soft_bounce = no 
 + 
 +# LOCAL PATHNAME INFORMATION 
 +
 +# The queue_directory specifies the location of the Postfix queue. 
 +# This is also the root directory of Postfix daemons that run chrooted. 
 +# See the files in examples/chroot-setup for setting up Postfix chroot 
 +# environments on different UNIX systems. 
 +
 +queue_directory = /var/spool/postfix 
 + 
 +# The command_directory parameter specifies the location of all 
 +# postXXX commands. 
 +
 +command_directory = /usr/sbin 
 + 
 +# The daemon_directory parameter specifies the location of all Postfix 
 +# daemon programs (i.e. programs listed in the master.cf file). This 
 +# directory must be owned by root. 
 +
 +daemon_directory = /usr/libexec/postfix 
 + 
 +# The data_directory parameter specifies the location of Postfix-writable 
 +# data files (caches, random numbers). This directory must be owned 
 +# by the mail_owner account (see below). 
 +
 +data_directory = /var/lib/postfix 
 + 
 +# QUEUE AND PROCESS OWNERSHIP 
 +
 +# The mail_owner parameter specifies the owner of the Postfix queue 
 +# and of most Postfix daemon processes.  Specify the name of a user 
 +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS 
 +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In 
 +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED 
 +# USER. 
 +
 +mail_owner = postfix 
 + 
 +# The default_privs parameter specifies the default rights used by 
 +# the local delivery agent for delivery to external file or command. 
 +# These rights are used in the absence of a recipient user context. 
 +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. 
 +
 +#default_privs = nobody 
 + 
 +# INTERNET HOST AND DOMAIN NAMES 
 +#  
 +# The myhostname parameter specifies the internet hostname of this 
 +# mail system. The default is to use the fully-qualified domain name 
 +# from gethostname(). $myhostname is used as a default value for many 
 +# other configuration parameters. 
 +
 +myhostname = mail.minad.de 
 +#myhostname = virtual.domain.tld 
 + 
 +# The mydomain parameter specifies the local internet domain name. 
 +# The default is to use $myhostname minus the first component. 
 +# $mydomain is used as a default value for many other configuration 
 +# parameters. 
 +
 +mydomain = minad.de 
 + 
 +# SENDING MAIL 
 +#  
 +# The myorigin parameter specifies the domain that locally-posted 
 +# mail appears to come from. The default is to append $myhostname, 
 +# which is fine for small sites.  If you run a domain with multiple 
 +# machines, you should (1) change this to $mydomain and (2) set up 
 +# a domain-wide alias database that aliases each user to 
 +# user@that.users.mailhost. 
 +
 +# For the sake of consistency between sender and recipient addresses, 
 +# myorigin also specifies the default domain name that is appended 
 +# to recipient addresses that have no @domain part. 
 +
 +#myorigin = $myhostname 
 +myorigin = $mydomain 
 + 
 +# RECEIVING MAIL 
 + 
 +# The inet_interfaces parameter specifies the network interface 
 +# addresses that this mail system receives mail on.  By default, 
 +# the software claims all active interfaces on the machine. The 
 +# parameter also controls delivery of mail to user@[ip.address]. 
 +
 +# See also the proxy_interfaces parameter, for network addresses that 
 +# are forwarded to us via a proxy or network address translator. 
 +
 +# Note: you need to stop/start Postfix when this parameter changes. 
 +
 + 
 +#brot 
 +# - since this is a vm, we can only listen on local ips 
 +inet_interfaces = all 
 + 
 + 
 +# The proxy_interfaces parameter specifies the network interface 
 +# addresses that this mail system receives mail on by way of a 
 +# proxy or network address translation unit. This setting extends 
 +# the address list specified with the inet_interfaces parameter. 
 +
 +# You must specify your proxy/NAT addresses when your system is a 
 +# backup MX host for other domains, otherwise mail delivery loops 
 +# will happen when the primary MX host is down. 
 +
 +#proxy_interfaces = 
 +#proxy_interfaces = 1.2.3.4 
 + 
 +# The mydestination parameter specifies the list of domains that this 
 +# machine considers itself the final destination for. 
 +
 +# These domains are routed to the delivery agent specified with the 
 +# local_transport parameter setting. By default, that is the UNIX 
 +# compatible delivery agent that lookups all recipients in /etc/passwd 
 +# and /etc/aliases or their equivalent. 
 +
 +# The default is $myhostname + localhost.$mydomain.  On a mail domain 
 +# gateway, you should also include $mydomain. 
 +
 +# Do not specify the names of virtual domains - those domains are 
 +# specified elsewhere (see VIRTUAL_README). 
 +
 +# Do not specify the names of domains that this machine is backup MX 
 +# host for. Specify those names via the relay_domains settings for 
 +# the SMTP server, or use permit_mx_backup if you are lazy (see 
 +# STANDARD_CONFIGURATION_README). 
 +
 +# The local machine is always the final destination for mail addressed 
 +# to user@[the.net.work.address] of an interface that the mail system 
 +# receives mail on (see the inet_interfaces parameter). 
 +
 +# Specify a list of host or domain names, /file/name or type:table 
 +# patterns, separated by commas and/or whitespace. A /file/name 
 +# pattern is replaced by its contents; a type:table is matched when 
 +# a name matches a lookup key (the right-hand side is ignored). 
 +# Continue long lines by starting the next line with whitespace. 
 +
 +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS"
 +
 +#mydestination = $myhostname, localhost.$mydomain, localhost 
 +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 
 +mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, www.$mydomain, neu.minad.de 
 + 
 +# REJECTING MAIL FOR UNKNOWN LOCAL USERS 
 +
 +# The local_recipient_maps parameter specifies optional lookup tables 
 +# with all names or addresses of users that are local with respect 
 +# to $mydestination, $inet_interfaces or $proxy_interfaces. 
 +
 +# If this parameter is defined, then the SMTP server will reject 
 +# mail for unknown local users. This parameter is defined by default. 
 +
 +# To turn off local recipient checking in the SMTP server, specify 
 +# local_recipient_maps = (i.e. empty). 
 +
 +# The default setting assumes that you use the default Postfix local 
 +# delivery agent for local delivery. You need to update the 
 +# local_recipient_maps setting if: 
 +
 +# - You define $mydestination domain recipients in files other than 
 +#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. 
 +#   For example, you define $mydestination domain recipients in     
 +#   the $virtual_mailbox_maps files. 
 +
 +# - You redefine the local delivery agent in master.cf. 
 +
 +# - You redefine the "local_transport" setting in main.cf. 
 +
 +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" 
 +#   feature of the Postfix local delivery agent (see local(8)). 
 +
 +# Details are described in the LOCAL_RECIPIENT_README file. 
 +
 +# Beware: if the Postfix SMTP server runs chrooted, you probably have 
 +# to access the passwd file via the proxymap service, in order to 
 +# overcome chroot restrictions. The alternative, having a copy of 
 +# the system passwd file in the chroot jail is just not practical. 
 +
 +# The right-hand side of the lookup tables is conveniently ignored. 
 +# In the left-hand side, specify a bare username, an @domain.tld 
 +# wild-card, or specify a user@domain.tld address. 
 +#  
 +#local_recipient_maps = unix:passwd.byname $alias_maps 
 +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps 
 +#local_recipient_maps = 
 + 
 +# The unknown_local_recipient_reject_code specifies the SMTP server 
 +# response code when a recipient domain matches $mydestination or 
 +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty 
 +# and the recipient address or address local-part is not found. 
 +
 +# The default setting is 550 (reject mail) but it is safer to start 
 +# with 450 (try again later) until you are certain that your 
 +# local_recipient_maps settings are OK. 
 +
 +unknown_local_recipient_reject_code = 550 
 + 
 +# TRUST AND RELAY CONTROL 
 + 
 +# The mynetworks parameter specifies the list of "trusted" SMTP 
 +# clients that have more privileges than "strangers"
 +
 +# In particular, "trusted" SMTP clients are allowed to relay mail 
 +# through Postfix.  See the smtpd_recipient_restrictions parameter 
 +# in postconf(5). 
 +
 +# You can specify the list of "trusted" network addresses by hand 
 +# or you can let Postfix do it for you (which is the default). 
 +
 +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP 
 +# clients in the same IP subnetworks as the local machine. 
 +# On Linux, this does works correctly only with interfaces specified 
 +# with the "ifconfig" command. 
 +#  
 +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP 
 +# clients in the same IP class A/B/C networks as the local machine. 
 +# Don't do this with a dialup site - it would cause Postfix to "trust" 
 +# your entire provider's network.  Instead, specify an explicit 
 +# mynetworks list by hand, as described below. 
 +#   
 +# Specify "mynetworks_style = host" when Postfix should "trust" 
 +# only the local machine. 
 +#  
 +#mynetworks_style = class 
 +#mynetworks_style = subnet 
 +mynetworks_style = host 
 + 
 +# Alternatively, you can specify the mynetworks list by hand, in 
 +# which case Postfix ignores the mynetworks_style setting. 
 +
 +# Specify an explicit list of network/netmask patterns, where the 
 +# mask specifies the number of bits in the network part of a host 
 +# address. 
 +
 +# You can also specify the absolute pathname of a pattern file instead 
 +# of listing the patterns here. Specify type:table for table-based lookups 
 +# (the value on the table right-hand side is not used). 
 +
 +#mynetworks = 168.100.189.0/28, 127.0.0.0/
 +#mynetworks = $config_directory/mynetworks 
 +#mynetworks = hash:/etc/postfix/network_table 
 + 
 +# The relay_domains parameter restricts what destinations this system will 
 +# relay mail to.  See the smtpd_recipient_restrictions description in 
 +# postconf(5) for detailed information. 
 +
 +# By default, Postfix relays mail 
 +# - from "trusted" clients (IP address matches $mynetworks) to any destination, 
 +# - from "untrusted" clients to destinations that match $relay_domains or 
 +#   subdomains thereof, except addresses with sender-specified routing. 
 +# The default relay_domains value is $mydestination. 
 +#  
 +# In addition to the above, the Postfix SMTP server by default accepts mail 
 +# that Postfix is final destination for: 
 +# - destinations that match $inet_interfaces or $proxy_interfaces, 
 +# - destinations that match $mydestination 
 +# - destinations that match $virtual_alias_domains, 
 +# - destinations that match $virtual_mailbox_domains. 
 +# These destinations do not need to be listed in $relay_domains. 
 +#  
 +# Specify a list of hosts or domains, /file/name patterns or type:name 
 +# lookup tables, separated by commas and/or whitespace.  Continue 
 +# long lines by starting the next line with whitespace. A file name 
 +# is replaced by its contents; a type:name table is matched when a 
 +# (parent) domain appears as lookup key. 
 +
 +# NOTE: Postfix will not automatically forward mail for domains that 
 +# list this system as their primary or backup MX host. See the 
 +# permit_mx_backup restriction description in postconf(5). 
 +
 +#relay_domains = $mydestination 
 + 
 +# INTERNET OR INTRANET 
 + 
 +# The relayhost parameter specifies the default host to send mail to 
 +# when no entry is matched in the optional transport(5) table. When 
 +# no relayhost is given, mail is routed directly to the destination. 
 +
 +# On an intranet, specify the organizational domain name. If your 
 +# internal DNS uses no MX records, specify the name of the intranet 
 +# gateway host instead. 
 +
 +# In the case of SMTP, specify a domain, host, host:port, [host]:port, 
 +# [address] or [address]:port; the form [host] turns off MX lookups. 
 +
 +# If you're connected via UUCP, see also the default_transport parameter. 
 +
 +#relayhost = $mydomain 
 +#relayhost = [gateway.my.domain] 
 +#relayhost = [mailserver.isp.tld] 
 +#relayhost = uucphost 
 +#relayhost = [an.ip.add.ress] 
 + 
 +# REJECTING UNKNOWN RELAY USERS 
 +
 +# The relay_recipient_maps parameter specifies optional lookup tables 
 +# with all addresses in the domains that match $relay_domains. 
 +
 +# If this parameter is defined, then the SMTP server will reject 
 +# mail for unknown relay users. This feature is off by default. 
 +
 +# The right-hand side of the lookup tables is conveniently ignored. 
 +# In the left-hand side, specify an @domain.tld wild-card, or specify 
 +# a user@domain.tld address. 
 +#  
 +#relay_recipient_maps = hash:/etc/postfix/relay_recipients 
 + 
 +# INPUT RATE CONTROL 
 +
 +# The in_flow_delay configuration parameter implements mail input 
 +# flow control. This feature is turned on by default, although it 
 +# still needs further development (it's disabled on SCO UNIX due 
 +# to an SCO bug). 
 +#  
 +# A Postfix process will pause for $in_flow_delay seconds before 
 +# accepting a new message, when the message arrival rate exceeds the 
 +# message delivery rate. With the default 100 SMTP server process 
 +# limit, this limits the mail inflow to 100 messages a second more 
 +# than the number of messages delivered per second. 
 +#  
 +# Specify 0 to disable the feature. Valid delays are 0..10. 
 +#  
 +#in_flow_delay = 1s 
 + 
 +# ADDRESS REWRITING 
 +
 +# The ADDRESS_REWRITING_README document gives information about 
 +# address masquerading or other forms of address rewriting including 
 +# username->Firstname.Lastname mapping. 
 + 
 +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) 
 +
 +# The VIRTUAL_README document gives information about the many forms 
 +# of domain hosting that Postfix supports. 
 + 
 +# "USER HAS MOVED" BOUNCE MESSAGES 
 +
 +# See the discussion in the ADDRESS_REWRITING_README document. 
 + 
 +# TRANSPORT MAP 
 +
 +# See the discussion in the ADDRESS_REWRITING_README document. 
 + 
 +# ALIAS DATABASE 
 +
 +# The alias_maps parameter specifies the list of alias databases used 
 +# by the local delivery agent. The default list is system dependent. 
 +
 +# On systems with NIS, the default is to search the local alias 
 +# database, then the NIS alias database. See aliases(5) for syntax 
 +# details. 
 +#  
 +# If you change the alias database, run "postalias /etc/aliases" (or 
 +# wherever your system stores the mail alias file), or simply run 
 +# "newaliases" to build the necessary DBM or DB file. 
 +
 +# It will take a minute or so before changes become visible.  Use 
 +# "postfix reload" to eliminate the delay. 
 +
 +#alias_maps = dbm:/etc/aliases 
 +#alias_maps = hash:/etc/aliases 
 +#alias_maps = hash:/etc/aliases, nis:mail.aliases 
 +#alias_maps = netinfo:/aliases 
 +alias_maps = btree:/etc/mail/aliases 
 + 
 +# The alias_database parameter specifies the alias database(s) that 
 +# are built with "newaliases" or "sendmail -bi" This is a separate 
 +# configuration parameter, because alias_maps (see above) may specify 
 +# tables that are not necessarily all under control by Postfix. 
 +
 +#alias_database = dbm:/etc/aliases 
 +#alias_database = dbm:/etc/mail/aliases 
 +#alias_database = hash:/etc/aliases 
 +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases 
 + 
 +# ADDRESS EXTENSIONS (e.g., user+foo) 
 +
 +# The recipient_delimiter parameter specifies the separator between 
 +# user names and address extensions (user+foo). See canonical(5), 
 +# local(8), relocated(5) and virtual(5) for the effects this has on 
 +# aliases, canonical, virtual, relocated and .forward file lookups. 
 +# Basically, the software tries user+foo and .forward+foo before 
 +# trying user and .forward. 
 +
 +#recipient_delimiter = + 
 + 
 +# DELIVERY TO MAILBOX 
 +
 +# The home_mailbox parameter specifies the optional pathname of a 
 +# mailbox file relative to a user's home directory. The default 
 +# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify 
 +# "Maildir/" for qmail-style delivery (the / is required). 
 +
 +#home_mailbox = Mailbox 
 +#home_mailbox = Maildir/ 
 +  
 +# The mail_spool_directory parameter specifies the directory where 
 +# UNIX-style mailboxes are kept. The default setting depends on the 
 +# system type. 
 +
 +#mail_spool_directory = /var/mail 
 +#mail_spool_directory = /var/spool/mail 
 + 
 +# The mailbox_command parameter specifies the optional external 
 +# command to use instead of mailbox delivery. The command is run as 
 +# the recipient with proper HOME, SHELL and LOGNAME environment settings. 
 +# Exception:  delivery for root is done as $default_user. 
 +
 +# Other environment variables of interest: USER (recipient username), 
 +# EXTENSION (address extension), DOMAIN (domain part of address), 
 +# and LOCAL (the address localpart). 
 +
 +# Unlike other Postfix configuration parameters, the mailbox_command 
 +# parameter is not subjected to $parameter substitutions. This is to 
 +# make it easier to specify shell syntax (see example below). 
 +
 +# Avoid shell meta characters because they will force Postfix to run 
 +# an expensive shell process. Procmail alone is expensive enough. 
 +
 +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN 
 +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. 
 +
 +mailbox_command = /usr/libexec/dovecot/deliver 
 +#mailbox_command = /some/where/procmail -a "$EXTENSION" 
 + 
 +# The mailbox_transport specifies the optional transport in master.cf 
 +# to use after processing aliases and .forward files. This parameter 
 +# has precedence over the mailbox_command, fallback_transport and 
 +# luser_relay parameters. 
 +
 +# Specify a string of the form transport:nexthop, where transport is 
 +# the name of a mail delivery transport defined in master.cf.  The 
 +# :nexthop part is optional. For more details see the sample transport 
 +# configuration file. 
 +
 +# NOTE: if you use this feature for accounts not in the UNIX password 
 +# file, then you must update the "local_recipient_maps" setting in 
 +# the main.cf file, otherwise the SMTP server will reject mail for     
 +# non-UNIX accounts with "User unknown in local recipient table"
 +
 +#mailbox_transport = lmtp:unix:/file/name 
 +#mailbox_transport = cyrus 
 + 
 +# The fallback_transport specifies the optional transport in master.cf 
 +# to use for recipients that are not found in the UNIX passwd database. 
 +# This parameter has precedence over the luser_relay parameter. 
 +
 +# Specify a string of the form transport:nexthop, where transport is 
 +# the name of a mail delivery transport defined in master.cf.  The 
 +# :nexthop part is optional. For more details see the sample transport 
 +# configuration file. 
 +
 +# NOTE: if you use this feature for accounts not in the UNIX password 
 +# file, then you must update the "local_recipient_maps" setting in 
 +# the main.cf file, otherwise the SMTP server will reject mail for     
 +# non-UNIX accounts with "User unknown in local recipient table"
 +
 +#fallback_transport = lmtp:unix:/file/name 
 +#fallback_transport = cyrus 
 +#fallback_transport = 
 + 
 +# The luser_relay parameter specifies an optional destination address 
 +# for unknown recipients.  By default, mail for unknown@$mydestination, 
 +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned 
 +# as undeliverable. 
 +
 +# The following expansions are done on luser_relay: $user (recipient 
 +# username), $shell (recipient shell), $home (recipient home directory), 
 +# $recipient (full recipient address), $extension (recipient address 
 +# extension), $domain (recipient domain), $local (entire recipient 
 +# localpart), $recipient_delimiter. Specify ${name?value} or 
 +# ${name:value} to expand value only when $name does (does not) exist. 
 +
 +# luser_relay works only for the default Postfix local delivery agent. 
 +
 +# NOTE: if you use this feature for accounts not in the UNIX password 
 +# file, then you must specify "local_recipient_maps =" (i.e. empty) in 
 +# the main.cf file, otherwise the SMTP server will reject mail for     
 +# non-UNIX accounts with "User unknown in local recipient table"
 +
 +#luser_relay = $user@other.host 
 +#luser_relay = $local@other.host 
 +#luser_relay = admin+$local 
 +   
 +# JUNK MAIL CONTROLS 
 +#  
 +# The controls listed here are only a very small subset. The file 
 +# SMTPD_ACCESS_README provides an overview. 
 + 
 +# The header_checks parameter specifies an optional table with patterns 
 +# that each logical message header is matched against, including 
 +# headers that span multiple physical lines. 
 +
 +# By default, these patterns also apply to MIME headers and to the 
 +# headers of attached messages. With older Postfix versions, MIME and 
 +# attached message headers were treated as body text. 
 +
 +# For details, see "man header_checks"
 +
 +#header_checks = regexp:/etc/postfix/header_checks 
 + 
 +# FAST ETRN SERVICE 
 +
 +# Postfix maintains per-destination logfiles with information about 
 +# deferred mail, so that mail can be flushed quickly with the SMTP 
 +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld"
 +# See the ETRN_README document for a detailed description. 
 +#  
 +# The fast_flush_domains parameter controls what destinations are 
 +# eligible for this service. By default, they are all domains that 
 +# this server is willing to relay mail to. 
 +#  
 +#fast_flush_domains = $relay_domains 
 + 
 +# SHOW SOFTWARE VERSION OR NOT 
 +
 +# The smtpd_banner parameter specifies the text that follows the 220 
 +# code in the SMTP server's greeting banner. Some people like to see 
 +# the mail version advertised. By default, Postfix shows no version. 
 +
 +# You MUST specify $myhostname at the start of the text. That is an 
 +# RFC requirement. Postfix itself does not care. 
 +
 +#smtpd_banner = $myhostname ESMTP $mail_name 
 +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) 
 + 
 +# PARALLEL DELIVERY TO THE SAME DESTINATION 
 +
 +# How many parallel deliveries to the same user or domain? With local 
 +# delivery, it does not make sense to do massively parallel delivery 
 +# to the same user, because mailbox updates must happen sequentially, 
 +# and expensive pipelines in .forward files can cause disasters when 
 +# too many are run at the same time. With SMTP deliveries, 10 
 +# simultaneous connections to the same domain could be sufficient to 
 +# raise eyebrows. 
 +#  
 +# Each message delivery transport has its XXX_destination_concurrency_limit 
 +# parameter.  The default is $default_destination_concurrency_limit for 
 +# most delivery transports. For the local delivery agent the default is 2. 
 + 
 +#local_destination_concurrency_limit = 2 
 +#default_destination_concurrency_limit = 20 
 + 
 +# DEBUGGING CONTROL 
 +
 +# The debug_peer_level parameter specifies the increment in verbose 
 +# logging level when an SMTP client or server host name or address 
 +# matches a pattern in the debug_peer_list parameter. 
 +
 +debug_peer_level = 2 
 + 
 +# The debug_peer_list parameter specifies an optional list of domain 
 +# or network patterns, /file/name patterns or type:name tables. When 
 +# an SMTP client or server host name or address matches a pattern, 
 +# increase the verbose logging level by the amount specified in the 
 +# debug_peer_level parameter. 
 +
 +#debug_peer_list = 127.0.0.1 
 +debug_peer_list = 205.166.76.16 
 + 
 +# The debugger_command specifies the external command that is executed 
 +# when a Postfix daemon program is run with the -D option. 
 +
 +# Use "command .. & sleep 5" so that the debugger can attach before 
 +# the process marches on. If you use an X-based debugger, be sure to 
 +# set up your XAUTHORITY environment variable before starting Postfix. 
 +
 +debugger_command = 
 +         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin 
 +         ddd $daemon_directory/$process_name $process_id & sleep 5 
 + 
 +# If you can't use X, use this to capture the call stack when a 
 +# daemon crashes. The result is in a file in the configuration 
 +# directory, and is named after the process name and the process ID. 
 +
 +# debugger_command = 
 +#       PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; 
 +#       echo where) | gdb $daemon_directory/$process_name $process_id 2>&
 +#       >$config_directory/$process_name.$process_id.log & sleep 5 
 +
 +# Another possibility is to run gdb under a detached screen session. 
 +# To attach to the screen sesssion, su root and run "screen -r 
 +# <id_string>" where <id_string> uniquely matches one of the detached 
 +# sessions (from "screen -list"). 
 +
 +# debugger_command = 
 +#       PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen 
 +#       -dmS $process_name gdb $daemon_directory/$process_name 
 +#       $process_id & sleep 1 
 + 
 +# INSTALL-TIME CONFIGURATION INFORMATION 
 +
 +# The following parameters are used when installing a new Postfix version. 
 +#  
 +# sendmail_path: The full pathname of the Postfix sendmail command. 
 +# This is the Sendmail-compatible mail posting interface. 
 +#  
 +sendmail_path = /usr/sbin/sendmail 
 + 
 +# newaliases_path: The full pathname of the Postfix newaliases command. 
 +# This is the Sendmail-compatible command to build alias databases. 
 +
 +newaliases_path = /usr/bin/newaliases 
 + 
 +# mailq_path: The full pathname of the Postfix mailq command.  This 
 +# is the Sendmail-compatible mail queue listing command. 
 +#  
 +mailq_path = /usr/bin/mailq 
 + 
 +# setgid_group: The group for mail submission and queue management 
 +# commands.  This must be a group name with a numerical group ID that 
 +# is not shared with other accounts, not even with the Postfix account. 
 +
 +setgid_group = postdrop 
 + 
 +# html_directory: The location of the Postfix HTML documentation. 
 +
 +html_directory = no 
 + 
 +# manpage_directory: The location of the Postfix on-line manual pages. 
 +
 +manpage_directory = /usr/share/man 
 + 
 +# sample_directory: The location of the Postfix sample configuration files. 
 +# This parameter is obsolete as of Postfix 2.1. 
 +
 +sample_directory = /etc/postfix 
 + 
 +# readme_directory: The location of the Postfix README files. 
 +
 +readme_directory = no 
 +inet_protocols = ipv4 
 +home_mailbox = .maildir/ 
 +bounce_queue_lifetime = 1d 
 +recipient_delimiter = + 
 + 
 +# login/auth 
 +smtpd_sasl_auth_enable = yes 
 +smtpd_sasl_type = dovecot 
 +smtpd_sasl_path = private/auth 
 + 
 +# define that we only accept mail for our networks unauthed, sasl_authed users can send stuff anywhere. 
 +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination 
 +# since 2.10, relay and recipient are different things 
 +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination 
 +smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated 
 + 
 +# we wannt secure connections 
 +smtpd_tls_security_level = may 
 +smtpd_tls_auth_only = yes 
 + 
 +#new certs 24.04.2014 
 +#smtpd_tls_cert_file = /etc/ssl/minad.de_selfsigned/cert_key.pem 
 +#smtpd_tls_key_file =  $smtpd_tls_cert_file 
 + 
 +#new certs minad_selfsigned_v3 25.04 
 +#smtpd_tls_cert_file = /etc/ssl/minad_selfsigned_v4/minad.de-chained-nopw.pem 
 +#smtpd_tls_key_file =  $smtpd_tls_cert_file 
 + 
 +#new certs selfsigned without ca 13.08 
 +smtpd_tls_cert_file = /etc/ssl/minad_selfsigned_v6/minad.de-selfsigned-v6-noca-chained.pem 
 +smtpd_tls_key_file =  $smtpd_tls_cert_file 
 + 
 + 
 +#we want high encryption 
 +#smtpd_tls_mandatory_ciphers = high 
 +smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 
 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 
 + 
 +#ecliptic curve crypto? we has it 
 +smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem 
 +smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem 
 +smtpd_tls_eecdh_grade = strong 
 + 
 +# outgoing mails shall also use tls 
 +smtp_tls_security_level = may 
 +smtp_tls_loglevel = 1 
 + 
 + 
 +message_size_limit = 0 
 + 
 +mailbox_size_limit = 0 
 + 
 + 
 +# how to map logins to its addresses 
 +#smtpd_sender_login_maps = btree:/etc/mail/aliases 
 + 
 + 
 +# default type for the alias db is now postmap command 
 +default_database_type = btree 
 + 
 +transport_maps = btree:/etc/postfix/transport 
 + 
 +
 +# since we have new domains, we need to help postfix to sort the mail 
 +
 + 
 +#virtual_alias_domains = mail.echorulez.de, www.echorulez.de, echorulez.de, mail.minad.de, anikataiber.de, mail.anikataiber.de, www.anikataiber.de, taiber-fotografie.de, mail.taiber-fotografie.de, www.taiber-fotografie.de, grilldienstag.de, mail.grilldienstag.de, brotkastn.de, mail.brotkastn.de 
 + 
 +#phil server backup 
 +virtual_alias_domains = mail.echorulez.de, www.echorulez.de, echorulez.de, mail.minad.de, anikataiber.de, mail.anikataiber.de, www.anikataiber.de, taiber-fotografie.de, mail.taiber-fotografie.de, www.taiber-fotografie.de, grilldienstag.de, mail.grilldienstag.de, brotkastn.de, mail.brotkastn.de, phiwo.net, lwp-kg.com, woehrl.co, mail.shinybit.de, shinybit.de 
 + 
 +# where to put mails 
 +virtual_alias_maps = btree:/etc/mail/virtual 
 + 
 +
 +#virtual_mailbox_maps = btree:/etc/mail/virtualmailbox 
 + 
 +# also, we need to tell who owns what domain 
 +smtpd_sender_login_maps = btree:/etc/mail/domainmap 
 + 
 +
 +# we are cool now, so we have to sign mails 
 +
 +smtpd_milters     = unix:/var/run/opendkim/opendkim.sock 
 +non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock 
 +</file> 
 + 
 +<file bash /etc/postfix/master.cf> 
 +
 +# Postfix master process configuration file.  For details on the format 
 +# of the file, see the master(5) manual page (command: "man 5 master"). 
 +
 +# Do not forget to execute "postfix reload" after editing this file. 
 +
 +# ========================================================================== 
 +# service type  private unpriv  chroot  wakeup  maxproc command + args 
 +#               (yes)   (yes)   (yes)   (never) (100) 
 +# ========================================================================== 
 +#smtp      inet  n                               smtpd 
 +smtp      inet  n                               smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o receive_override_options=no_address_mappings 
 +#submission inet n                               smtpd 
 +#  -o smtpd_tls_security_level=encrypt 
 +#  -o smtpd_sasl_auth_enable=yes 
 +#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject 
 +#  -o milter_macro_daemon_name=ORIGINATING 
 +#smtps     inet  n                               smtpd 
 +smtps     inet  n                               smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o receive_override_options=no_address_mappings 
 +#  -o smtpd_tls_wrappermode=yes 
 +#  -o smtpd_sasl_auth_enable=yes 
 +#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject 
 +#  -o milter_macro_daemon_name=ORIGINATING 
 +#628      inet  n                               qmqpd 
 +pickup    fifo  n                   60      1       pickup 
 +cleanup   unix  n                               cleanup 
 +qmgr      fifo  n                   300           qmgr 
 +#qmgr     fifo  n                   300           oqmgr 
 +tlsmgr    unix  -                   1000?         tlsmgr 
 +rewrite   unix  -                               trivial-rewrite 
 +bounce    unix  -                               bounce 
 +defer     unix  -                               bounce 
 +trace     unix  -                               bounce 
 +verify    unix  -                               verify 
 +flush     unix  n                   1000?         flush 
 +proxymap  unix  -                               proxymap 
 +proxywrite unix -                               proxymap 
 +smtp      unix  -                               smtp 
 +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops 
 +relay     unix  -                               smtp 
 + -o smtp_fallback_relay= 
 +#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 
 +showq     unix  n                               showq 
 +error     unix  -                               error 
 +retry     unix  -                               error 
 +discard   unix  -                               discard 
 +local     unix  -                               local 
 +virtual   unix  -                               virtual 
 +lmtp      unix  -                               lmtp 
 +anvil     unix  -                               anvil 
 +scache    unix  -                               scache 
 +
 +# ==================================================================== 
 +# Interfaces to non-Postfix software. Be sure to examine the manual 
 +# pages of the non-Postfix software to find out what options it wants. 
 +
 +# Many of the following services use the Postfix pipe(8) delivery 
 +# agent.  See the pipe(8) man page for information about ${recipient} 
 +# and other message envelope options. 
 +# ==================================================================== 
 +
 +# maildrop. See the Postfix MAILDROP_README file for details. 
 +# Also specify in main.cf: maildrop_destination_recipient_limit=1 
 +
 +#maildrop  unix  -                               pipe 
 +#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} 
 +
 +# ==================================================================== 
 +
 +# The Cyrus deliver program has changed incompatibly, multiple times. 
 +
 +#old-cyrus unix  -                               pipe 
 +#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} 
 +
 +# ==================================================================== 
 +
 +# Cyrus 2.1.5 (Amos Gouaux) 
 +# Also specify in main.cf: cyrus_destination_recipient_limit=1 
 +
 +#cyrus     unix  -                               pipe 
 +#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 
 +
 +# ==================================================================== 
 +
 +# See the Postfix UUCP_README file for configuration details. 
 +
 +#uucp      unix  -                               pipe 
 +#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 
 +
 +# ==================================================================== 
 +
 +# Other external delivery methods. 
 +
 +#ifmail    unix  -                               pipe 
 +#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) 
 +
 +#bsmtp     unix  -                               pipe 
 +#  flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient 
 +
 +#scalemail-backend unix -                               pipe 
 +#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
 +#  ${nexthop} ${user} ${extension} 
 +
 +#mailman   unix  -                               pipe 
 +#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 
 +#  ${nexthop} ${user} 
 + 
 +#filter    unix  -                               pipe 
 +#  user=filter argv=/home/filter/sc/filter.sh -f ${sender} -- ${recipient} 
 + 
 +# =================== 
 +# amavisd setup 
 + 
 +amavisfeed unix    -                    -      2     lmtp 
 +    -o lmtp_data_done_timeout=1200 
 +    -o lmtp_send_xforward_command=yes 
 +    -o disable_dns_lookups=yes 
 +    -o max_use=20 
 + 
 +127.0.0.1:10025 inet n    -                       smtpd 
 +    -o content_filter= 
 +    -o smtpd_delay_reject=no 
 +    -o smtpd_client_restrictions=permit_mynetworks,reject 
 +    -o smtpd_helo_restrictions= 
 +    -o smtpd_sender_restrictions= 
 +    -o smtpd_recipient_restrictions=permit_mynetworks,reject 
 +    -o smtpd_data_restrictions=reject_unauth_pipelining 
 +    -o smtpd_end_of_data_restrictions= 
 +    -o smtpd_restriction_classes= 
 +    -o mynetworks=127.0.0.0/
 +    -o smtpd_error_sleep_time=0 
 +    -o smtpd_soft_error_limit=1001 
 +    -o smtpd_hard_error_limit=1000 
 +    -o smtpd_client_connection_count_limit=0 
 +    -o smtpd_client_connection_rate_limit=0 
 +    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters 
 +    -o local_header_rewrite_clients= 
 +    -o smtpd_tls_security_level=none 
 +</file> 
 + 
 + 
 +=== Dovecot === 
 + 
 +=== Amavisd === 
  
  
  • mailsystem.1326067169.txt.gz
  • Last modified: 2012/11/04 12:56
  • (external edit)