[postfix-users] Check und Meinungen zur postfix konfiguration

Aleksandar Lazic al-pfusde at none.at
Do Sep 22 08:10:27 CEST 2011 

Hallo,

wie in einer vorhergehend Mail angekündigt bitte ich euch um eure
Meinungen zu der geposteten postfix Konfiguration.

Habe das übliche postfix-sandwich gebaut smtpd->amavisd-new->smtpd

###postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
disable_vrfy_command = yes
home_mailbox = 
inet_interfaces = all

# Brauch ich das wenn ich über transport dovecot ausliefere
mailbox_command = procmail -a "$EXTENSION" 
mailbox_size_limit = 0

mydestination = external.none.at,lvps46-163-74-15.dedicated.hosteurope.de,
                 localhost.dedicated.hosteurope.de, localhost

myhostname = external.none.at
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = -
relayhost = 
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access \
                             hash:/etc/postfix/client_restrictions

smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
                                reject_non_fqdn_hostname,
                                reject_non_fqdn_sender,
                                reject_non_fqdn_recipient,
			       reject_unknown_sender_domain,
			       reject_unknown_recipient_domain,
			       reject_unknown_client,
			       reject_unknown_hostname,
			       permit_mynetworks,
			       reject_unauth_destination,
            check_recipient_access hash:/etc/postfix/recipient_checks,
            check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
            check_helo_access hash:/etc/postfix/helo_checks,
	   check_sender_access hash:/etc/postfix/sender_checks,
	   check_sender_access pcre:/etc/postfix/sender_checks.pcre,
	   check_client_access hash:/etc/postfix/client_checks,
	   check_client_access pcre:/etc/postfix/client_checks.pcre,
	   reject_rbl_client zen.spamhaus.org,
	   permit

smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = 
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = 
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/

virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
###

###master.conf
...standard
submission inet n       -       -       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
...standard
#amavis part
amavisfeed unix    -       -       n       -       2     smtp
     -o smtp_data_done_timeout=1200
     -o smtp_send_xforward_command=yes
     -o disable_dns_lookups=yes
     -o max_use=20

127.0.0.1:10025 inet n    -       n       -       -     smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o
     receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
     -o local_header_rewrite_clients=
     -o syslog_name=amavis-postfix
#amavis part end

dovecot   unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
   -d ${user}@${nexthop} -a ${recipient}
###

Ich würde gerne die nicht benutzen delivery methoden

ifmail, bsmtp, scalemail-backend, mailman, uucp, maildrop

auskommentiern, sollte ja keine negativen Auswirkungen habe, oder?

@postscreen bin ich noch am lesen von
http://www.postfix.org/POSTSCREEN_README.html um zu entscheiden welche
Einstellungen ich genau haben will.

Vielen dank im voraus für eure Meinung.

LG
Aleks

Mehr Informationen über die Mailingliste postfix-users