# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = ispc.klape.eu alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = ispc.klape.eu, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes # Whiski smtpd_sasl_security_options = noanonymous # eof Whiski broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes # Whiski - poladil jsem dale, viz nakopeme prdel spamu #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_tls_security_level = may transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf virtual_create_maildirsize = yes virtual_maildir_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 #Whiski - dle http://www.postfix.org/TUNING_README.html #The maximum number of connections than an SMTP client may make simultaneously. #(default: 50) #smtpd_client_connection_count_limit = 20 #The maximum number of connections that an SMTP client may make in the time interval specified with anvil_rate_time_unit (default: 60s). #(default: no limit) #smtpd_client_connection_rate_limit = 20 #The maximum number of message delivery requests that an SMTP client may make in the time interval specified with anvil_rate_time_unit (default: 60s). #(default: no limit) #smtpd_client_message_rate_limit = 20 #The maximum number of recipient addresses that an SMTP client may specify in the time interval specified with anvil_rate_time_unit (default: 60s). #(default: no limit) #smtpd_client_recipient_rate_limit #The maximum number of new TLS sessions (without using the TLS session cache) that an SMTP client may negotiate in the time interval specified with #anvil_rate_time_unit (default: 60s). #(default: no limit) #smtpd_client_new_tls_session_rate_limit #SMTP clients that are excluded from connection and rate limits specified above. #(default: $mynetworks) #smtpd_client_event_limit_exceptions #The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). #(default: 30s) smtp_connect_timeout = 10s #The maximal size in bytes of a message, including envelope information. #(default: 10240000) message_size_limit = 0 #Whiski - dle http://www.postfix.org/rate.html #The initial_destination_concurrency parameter (default: 2) controls how many messages are initially sent to the same destination before adapting delivery concurrency. Of course, this setting is effective only as long as it does not exceed the process limit and the destination concurrency limit for the specific mail transport channel. initial_destination_concurrency = 2 #The default_destination_concurrency_limit parameter (default: 20) controls how many messages may be sent to the same destination simultaneously. You can override this setting for specific delivery channels (local, smtp, uucp etc.). The main.cf file recommends the following: local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 20 #Whiski - nakopeme prdel spamu: # viz http://www.howtoforge.com/forums/showpost.php?p=46447&postcount=2 smtpd_helo_required = yes disable_vrfy_command = yes invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 relay_domains_reject_code = 554 #Whiski The response is always 450 in case of a temporary DNS error. unknown_address_reject_code = 450 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination #Whiski - pridal 15.5.2012 # reject_rbl_client list.dsbl.org, // Whiski 1.4.2009 - prestalo jim fungovat rDNS # reject_rbl_client sbl-xbl.spamhaus.org, // nemuzu najit v http://its.ausics.net/cgi-bin/networks # reject_rbl_client bl.spamcop.net, // Whiski - zaradilo to sem i seznam.cz :( # reject_rbl_client proxies.relays.monkeys.com, // Whiski - uz nefunguje, viz http://www.howtoforge.com/forums/showthread.php?t=8551 # reject_rbl_client rblmap.tu-berlin.de, // nemuzu najit v http://its.ausics.net/cgi-bin/networks # reject_rbl_client relays.ordb.org, // Whiski - uz nefunguje (od konce 2006) # reject_rbl_client opm.blitzed.org, // Whiski - nefunguje # reject_rbl_client blackholes.easynet.nl, // nemuzu najit v http://its.ausics.net/cgi-bin/networks # reject_rbl_client ix.dnsbl.manitu.net, #// vyse Whiski - blokuji Matla smtpd_data_restrictions = reject_unauth_pipelining, permit # Whiski - nezapinat!! Sestrelilo server na hafo zatezi #always_bcc=vyskocil_automat@klape.cz # Whiski - http://blogs.gnome.org/desrt/2007/11/24/important-warning-to-postfix-users/ # nechat prazdne parent_domain_matches_subdomains = # Whiski - výčet případů, kdy má být informován postmaster notify_classes = resource, software #bounce (also implies 2bounce) #Send the postmaster copies of the headers of bounced mail, and send transcripts of SMTP sessions when Postfix rejects mail. The notification is sent to the address specified with the bounce_notice_recipient configuration parameter (default: postmaster). #2bounce #Send undeliverable bounced mail to the postmaster. The notification is sent to the address specified with the 2bounce_notice_recipient configuration parameter (default: postmaster). #delay #Send the postmaster copies of the headers of delayed mail. The notification is sent to the address specified with the delay_notice_recipient configuration parameter (default: postmaster). #policy #Send the postmaster a transcript of the SMTP session when a client request was rejected because of (UCE) policy. The notification is sent to the address specified with the error_notice_recipient configuration parameter (default: postmaster). #protocol #Send the postmaster a transcript of the SMTP session in case of client or server protocol errors. The notification is sent to the address specified with the error_notice_recipient configuration parameter (default: postmaster). #resource #Inform the postmaster of mail not delivered due to resource problems. The notification is sent to the address specified with the error_notice_recipient configuration parameter (default: postmaster). #software #Inform the postmaster of mail not delivered due to software problems. The notification is sent to the address specified with the error_notice_recipient configuration parameter (default: postmaster). inet_protocols = all relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_client_message_rate_limit = 100 owner_request_special = no