unknown_local_recipient_reject_code = 554 but in a coule of
in [Postfix]
|
Prev: connect to transport mysql: No such file or directory - please help?
Next: Postfix+Dovecot-virtual_mailbox_maps??
From: A.N.Other on 16 Dec 2008 00:16 I originaly posted this to google groups, but quickly realised that was a possible mistake. I am very new to postfix and am looking for advice on my my postfix configuration (see below), the configuration is aimed at a small group of people (less than 25 users) who are all volunteers at a local not for profit organization. The server is setup with no local users, and all mail is delivered to virtual mailboxes. 1) I am using amavis-new + spamassassin + clamv + greylisting as anti- spam defenses. Question: are the header and body checks still worthwhile as anti-spam defenses? I can see the use of header checks for removing unwanted stuff, like the various headers that =get inserted during spam processing are thre any other worth while uses. 2) a lot of the configuration advice/tutorials/how-to's that I have looked at put all the checks into the smtpd_recipient_restrictions. Why defer killing spam, why not kill it ASAP and save spending anymore resources processing it? I know that smtpd_delay_reject parameter defaults to yes, therefore all checks are deferred until recipient. But that just leads me to the same question. 2a) have set the smtp_delay_reject = no, should I, am I giving myself a problem by doing this? 2b) based on some things I read here, it would seem that I should add permit_sasl_authenticated to each of the smtp_*_restriction sections is this correct? 2c) I was orginally advicsed to have unknown_local_recipient_reject_code = 554 but in a couple of places I have seen it set to 550, which is better? Supplementary, is there a list of codes, if so where? 3) any gotchcas in the setup below TIA A.N.Other == Main.cf === # SOFT BOUNCE soft_bounce = no # LOCAL PATHNAME INFORMATION queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix # QUEUE AND PROCESS OWNERSHIP mail_owner = postfix default_privs = nobody setgid_group = postdrop # INTERNET HOST AND DOMAIN NAMES mydomain = invalid.invalid myorigin = $mydomain myhostname = mail.$mydomain # RECEIVING MAIL proxy_interfaces = 123.123.123.123 mydestination = localhost, localhost.localdomain, localdomain # REJECTING MAIL FOR UNKNOWN LOCAL USERS unknown_local_recipient_reject_code = 550 # TRUST AND RELAY CONTROL mynetworks = 127.0.0.0/8, 192.168.10.0/26 relay_domains = relayhost = # REJECTING UNKNOWN RELAY USERS # INPUT RATE CONTROL in_flow_delay = 1s # ADDRESS REWRITING # # The ADDRESS_REWRITING_README document gives information about # address masquerading or other forms of address rewriting including # username->Firstname.Lastname mapping. # ADDRESS REDIRECTION (VIRTUAL DOMAIN) # # The VIRTUAL_README document gives information about the many forms # of domain hosting that Postfix supports. # "USER HAS MOVED" BOUNCE MESSAGES # # See the discussion in the ADDRESS_REWRITING_README document. # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. # ALIAS DATABASE alias_maps = hash:/etc/aliases alias_database = $alias_maps # ADDRESS EXTENSIONS (e.g., user+foo) recipient_delimiter = + # DELIVERY TO MAILBOX home_mailbox = Maildir/ mailbox_command = /usr/libexec/dovecot/deliver #fallback_transport = # FAST ETRN SERVICE #fast_flush_domains = $relay_domains # SHOW SOFTWARE VERSION OR NOT smtpd_banner = $myhostname ESMTP # PARALLEL DELIVERY TO THE SAME DESTINATION local_destination_concurrency_limit = 5 #default_destination_concurrency_limit = 20 # DEBUGGING CONTROL debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 # INSTALL-TIME CONFIGURATION INFORMATION sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.5.5/samples readme_directory = /usr/share/doc/postfix-2.5.5/README_FILES inet_protocols = all # DDOS stuff default_process_limit=20 smtpd_recipient_limit = 128 smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_error_sleep_time = 5s # Virtual virtual_mailbox_domains = /etc/postfix/maps/vdomains virtual_mailbox_base = /var/mail/vhosts virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_mailbox_maps = hash:/etc/postfix/maps/vmailbox virtual_alias_maps = hash:/etc/postfix/maps/valiases virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # SASL support smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtp_sasl_auth_enable = no # tls smtpd_tls_auth_only = yes smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/pki/tls/private/invalid.key smtpd_tls_cert_file = /etc/pki/tls/certs/invalid.crt smtpd_tls_CAfile = /etc/pki/CA/sub.class2.server.ca.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # PARAMETERS THAT DON'T SEEM TO FIT ELSE WARE biff=no unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 unknown_local_recipient_reject_code = 554 unverified_sender_reject_code = 550 # JUNK MAIL CONTROLS smtpd_helo_required = yes disable_vrfy_command = yes strict_rfc821_envelopes = yes allow_untrusted_routing = no smtpd_etrn_restriction = reject message_size_limit = 32768000 bounce_size_limit = 65536 header_size_limit = 32768 delay_warning_time = 12 smtpd_delay_reject = no header_checks = regexp:/etc/postfix/maps/header_checks body_checks = regexp:/etc/postfix/maps/body_checks content_filter = amavisfeed:[127.0.0.1]:10024 smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/client_access, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, reject_unknown_client_hostname, reject_invalid_hostname, permit smtpd_helo_restrictions = permit_mynetworks, check_helo_access pcre:/etc/postfix/maps/helo_checks, check_helo_access pcre:/etc/postfix/maps/helo_access, reject_unauth_pipelining, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_multi_recipient_bounce, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_policy_service unix:postgrey/socket, permit smtp_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit == Master.cf == # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o cleanup_service_name=pre-cleanup pickup fifo n - n 60 1 pickup -o cleanup_service_name=pre-cleanup submission inet n - n - - smtpd -o cleanup_service_name=pre-cleanup #cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial- rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f $ {sender} -d ${user}@${nexthop} -m ${extension} amavisfeed unix - - n - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_bind_address=127.0.0.1 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtp_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o local_header_rewrite_clients= -o local_recipient_maps= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o relay_recipient_maps= pre-cleanup unix n - n - 0 cleanup -o virtual_alias_maps= cleanup unix n - n - 0 cleanup -o mime_header_checks= -o nested_header_checks= -o header_checks= -o body_checks= -o always_bcc=archi...(a)invald.invalid |