[postfix-users] Hilfe bei Einstellung von Postfix

[Alexander Elsner]

Hallo,
ich benötige etwas Hilfe bei der Einstellung von Postfix main.cf

Ins besonders unsicher bin ich bei den Einstellungen für:
smtpd_recipient_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_client_restrictions =
smtpd_data_restrictions =

Besten Dank für die Hilfe & guten Rutsch
Alex


Meine aktuelle Config:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no

masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = no
maximal_queue_lifetime = 2d
bounce_queue_lifetime = 1d
minimal_backoff_time = 1000s
queue_run_delay = 1000s

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_tls_security_level = may



strict_rfc821_envelopes = yes
disable_vrfy_command = yes

smtpd_delay_reject = no
smtpd_client_message_rate_limit            = 50
smtpd_client_connection_count_limit        = 20
smtpd_client_connection_rate_limit         = 60
smtpd_client_new_tls_session_rate_limit    = 60

smtpd_error_sleep_time = 10s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
address_verify_map = btree:$data_directory/verify_cache
unverified_recipient_reject_reason = Address lookup failed
unverified_sender_reject_reason = Address verification failed
address_verify_map = btree:/var/lib/postfix/verify
address_verify_map = btree:$data_directory/verify_cache

smtpd_recipient_restrictions =
        reject_non_fqdn_sender,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,

        reject_unknown_sender_domain,
        reject_unlisted_recipient,
        reject_unknown_reverse_client_hostname,
        reject_non_fqdn_recipient,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_sender_login_mismatch,
        reject_rbl_client sbl-xbl.spamhaus.org,


        #warn_if_reject reject_unlisted_sender,
        #warn_if_reject reject_unknown_reverse_client_hostname,

        permit

smtpd_helo_restrictions =
        reject_invalid_hostname
        

smtpd_sender_restrictions =
        reject_unknown_sender_domain

smtpd_client_restrictions =

smtpd_data_restrictions =
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        check_client_access regexp:/etc/postfix/add_auth_header.regexp


smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/apache2/ssl.crt/ca-admin.crt
smtpd_tls_key_file= /etc/apache2/ssl.key/admin.key
smtpd_tls_cert_file= /etc/apache2/ssl.crt/admin.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination = $myhostname, localhost.$mydomain, localhost