[postfix-users] Spam-Relay via gekapertem Useraccount
Jakob-Matthias Böttger
jakob.boettger at mailbox.org
Do Aug 21 10:09:15 CEST 2014
mit deiner Option
smtp inet n - n - - smtpd
-o smtpd_sender_restrictions=permit_mynetworks,reject
aus der Master.cf überschreibst du alle smtpd_sender_restrictions aus
deiner main.cf. Da du dort aber keine definiert hast
(smtpd_sender_restrictions=) macht das hier nichts.
Dein Submission sollte ungefähr so aussehen.
submission inet n - - - 25 smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unknown_sender_domain,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_proxy_filter=
Da du in einem Submission keine expliziten Regeln für die
smtpd_recipient_restrictions eingerichtet hast, werden hier die aus der
main.cf angewendet. Dort hast du ja aber gerade das
permit_sasl_authenticated herrausgenommen. Also musst du es in der
master.cf für submission extra einrichten.
Dein Webmail wird i.d.R. über den pickup einliefern. Weiterhin sollte
127.0.0.1 in mynetworks vorhanden sein, das dein Webmail auch von dort
über smtpd_permit_mynetworks einliefern kann.
GeoIP kannst du nicht für Postfix einrichten. Du kannst IPtables aber
mit xtables und GeoIP so einrichten, dass bestimmte Subnetze bereits in
der Firewall gesperrt werden. Schau mal bei Google. Dort gibt es einige
Howtos zu dem Thema.
Am 21.08.2014 um 09:54 schrieb Matthias Schmidt:
> Hallo,
>
> Am 21.08.2014 um 16:11 schrieb Jakob-Matthias Böttger <jakob.boettger at mailbox.org>:
>> eine Möglichkeit die mir jetzt einfällt wäre folgendes.
>>
>> Auf dem smtpd 25 die permit_sasl_authenticated rauszunehmen.
>> Also in smtpd_recipient_restrictions =
>> permit_tls_clientcerts,
>> check_sender_access hash:/etc/postfix/whitelist,
>> check_sender_access regexp:/etc/postfix/tag_as_originating.re,
>> check_sender_access regexp:/etc/postfix/tag_as_foreign.re,
>> reject_non_fqdn_hostname,
>> reject_unknown_reverse_client_hostname,
>> reject_unauth_destination,
>> reject_rbl_client cbl.abuseat.org
> das klappt leider nicht, da bekomm ich „Relay-Access denied“ als Antwort :(
>
>> Dann in der Master.cf Submission einrichten.
>> Submission mittels -o permit_sasl_authenticated, und den Anderen
> Submission port ist bereits eingestellt und alle meine Freunde versenden auch über 587.
> Webmail ist ebenfalls auf 587 eingestellt.
>
>> recipient_restrictions einstellen und dann mittels der xtables iptables
>> extension und GeoIP auf dem Submission (tcp 587) z.B. die Ukraine
>> (95.132.60.248 ist aus der Ukraine) aussperren. Es sei denn du hast
>> Kunden oder Nutzer welche aus der Ukranine per Submission Mails
>> versenden müssen. Weiterhin müssen natürlich alle Benutzer deines
>> Mailsystems Ihre Clients so einrichten, dass sie über den Submission
>> einliefern.
> GeoIP hab ich mir mal angeschaut und die kostenlose Version ist auch auf dem Server installiert.
> Wie bau ich das in den Postfix wo ein?
>
> Hier noch die Master.cf, eventiuell hab ich da was verkorkst:
> (postconf-n: is ganz unten im mail)
>
> Dank und Gruss
> Matthias
>
>
> #
> # Postfix master process configuration file. For details on the format
> # of the file, see the master(5) manual page (command: "man 5 master").
> #
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> # ==== Begin auto-generated section ========================================
> # This section of the master.cf file is auto-generated by the Server Admin
> # Mail backend plugin whenever mails settings are modified.
> smtp inet n - n - - smtpd
> -o smtpd_sender_restrictions=permit_mynetworks,reject
> smtp unix - - n - - smtp
> submission inet n - n - - smtpd
> -o smtpd_tls_security_level=encrypt
> #encrypt
> # === End auto-generated section ===========================================
> #=====inserted 16.3.2012
> # -o smtpd_enforce_tls=may
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o milter_macro_daemon_name=ORIGINATING
> #enabled 16.3.2012
> #smtps inet n - n - - smtpd
> #original mit smtps funzt net also daher mit port ....
> 465 inet n - n - - smtpd
> -o smtpd_tls_wrappermode=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o milter_macro_daemon_name=ORIGINATING
> #======= finish edit
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> proxywrite unix - - n - 1 proxymap
> #
> # ====================================================================
> # amavis set up
> # ====================================================================
> #
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
>
> 192.168.2.10:25 inet n - n - - smtpd
> -o content_filter=smtp-amavis:[127.0.0.1]:10024
> -o receive_override_options=no_address_mappings
> -o mynetworks=127.0.0.0/8,192.168.2.0/24,192.168.1.0/24
> #
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8,192.168.2.0/24,192.168.1.0/24
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
> #
> 127.0.0.1:10027 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8,192.168.2.0/24,192.168.1.0/24
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent. See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> #maildrop unix - n n - - pipe
> # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> #
> # ====================================================================
> #
> # The Cyrus deliver program has changed incompatibly, multiple times.
> #
> #old-cyrus unix - n n - - pipe
> # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> #
> # ====================================================================
> #
> # Cyrus 2.1.5 (Amos Gouaux)
> # Also specify in main.cf: cyrus_destination_recipient_limit=1
> #
> cyrus unix - n n - - pipe
> user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> #
> # ====================================================================
> #
> # See the Postfix UUCP_README file for configuration details.
> #
> #uucp unix - n n - - pipe
> # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> #
> # ====================================================================
> #
> # Other external delivery methods.
> #
> #ifmail unix - n n - - pipe
> # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> #
> #bsmtp unix - n n - - pipe
> # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> #
> #scalemail-backend unix - n n - 2 pipe
> # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> # ${nexthop} ${user} ${extension}
> #
> mailman unix - n n - - pipe
> flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
> ${nexthop} ${user}
> #
> # Dovecot deliver
> #
> dovecot unix - n n - 25 pipe
> flags=DRhu user=_dovecot:mail argv=/usr/libexec/dovecot/deliver -d ${user}
> #
> # Greylist policy server
> #
> policy unix - n n - - spawn
> user=nobody:mail argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
>
> smtp-amavis unix - - y - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
>
> 127.0.0.1:10025 inet n - y - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_enforce_tls=no
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o receive_override_options=no_header_body_checks
>
>> Am 21.08.2014 um 07:59 schrieb Matthias Schmidt:
>>> Hallo,
>>> ich seh in meinem log viele viele mails, die von irgendwoher kommen und meist an französische yohoo Adressen gehen.
>>>
>>> ich hab den Server via http://mxtoolbox.com/ getestet und das Tool sagt kein Open Relay.
>>>
>>> Nachdem ich dem noch weiter in den Logs gewühlt habe, sieht es so aus als ob ein User-Account geknackt wurde.
>>> Das entsprechende Passwort hab ich gleich mal geändert.
>>>
>>> amavis wirft entsprechend folgende Warnung aus:
>>> Open relay? Nonlocal recips but not originating
>>> Kann ich das irgendwie unterbinden, so dass das senden nur von lokalen Account aus erlaubt ist, trotz geknacktem login?
>>>
>>>
>>> Hier meine postconf-n:
>>> 2bounce_notice_recipient = postmaster
>>> access_map_reject_code = 554
>>> address_verify_default_transport = $default_transport
>>> address_verify_local_transport = $local_transport
>>> address_verify_map =
>>> address_verify_negative_cache = yes
>>> address_verify_negative_expire_time = 3d
>>> address_verify_negative_refresh_time = 3h
>>> address_verify_poll_count = 3
>>> address_verify_poll_delay = 3s
>>> address_verify_positive_expire_time = 31d
>>> address_verify_positive_refresh_time = 7d
>>> address_verify_relay_transport = $relay_transport
>>> address_verify_relayhost = $relayhost
>>> address_verify_sender = $double_bounce_sender
>>> address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
>>> address_verify_service_name = verify
>>> address_verify_transport_maps = $transport_maps
>>> address_verify_virtual_transport = $virtual_transport
>>> alias_database = hash:/etc/aliases
>>> alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
>>> allow_mail_to_commands = alias, forward
>>> allow_mail_to_files = alias, forward
>>> always_bcc =
>>> anvil_rate_time_unit = 60s
>>> anvil_status_update_time = 600s
>>> application_event_drain_time = 100s
>>> authorized_flush_users = static:anyone
>>> authorized_mailq_users = static:anyone
>>> authorized_submit_users = static:anyone
>>> backwards_bounce_logfile_compatibility = yes
>>> berkeley_db_create_buffer_size = 16777216
>>> berkeley_db_read_buffer_size = 131072
>>> best_mx_transport =
>>> body_checks_size_limit = 51200
>>> bounce_notice_recipient = postmaster
>>> bounce_queue_lifetime = 5d
>>> bounce_service_name = bounce
>>> bounce_size_limit = 50000
>>> bounce_template_file =
>>> canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
>>> check_for_od_forward = yes
>>> cleanup_service_name = cleanup
>>> command_directory = /usr/sbin
>>> command_execution_directory =
>>> command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
>>> command_time_limit = 1000s
>>> config_directory = /etc/postfix
>>> connection_cache_protocol_timeout = 5s
>>> connection_cache_service_name = scache
>>> connection_cache_status_update_time = 600s
>>> connection_cache_ttl_limit = 2s
>>> content_filter = smtp-amavis:[127.0.0.1]:10024
>>> cyrus_sasl_config_path =
>>> daemon_directory = /usr/libexec/postfix
>>> daemon_timeout = 18000s
>>> data_directory = /var/lib/postfix
>>> debug_peer_level = 5
>>> debug_peer_list =
>>> default_database_type = hash
>>> default_delivery_slot_cost = 5
>>> default_delivery_slot_discount = 50
>>> default_delivery_slot_loan = 3
>>> default_destination_concurrency_failed_cohort_limit = 1
>>> default_destination_concurrency_limit = 20
>>> default_destination_concurrency_negative_feedback = 1
>>> default_destination_concurrency_positive_feedback = 1
>>> default_destination_rate_delay = 0s
>>> default_destination_recipient_limit = 50
>>> default_extra_recipient_limit = 1000
>>> default_minimum_delivery_slots = 3
>>> default_privs = nobody
>>> default_process_limit = 100
>>> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
>>> default_recipient_limit = 20000
>>> default_recipient_refill_delay = 5s
>>> default_recipient_refill_limit = 100
>>> default_transport = smtp
>>> default_verp_delimiters = +=
>>> defer_code = 450
>>> defer_service_name = defer
>>> defer_transports =
>>> delay_logging_resolution_limit = 2
>>> delay_notice_recipient = postmaster
>>> delay_warning_time = 0h
>>> deliver_lock_attempts = 20
>>> deliver_lock_delay = 1s
>>> destination_concurrency_feedback_debug = no
>>> detect_8bit_encoding_header = yes
>>> dont_remove = 0
>>> double_bounce_sender = double-bounce
>>> duplicate_filter_limit = 1000
>>> empty_address_recipient = MAILER-DAEMON
>>> empty_address_relayhost_maps_lookup_key = <>
>>> enable_original_recipient = yes
>>> enable_server_options = yes
>>> error_notice_recipient = postmaster
>>> error_service_name = error
>>> execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
>>> export_environment = TZ MAIL_CONFIG LANG
>>> fallback_transport =
>>> fallback_transport_maps =
>>> fast_flush_domains = $relay_domains
>>> fast_flush_purge_time = 7d
>>> fast_flush_refresh_time = 12h
>>> fault_injection_code = 0
>>> flush_service_name = flush
>>> fork_attempts = 5
>>> fork_delay = 1s
>>> forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
>>> forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
>>> frozen_delivered_to = yes
>>> hash_queue_depth = 1
>>> hash_queue_names = deferred,defer
>>> header_address_token_limit = 10240
>>> header_checks = pcre:/etc/postfix/custom_header_checks
>>> header_size_limit = 102400
>>> hopcount_limit = 50
>>> html_directory = no
>>> import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
>>> in_flow_delay = 1s
>>> inet_interfaces = all
>>> inet_protocols = ipv4
>>> initial_destination_concurrency = 5
>>> internal_mail_filter_classes =
>>> invalid_hostname_reject_code = 501
>>> ipc_idle = 5s
>>> ipc_timeout = 3600s
>>> ipc_ttl = 1000s
>>> line_length_limit = 2048
>>> lmtp_bind_address =
>>> lmtp_bind_address6 =
>>> lmtp_body_checks =
>>> lmtp_cname_overrides_servername = no
>>> lmtp_connect_timeout = 0s
>>> lmtp_connection_cache_destinations =
>>> lmtp_connection_cache_on_demand = yes
>>> lmtp_connection_cache_time_limit = 2s
>>> lmtp_connection_reuse_time_limit = 300s
>>> lmtp_data_done_timeout = 600s
>>> lmtp_data_init_timeout = 120s
>>> lmtp_data_xfer_timeout = 180s
>>> lmtp_defer_if_no_mx_address_found = no
>>> lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
>>> lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
>>> lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
>>> lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
>>> lmtp_destination_rate_delay = $default_destination_rate_delay
>>> lmtp_destination_recipient_limit = $default_destination_recipient_limit
>>> lmtp_discard_lhlo_keyword_address_maps =
>>> lmtp_discard_lhlo_keywords =
>>> lmtp_enforce_tls = no
>>> lmtp_generic_maps =
>>> lmtp_header_checks =
>>> lmtp_host_lookup = dns
>>> lmtp_initial_destination_concurrency = $initial_destination_concurrency
>>> lmtp_lhlo_name = $myhostname
>>> lmtp_lhlo_timeout = 300s
>>> lmtp_line_length_limit = 990
>>> lmtp_mail_timeout = 300s
>>> lmtp_mime_header_checks =
>>> lmtp_mx_address_limit = 5
>>> lmtp_mx_session_limit = 2
>>> lmtp_nested_header_checks =
>>> lmtp_pix_workaround_delay_time = 10s
>>> lmtp_pix_workaround_maps =
>>> lmtp_pix_workaround_threshold_time = 500s
>>> lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
>>> lmtp_quit_timeout = 300s
>>> lmtp_quote_rfc821_envelope = yes
>>> lmtp_randomize_addresses = yes
>>> lmtp_rcpt_timeout = 300s
>>> lmtp_rset_timeout = 20s
>>> lmtp_sasl_auth_cache_name =
>>> lmtp_sasl_auth_cache_time = 90d
>>> lmtp_sasl_auth_soft_bounce = yes
>>> lmtp_sasl_mechanism_filter =
>>> lmtp_sasl_path =
>>> lmtp_sasl_security_options = noplaintext, noanonymous
>>> lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
>>> lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
>>> lmtp_sasl_type = cyrus
>>> lmtp_send_xforward_command = no
>>> lmtp_sender_dependent_authentication = no
>>> lmtp_skip_5xx_greeting = yes
>>> lmtp_starttls_timeout = 300s
>>> lmtp_tcp_port = 24
>>> lmtp_tls_CAfile =
>>> lmtp_tls_CApath =
>>> lmtp_tls_cert_file =
>>> lmtp_tls_dcert_file =
>>> lmtp_tls_dkey_file = $lmtp_tls_dcert_file
>>> lmtp_tls_enforce_peername = yes
>>> lmtp_tls_exclude_ciphers =
>>> lmtp_tls_fingerprint_cert_match =
>>> lmtp_tls_fingerprint_digest = md5
>>> lmtp_tls_key_file = $lmtp_tls_cert_file
>>> lmtp_tls_loglevel = 0
>>> lmtp_tls_mandatory_ciphers = medium
>>> lmtp_tls_mandatory_exclude_ciphers =
>>> lmtp_tls_mandatory_protocols = SSLv3, TLSv1
>>> lmtp_tls_note_starttls_offer = no
>>> lmtp_tls_per_site =
>>> lmtp_tls_policy_maps =
>>> lmtp_tls_scert_verifydepth = 9
>>> lmtp_tls_secure_cert_match = nexthop
>>> lmtp_tls_security_level =
>>> lmtp_tls_session_cache_database =
>>> lmtp_tls_session_cache_timeout = 3600s
>>> lmtp_tls_verify_cert_match = hostname
>>> lmtp_use_tls = no
>>> lmtp_xforward_timeout = 300s
>>> local_command_shell =
>>> local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
>>> local_destination_concurrency_limit = 2
>>> local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
>>> local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
>>> local_destination_rate_delay = $default_destination_rate_delay
>>> local_destination_recipient_limit = 1
>>> local_header_rewrite_clients = permit_inet_interfaces
>>> local_initial_destination_concurrency = $initial_destination_concurrency
>>> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
>>> local_transport = local:$myhostname
>>> luser_relay =
>>> mail_name = Postfix
>>> mail_owner = _postfix
>>> mail_release_date = 20080902
>>> mail_spool_directory = /var/mail
>>> mail_version = 2.5.5
>>> mailbox_command =
>>> mailbox_command_maps =
>>> mailbox_delivery_lock = flock, dotlock
>>> mailbox_size_limit = 0
>>> mailbox_transport = dovecot
>>> mailbox_transport_maps =
>>> mailq_path = /usr/bin/mailq
>>> manpage_directory = /usr/share/man
>>> maps_rbl_domains =
>>> maps_rbl_reject_code = 554
>>> masquerade_classes = envelope_sender, header_sender, header_recipient
>>> masquerade_domains =
>>> masquerade_exceptions =
>>> max_idle = 100s
>>> max_use = 100
>>> maximal_backoff_time = 4000s
>>> maximal_queue_lifetime = 5d
>>> message_reject_characters =
>>> message_size_limit = 41943040
>>> message_strip_characters =
>>> milter_command_timeout = 30s
>>> milter_connect_macros = j {daemon_name} v
>>> milter_connect_timeout = 30s
>>> milter_content_timeout = 300s
>>> milter_data_macros = i
>>> milter_default_action = tempfail
>>> milter_end_of_data_macros = i
>>> milter_end_of_header_macros = i
>>> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
>>> milter_macro_daemon_name = $myhostname
>>> milter_macro_v = $mail_name $mail_version
>>> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
>>> milter_protocol = 2
>>> milter_rcpt_macros = i {rcpt_addr}
>>> milter_unknown_command_macros =
>>> mime_boundary_length_limit = 2048
>>> mime_header_checks = $header_checks
>>> mime_nesting_limit = 100
>>> minimal_backoff_time = 300s
>>> multi_recipient_bounce_reject_code = 550
>>> mydestination = $myhostname, localhost.$mydomain, localhost, mail.$mydomain, liste.$mydomain, $mydomain
>>> mydomain = admilon.net
>>> mydomain_fallback = localhost
>>> myhostname = mcgregor.admilon.net
>>> mynetworks = 127.0.0.0/8,192.168.2.0/24,192.168.1.0/24
>>> mynetworks_style = host
>>> myorigin = $myhostname
>>> nested_header_checks = $header_checks
>>> newaliases_path = /usr/bin/newaliases
>>> non_fqdn_reject_code = 504
>>> non_smtpd_milters =
>>> notify_classes = resource, software
>>> owner_request_special = no
>>> parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
>>> permit_mx_backup_networks =
>>> pickup_service_name = pickup
>>> plaintext_reject_code = 450
>>> prepend_delivered_header = command, file, forward
>>> process_id_directory = pid
>>> propagate_unmatched_extensions = canonical, virtual
>>> proxy_interfaces =
>>> proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
>>> proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
>>> qmgr_clog_warn_time = 300s
>>> qmgr_fudge_factor = 100
>>> qmgr_message_active_limit = 20000
>>> qmgr_message_recipient_limit = 20000
>>> qmgr_message_recipient_minimum = 10
>>> qmqpd_authorized_clients =
>>> qmqpd_client_port_logging = no
>>> qmqpd_error_delay = 1s
>>> qmqpd_timeout = 300s
>>> queue_directory = /private/var/spool/postfix
>>> queue_file_attribute_count_limit = 100
>>> queue_minfree = 0
>>> queue_run_delay = 300s
>>> queue_service_name = qmgr
>>> rbl_reply_maps =
>>> readme_directory = /usr/share/doc/postfix
>>> receive_override_options =
>>> recipient_bcc_maps =
>>> recipient_canonical_classes = envelope_recipient, header_recipient
>>> recipient_delimiter = +
>>> reject_code = 554
>>> relay_clientcerts =
>>> relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
>>> relay_destination_concurrency_limit = $default_destination_concurrency_limit
>>> relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
>>> relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
>>> relay_destination_rate_delay = $default_destination_rate_delay
>>> relay_destination_recipient_limit = $default_destination_recipient_limit
>>> relay_domains = $mydestination
>>> relay_domains_reject_code = 554
>>> relay_initial_destination_concurrency = $initial_destination_concurrency
>>> relay_recipient_maps =
>>> relay_transport = relay
>>> relayhost =
>>> relocated_maps =
>>> remote_header_rewrite_domain =
>>> resolve_null_domain = no
>>> resolve_numeric_domain = no
>>> rewrite_service_name = rewrite
>>> sample_directory = /usr/share/doc/postfix/examples
>>> send_cyrus_sasl_authzid = no
>>> sender_bcc_maps =
>>> sender_canonical_classes = envelope_sender, header_sender
>>> sender_canonical_maps =
>>> sender_dependent_relayhost_maps =
>>> sendmail_path = /usr/sbin/sendmail
>>> service_throttle_time = 60s
>>> setgid_group = _postdrop
>>> showq_service_name = showq
>>> smtp_bind_address6 =
>>> smtp_body_checks =
>>> smtp_cname_overrides_servername = no
>>> smtp_connect_timeout = 30s
>>> smtp_connection_cache_destinations =
>>> smtp_connection_cache_on_demand = yes
>>> smtp_connection_cache_time_limit = 2s
>>> smtp_connection_reuse_time_limit = 300s
>>> smtp_data_done_timeout = 600s
>>> smtp_data_init_timeout = 120s
>>> smtp_data_xfer_timeout = 180s
>>> smtp_defer_if_no_mx_address_found = no
>>> smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
>>> smtp_destination_concurrency_limit = $default_destination_concurrency_limit
>>> smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
>>> smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
>>> smtp_destination_rate_delay = $default_destination_rate_delay
>>> smtp_destination_recipient_limit = $default_destination_recipient_limit
>>> smtp_discard_ehlo_keyword_address_maps =
>>> smtp_discard_ehlo_keywords =
>>> smtp_fallback_relay = $fallback_relay
>>> smtp_generic_maps =
>>> smtp_header_checks =
>>> smtp_helo_name = $myhostname
>>> smtp_helo_timeout = 300s
>>> smtp_host_lookup = dns
>>> smtp_initial_destination_concurrency = $initial_destination_concurrency
>>> smtp_line_length_limit = 990
>>> smtp_mail_timeout = 300s
>>> smtp_mime_header_checks =
>>> smtp_mx_address_limit = 5
>>> smtp_mx_session_limit = 2
>>> smtp_nested_header_checks =
>>> smtp_pix_workaround_delay_time = 10s
>>> smtp_pix_workaround_maps =
>>> smtp_pix_workaround_threshold_time = 500s
>>> smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
>>> smtp_quit_timeout = 300s
>>> smtp_quote_rfc821_envelope = yes
>>> smtp_rcpt_timeout = 300s
>>> smtp_rset_timeout = 20s
>>> smtp_sasl_auth_cache_name =
>>> smtp_sasl_auth_cache_time = 90d
>>> smtp_sasl_auth_soft_bounce = yes
>>> smtp_sasl_mechanism_filter =
>>> smtp_sasl_password_maps =
>>> smtp_sasl_path =
>>> smtp_sasl_security_options = noplaintext, noanonymous
>>> smtp_sasl_tls_security_options = $smtp_sasl_security_options
>>> smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
>>> smtp_sasl_type = cyrus
>>> smtp_send_xforward_command = no
>>> smtp_sender_dependent_authentication = no
>>> smtp_starttls_timeout = 300s
>>> smtp_tls_CAfile =
>>> smtp_tls_CApath =
>>> smtp_tls_dcert_file =
>>> smtp_tls_dkey_file = $smtp_tls_dcert_file
>>> smtp_tls_enforce_peername = yes
>>> smtp_tls_exclude_ciphers =
>>> smtp_tls_fingerprint_cert_match =
>>> smtp_tls_fingerprint_digest = md5
>>> smtp_tls_key_file = $smtp_tls_cert_file
>>> smtp_tls_loglevel = 0
>>> smtp_tls_mandatory_ciphers = high
>>> smtp_tls_mandatory_exclude_ciphers =
>>> smtp_tls_mandatory_protocols = SSLv3, TLSv1
>>> smtp_tls_note_starttls_offer = yes
>>> smtp_tls_per_site =
>>> smtp_tls_policy_maps =
>>> smtp_tls_scert_verifydepth = 9
>>> smtp_tls_secure_cert_match = nexthop, dot-nexthop
>>> smtp_tls_session_cache_database =
>>> smtp_tls_session_cache_timeout = 3600s
>>> smtp_tls_verify_cert_match = hostname
>>> smtp_use_tls = no
>>> smtp_xforward_timeout = 300s
>>> smtpd_authorized_verp_clients = $authorized_verp_clients
>>> smtpd_authorized_xclient_hosts =
>>> smtpd_authorized_xforward_hosts =
>>> smtpd_banner = $myhostname ESMTP $mail_name
>>> smtpd_client_connection_count_limit = 50
>>> smtpd_client_connection_rate_limit = 0
>>> smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
>>> smtpd_client_message_rate_limit = 0
>>> smtpd_client_new_tls_session_rate_limit = 10
>>> smtpd_client_port_logging = no
>>> smtpd_client_recipient_rate_limit = 0
>>> smtpd_client_restrictions =
>>> smtpd_data_restrictions = reject_unauth_pipelining
>>> smtpd_delay_open_until_valid_rcpt = yes
>>> smtpd_discard_ehlo_keyword_address_maps =
>>> smtpd_discard_ehlo_keywords =
>>> smtpd_end_of_data_restrictions =
>>> smtpd_enforce_tls = no
>>> smtpd_error_sleep_time = 1s
>>> smtpd_etrn_restrictions =
>>> smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
>>> smtpd_forbidden_commands = CONNECT GET POST
>>> smtpd_hard_error_limit = 20
>>> smtpd_helo_required = yes
>>> smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
>>> smtpd_history_flush_threshold = 100
>>> smtpd_junk_command_limit = 100
>>> smtpd_milters =
>>> smtpd_noop_commands =
>>> smtpd_null_access_lookup_key = <>
>>> smtpd_peername_lookup = yes
>>> smtpd_policy_service_max_idle = 300s
>>> smtpd_policy_service_max_ttl = 1000s
>>> smtpd_policy_service_timeout = 100s
>>> smtpd_proxy_ehlo = $myhostname
>>> smtpd_proxy_filter =
>>> smtpd_proxy_timeout = 100s
>>> smtpd_pw_server_security_options = login,gssapi,cram-md5
>>> smtpd_recipient_limit = 1000
>>> smtpd_recipient_overshoot_limit = 1000
>>> smtpd_recipient_restrictions = permit_sasl_authenticated permit_tls_clientcerts check_sender_access hash:/etc/postfix/whitelist check_sender_access regexp:/etc/postfix/tag_as_originating.re check_sender_access regexp:/etc/postfix/tag_as_foreign.re reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_unauth_destination reject_rbl_client cbl.abuseat.org
>>> smtpd_reject_unlisted_recipient = yes
>>> smtpd_reject_unlisted_sender = no
>>> smtpd_restriction_classes =
>>> smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_authenticated_header = no
>>> smtpd_sasl_exceptions_networks =
>>> smtpd_sasl_path = smtpd
>>> smtpd_sasl_security_options = noanonymous
>>> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>>> smtpd_sasl_type = cyrus
>>> smtpd_sender_login_maps =
>>> smtpd_sender_restrictions =
>>> smtpd_soft_error_limit = 10
>>> smtpd_starttls_timeout = 300s
>>> smtpd_timeout = 300s
>>> smtpd_tls_CAfile = /etc/certificates/mcgregor.admilon.net.31B2A8BE25A7A4BCEA17E4A2982578C3AC6E5419.chain.pem
>>> smtpd_tls_CApath =
>>> smtpd_tls_always_issue_session_ids = yes
>>> smtpd_tls_ask_ccert = no
>>> smtpd_tls_auth_only = no
>>> smtpd_tls_ccert_verifydepth = 9
>>> smtpd_tls_cert_file = /etc/certificates/mcgregor.admilon.net.31B2A8BE25A7A4BCEA17E4A2982578C3AC6E5419.cert.pem
>>> smtpd_tls_dcert_file =
>>> smtpd_tls_dh1024_param_file =
>>> smtpd_tls_dh512_param_file =
>>> smtpd_tls_dkey_file = $smtpd_tls_dcert_file
>>> smtpd_tls_exclude_ciphers =
>>> smtpd_tls_fingerprint_digest = md5
>>> smtpd_tls_key_file = /etc/certificates/mcgregor.admilon.net.31B2A8BE25A7A4BCEA17E4A2982578C3AC6E5419.key.pem
>>> smtpd_tls_loglevel = 0
>>> smtpd_tls_mandatory_ciphers = medium
>>> smtpd_tls_mandatory_exclude_ciphers =
>>> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
>>> smtpd_tls_received_header = no
>>> smtpd_tls_req_ccert = no
>>> smtpd_tls_security_level = may
>>> smtpd_tls_session_cache_database =
>>> smtpd_tls_session_cache_timeout = 3600s
>>> smtpd_tls_wrappermode = no
>>> smtpd_use_pw_server = yes
>>> smtpd_use_tls = yes
>>> stale_lock_time = 500s
>>> stress =
>>> strict_mailbox_ownership = yes
>>> syslog_facility = mail
>>> syslog_name = postfix
>>> tls_daemon_random_bytes = 32
>>> tls_export_cipherlist = ALL:+RC4:@STRENGTH
>>> tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
>>> tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
>>> tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
>>> tls_null_cipherlist = eNULL:!aNULL
>>> tls_random_bytes = 32
>>> tls_random_exchange_name = ${data_directory}/prng_exch
>>> tls_random_prng_update_period = 3600s
>>> tls_random_reseed_period = 3600s
>>> tls_random_source = dev:/dev/urandom
>>> trace_service_name = trace
>>> transport_maps =
>>> transport_retry_time = 60s
>>> trigger_timeout = 10s
>>> undisclosed_recipients_header = To: undisclosed-recipients:;
>>> unknown_address_reject_code = 450
>>> unknown_client_reject_code = 450
>>> unknown_hostname_reject_code = 450
>>> unknown_local_recipient_reject_code = 550
>>> unknown_relay_recipient_reject_code = 550
>>> unknown_virtual_alias_reject_code = 550
>>> unknown_virtual_mailbox_reject_code = 550
>>> unverified_recipient_reject_code = 450
>>> unverified_sender_reject_code = 450
>>> use_getpwnam_ext = yes
>>> use_od_delivery_path = no
>>> verp_delimiter_filter = -=+
>>> virtual_alias_domains = hash:/etc/postfix/virtual_domains
>>> virtual_alias_expansion_limit = 1000
>>> virtual_alias_maps = hash:/etc/postfix/virtual hash:/private/var/mailman/data/virtual-mailman
>>> virtual_alias_recursion_limit = 1000
>>> virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
>>> virtual_destination_concurrency_limit = $default_destination_concurrency_limit
>>> virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
>>> virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
>>> virtual_destination_rate_delay = $default_destination_rate_delay
>>> virtual_destination_recipient_limit = $default_destination_recipient_limit
>>> virtual_gid_maps =
>>> virtual_initial_destination_concurrency = $initial_destination_concurrency
>>> virtual_mailbox_base =
>>> virtual_mailbox_domains = hash:/etc/postfix/virtual_domains_dummy
>>> virtual_mailbox_limit = 51200000
>>> virtual_mailbox_lock = fcntl, dotlock
>>> virtual_mailbox_maps =
>>> virtual_minimum_uid = 100
>>> virtual_transport = virtual
>>> virtual_uid_maps =
>>>
>>> Dank und Gruss
>>> Matthias
>>>
>>>
>>> _______________________________________________
>>> postfix-users mailing list
>>> postfix-users at de.postfix.org
>>> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
>> _______________________________________________
>> postfix-users mailing list
>> postfix-users at de.postfix.org
>> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
>
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
>
>
Mehr Informationen über die Mailingliste postfix-users