- postfix-users - list.sys4.de

mails hängen in mailq
by Andreas Wass - Glas Gasperlmair 05 Dec '16

05 Dec '16

Hallo liebe Postfixler! Ich bin am verzweifeln, bitte um rasche Hilfe! Wie ich heute schon unter einem anderen Mailaccount geschrieben haben wir seit unserer Umstellung auf einen neuen postfix Probleme mit der Mailq. Es gibt ungefähr 20 mails die in der Mailq hängen und bei jedem erneutem Ausliefern z. B. mit postsuper -r ALL eine andere QUEUEID bekommen uns wieder hängenbleiben. Die Mail wird nur in unserem archiv2016ausgang(a)glas-gasperlmair.at abgelegt, aber nicht an die externen Empfänger (davor landet das Ganze wieder in der Mailq so wie es aussieht) *grep 'Alexander.Himsl(a)josko.at' /var/log/maillog* Dec 5 11:06:48 mail amavis[27067]: (27067-19) Checking: VpyDbVt4Zfdd AM.PDP-SOCK/MYNETS [192.168.105.82] <barbara.thurner(a)glas-gasperlmair.at> -> <Alexander.Himsl(a)josko.at>,<Daniela.jagereder(a)josko.at>,<josef.ploeckinger(a)josko.at>,<Katharina.Jobst(a)josko.at>,<markus.reischl(a)josko.at>,<richard.tusori(a)josko.at>,<simone.hirnsperger(a)josko.at>,<magdalena.jaeger(a)josko.at> Dec 5 11:06:52 mail amavis[27067]: (27067-19) Passed CLEAN {AcceptedOutbound}, AM.PDP-SOCK/MYNETS LOCAL [192.168.105.82] <barbara.thurner(a)glas-gasperlmair.at> -> <Alexander.Himsl(a)josko.at>,<Daniela.jagereder(a)josko.at>,<josef.ploeckinger(a)josko.at>,<Katharina.Jobst(a)josko.at>,<markus.reischl(a)josko.at>,<richard.tusori(a)josko.at>,<simone.hirnsperger(a)josko.at>,<magdalena.jaeger(a)josko.at>, Queue-ID: *3B59B323168EAF*, Message-ID: <58453C36.9080306(a)glas-gasperlmair.at>, mail_id: VpyDbVt4Zfdd, Hits: -0.999, size: 458496, 4514 ms *grep 3B59B323168EAF /var/log/maillog* Dec 5 11:06:47 mail postfix/smtpd[25658]: 3B59B323168EAF: client=unknown[192.168.105.82] Dec 5 11:06:47 mail postfix/cleanup[27089]: 3B59B323168EAF: message-id=<58453C36.9080306(a)glas-gasperlmair.at> Dec 5 11:06:52 mail amavis[27067]: (27067-19) Passed CLEAN {AcceptedOutbound}, AM.PDP-SOCK/MYNETS LOCAL [192.168.105.82] <barbara.thurner(a)glas-gasperlmair.at> -> <Alexander.Himsl(a)josko.at>,<Daniela.jagereder(a)josko.at>,<josef.ploeckinger(a)josko.at>,<Katharina.Jobst(a)josko.at>,<markus.reischl(a)josko.at>,<richard.tusori(a)josko.at>,<simone.hirnsperger(a)josko.at>,<magdalena.jaeger(a)josko.at>, Queue-ID: 3B59B323168EAF, Message-ID: <58453C36.9080306(a)glas-gasperlmair.at>, mail_id: VpyDbVt4Zfdd, Hits: -0.999, size: 458496, 4514 ms Dec 5 11:06:52 mail postfix/qmgr[25626]: 3B59B323168EAF: from=<barbara.thurner(a)glas-gasperlmair.at>, size=458596, nrcpt=9 (queue active) Dec 5 11:06:53 mail postfix/lmtp[26743]: 3B59B323168EAF: to=<archiv2016ausgang(a)glas-gasperlmair.at>, relay=127.0.0.1[127.0.0.1]:24, delay=5.8, delays=5.7/0.01/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 <archiv2016ausgang(a)glas-gasperlmair.at> CV6oNzw8RVglagAA9a9gbQ Saved) Dec 5 11:12:35 mail postfix/pickup[25624]: *C39423087F6584*: uid=89 from=<barbara.thurner(a)glas-gasperlmair.at> orig_id=*3B59B323168EAF ... und landet mit **C39423087F6584 wieder in der mailq Bitte, bitte um Tipps, was ich tun kann Anbei nochmal meine master.cf *#smtp inet n - n - - smtpd smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd # -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=no -o smtpd_milters=${amavisd_milter} dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_etrn_restrictions=reject # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # -o milter_macro_daemon_name=MYSUBMITTERS -o content_filter=smtp:[127.0.0.1]:10024 -o receive_override_options=no_address_mappings # -o smtpd_milters=${amavisd_milter} #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} #amavisd reinject #amavisd unix - n n - - pipe 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= -- Mit freundlichen Grüßen *Andreas Wass* Glas Gasperlmair Gesellschaft m.b.H Schwaighof 105 A-5602 Wagrain Tel: +43 (0)6413/8802-522 Fax: +43 (0) 6413/8802-33 E-Mail: a.wass(a)glas-gasperlmair.at <mailto:a.wass@glas-gasperlmair.at>

3 8

Probleme nach Mailserverumstellung
by Andreas Wass - Glas Gasperlmair 05 Dec '16

05 Dec '16

Liebe Postfix Könner! Bitte um eure Hilfe! Ich bin etwas irritiert nach meine Umstellung auf einen neuen Mailsever (postfix postfix-2.11.8-1.el7.centos.x86_64) *1. Mailqueue dauert sehr lang bis abgearbeitet wird* Ich stosse die Abarbeitung ab und zu mittels postsuper -r ALL an *2. Viele Meldungen wie folgt* Dec 5 08:30:38 mail postfix/smtp[18758]: warning: open active 458553461E5FC4: No such file or directory *Maillog sagt:* grep 458553461E5FC4 /var/log/maillog Dec 5 07:43:27 mail postfix/smtpd[15671]: 458553461E5FC4: client=unknown[192.168.105.7] Dec 5 07:43:27 mail postfix/cleanup[16244]: 458553461E5FC4: message-id=<201612050643.uB56hMIG013607(a)daisy.glas.local> Dec 5 07:43:30 mail amavis[16141]: (16141-15) Passed CLEAN {AcceptedOutbound}, AM.PDP-SOCK/MYNETS LOCAL [192.168.105.7] <fakturierung(a)glas-gasperlmair.at> -> <rechnungseingang(a)josko.at>, Queue-ID: 458553461E5FC4, Message-ID: <201612050643.uB56hMIG013607(a)daisy.glas.local>, mail_id: BWp25jApoPO3, Hits: -0.999, size: 726662, 981 ms Dec 5 07:43:30 mail postfix/qmgr[2826]: 458553461E5FC4: from=<fakturierung(a)glas-gasperlmair.at>, size=726805, nrcpt=2 (queue active) Dec 5 07:43:30 mail postfix/lmtp[16094]: 458553461E5FC4: to=<archiv2016ausgang(a)glas-gasperlmair.at>, relay=127.0.0.1[127.0.0.1]:24, delay=3.1, delays=2.9/0/0/0.16, dsn=2.0.0, status=sent (250 2.0.0 <archiv2016ausgang(a)glas-gasperlmair.at> 0uJtB5IMRVgUPwAA9a9gbQ Saved) Dec 5 08:27:48 mail postfix/pickup[16881]: D8505323EA2C42: uid=89 from=<fakturierung(a)glas-gasperlmair.at> orig_id=458553461E5FC4 Dec 5 08:30:38 mail postfix/smtp[18758]: warning: open active 458553461E5FC4: No such file or directory Anbei sende ich euch meine Config: postconf -f 2bounce_notice_recipient = postmaster access_map_defer_code = 450 access_map_reject_code = 554 address_verify_cache_cleanup_interval = 12h address_verify_default_transport = $default_transport address_verify_local_transport = $local_transport address_verify_map = btree:$data_directory/verify_cache address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 3h address_verify_poll_count = ${stress?1}${stress:3} address_verify_poll_delay = 3s address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d address_verify_relay_transport = $relay_transport address_verify_relayhost = $relayhost address_verify_sender = $double_bounce_sender address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps address_verify_sender_ttl = 0s address_verify_service_name = verify address_verify_transport_maps = $transport_maps address_verify_virtual_transport = $virtual_transport alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_mail_to_commands = alias, forward allow_mail_to_files = alias, forward allow_min_user = no allow_percent_hack = yes allow_untrusted_routing = no alternate_config_directories = always_add_missing_headers = no always_bcc = amavisd_milter = inet:127.0.0.1:8899 anvil_rate_time_unit = 60s anvil_status_update_time = 600s append_at_myorigin = yes append_dot_mydomain = yes application_event_drain_time = 100s authorized_flush_users = static:anyone authorized_mailq_users = static:anyone authorized_submit_users = static:anyone backwards_bounce_logfile_compatibility = yes berkeley_db_create_buffer_size = 16777216 berkeley_db_read_buffer_size = 131072 best_mx_transport = biff = yes body_checks = pcre:/etc/postfix/body_checks_map body_checks_size_limit = 51200 bounce_notice_recipient = postmaster bounce_queue_lifetime = 3d bounce_service_name = bounce bounce_size_limit = 50000 bounce_template_file = /etc/postfix/bounce.de-DE.cf broken_sasl_auth_clients = yes canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient canonical_maps = cleanup_service_name = cleanup command_directory = /usr/sbin command_execution_directory = command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ command_time_limit = 1000s config_directory = /etc/postfix connection_cache_protocol_timeout = 5s connection_cache_service_name = scache connection_cache_status_update_time = 600s connection_cache_ttl_limit = 2s content_filter = cyrus_sasl_config_path = daemon_directory = /usr/libexec/postfix daemon_table_open_error_is_fatal = no daemon_timeout = 18000s data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 >$config_directory/$process_name.$process_id.log & sleep 5 default_database_type = btree default_delivery_slot_cost = 5 default_delivery_slot_discount = 50 default_delivery_slot_loan = 3 default_destination_concurrency_failed_cohort_limit = 1 default_destination_concurrency_limit = 20 default_destination_concurrency_negative_feedback = 1 default_destination_concurrency_positive_feedback = 1 default_destination_rate_delay = 0s default_destination_recipient_limit = 50 default_extra_recipient_limit = 1000 default_filter_nexthop = default_minimum_delivery_slots = 3 default_privs = nobody default_process_limit = 100 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} default_recipient_limit = 20000 default_recipient_refill_delay = 5s default_recipient_refill_limit = 100 default_transport = smtp default_verp_delimiters = += defer_code = 450 defer_service_name = defer defer_transports = delay_logging_resolution_limit = 2 delay_notice_recipient = postmaster delay_warning_time = 0h deliver_lock_attempts = 20 deliver_lock_delay = 1s destination_concurrency_feedback_debug = no detect_8bit_encoding_header = yes disable_dns_lookups = no disable_mime_input_processing = no disable_mime_output_conversion = no disable_verp_bounces = no disable_vrfy_command = yes dnsblog_reply_delay = 0s dnsblog_service_name = dnsblog dont_remove = 0 double_bounce_sender = double-bounce duplicate_filter_limit = 1000 empty_address_default_transport_maps_lookup_key = <> empty_address_recipient = MAILER-DAEMON empty_address_relayhost_maps_lookup_key = <> enable_long_queue_ids = no enable_original_recipient = yes error_delivery_slot_cost = $default_delivery_slot_cost error_delivery_slot_discount = $default_delivery_slot_discount error_delivery_slot_loan = $default_delivery_slot_loan error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit error_destination_concurrency_limit = $default_destination_concurrency_limit error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback error_destination_rate_delay = $default_destination_rate_delay error_destination_recipient_limit = $default_destination_recipient_limit error_extra_recipient_limit = $default_extra_recipient_limit error_initial_destination_concurrency = $initial_destination_concurrency error_minimum_delivery_slots = $default_minimum_delivery_slots error_notice_recipient = postmaster error_recipient_limit = $default_recipient_limit error_recipient_refill_delay = $default_recipient_refill_delay error_recipient_refill_limit = $default_recipient_refill_limit error_service_name = error execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ expand_owner_alias = no export_environment = TZ MAIL_CONFIG LANG fallback_transport = fallback_transport_maps = fast_flush_domains = $relay_domains fast_flush_purge_time = 7d fast_flush_refresh_time = 12h fault_injection_code = 0 flush_service_name = flush fork_attempts = 5 fork_delay = 1s forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward frozen_delivered_to = yes hash_queue_depth = 1 hash_queue_names = deferred, defer header_address_token_limit = 10240 header_checks = pcre:/etc/postfix/header_checks_map header_size_limit = 102400 helpful_warnings = yes home_mailbox = hopcount_limit = 50 html_directory = no ignore_mx_lookup_error = no import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C in_flow_delay = 1s inet_interfaces = all inet_protocols = all initial_destination_concurrency = 5 internal_mail_filter_classes = invalid_hostname_reject_code = 501 ipc_idle = 5s ipc_timeout = 3600s ipc_ttl = 1000s line_length_limit = 2048 lmdb_map_size = 16777216 lmtp_address_preference = any lmtp_assume_final = no lmtp_bind_address = lmtp_bind_address6 = lmtp_body_checks = lmtp_cname_overrides_servername = no lmtp_connect_timeout = 0s lmtp_connection_cache_destinations = lmtp_connection_cache_on_demand = yes lmtp_connection_cache_time_limit = 2s lmtp_connection_reuse_count_limit = 0 lmtp_connection_reuse_time_limit = 300s lmtp_data_done_timeout = 600s lmtp_data_init_timeout = 120s lmtp_data_xfer_timeout = 180s lmtp_defer_if_no_mx_address_found = no lmtp_delivery_slot_cost = $default_delivery_slot_cost lmtp_delivery_slot_discount = $default_delivery_slot_discount lmtp_delivery_slot_loan = $default_delivery_slot_loan lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit lmtp_destination_concurrency_limit = $default_destination_concurrency_limit lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback lmtp_destination_rate_delay = $default_destination_rate_delay lmtp_destination_recipient_limit = $default_destination_recipient_limit lmtp_discard_lhlo_keyword_address_maps = lmtp_discard_lhlo_keywords = lmtp_dns_resolver_options = lmtp_dns_support_level = lmtp_enforce_tls = no lmtp_extra_recipient_limit = $default_extra_recipient_limit lmtp_generic_maps = btree:/etc/postfix/lmtp_generic_maps lmtp_header_checks = lmtp_host_lookup = dns lmtp_initial_destination_concurrency = $initial_destination_concurrency lmtp_lhlo_name = $myhostname lmtp_lhlo_timeout = 300s lmtp_line_length_limit = 998 lmtp_mail_timeout = 300s lmtp_mime_header_checks = lmtp_minimum_delivery_slots = $default_minimum_delivery_slots lmtp_mx_address_limit = 5 lmtp_mx_session_limit = 2 lmtp_nested_header_checks = lmtp_per_record_deadline = no lmtp_pix_workaround_delay_time = 10s lmtp_pix_workaround_maps = lmtp_pix_workaround_threshold_time = 500s lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf lmtp_quit_timeout = 300s lmtp_quote_rfc821_envelope = yes lmtp_randomize_addresses = yes lmtp_rcpt_timeout = 300s lmtp_recipient_limit = $default_recipient_limit lmtp_recipient_refill_delay = $default_recipient_refill_delay lmtp_recipient_refill_limit = $default_recipient_refill_limit lmtp_reply_filter = lmtp_rset_timeout = 20s lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_enable = no lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_password_maps = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus lmtp_send_dummy_mail_auth = no lmtp_send_xforward_command = no lmtp_sender_dependent_authentication = no lmtp_skip_5xx_greeting = yes lmtp_skip_quit_response = no lmtp_starttls_timeout = 300s lmtp_tcp_port = 24 lmtp_tls_CAfile = lmtp_tls_CApath = lmtp_tls_block_early_mail_reply = no lmtp_tls_cert_file = lmtp_tls_ciphers = medium lmtp_tls_dcert_file = lmtp_tls_dkey_file = $lmtp_tls_dcert_file lmtp_tls_eccert_file = lmtp_tls_eckey_file = $lmtp_tls_eccert_file lmtp_tls_enforce_peername = yes lmtp_tls_exclude_ciphers = lmtp_tls_fingerprint_cert_match = lmtp_tls_fingerprint_digest = md5 lmtp_tls_force_insecure_host_tlsa_lookup = no lmtp_tls_key_file = $lmtp_tls_cert_file lmtp_tls_loglevel = 0 lmtp_tls_mandatory_ciphers = medium lmtp_tls_mandatory_exclude_ciphers = lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 lmtp_tls_note_starttls_offer = no lmtp_tls_per_site = lmtp_tls_policy_maps = lmtp_tls_protocols = $smtp_tls_protocols lmtp_tls_scert_verifydepth = 9 lmtp_tls_secure_cert_match = nexthop lmtp_tls_security_level = lmtp_tls_session_cache_database = lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = local_delivery_slot_cost = $default_delivery_slot_cost local_delivery_slot_discount = $default_delivery_slot_discount local_delivery_slot_loan = $default_delivery_slot_loan local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit local_destination_concurrency_limit = 2 local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback local_destination_rate_delay = $default_destination_rate_delay local_destination_recipient_limit = 1 local_extra_recipient_limit = $default_extra_recipient_limit local_header_rewrite_clients = permit_inet_interfaces local_initial_destination_concurrency = $initial_destination_concurrency local_minimum_delivery_slots = $default_minimum_delivery_slots local_recipient_limit = $default_recipient_limit local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_recipient_refill_delay = $default_recipient_refill_delay local_recipient_refill_limit = $default_recipient_refill_limit local_transport = local:$myhostname luser_relay = mail_name = Postfix mail_owner = postfix mail_release_date = 20150515 mail_spool_directory = /var/mail mail_version = 2.11.8 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = fcntl, dotlock mailbox_size_limit = 52428800 mailbox_transport = mailbox_transport_maps = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = maps_rbl_reject_code = 554 masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = master_service_disable = max_idle = 100s max_use = 100 maximal_backoff_time = 4000s maximal_queue_lifetime = 3d message_reject_characters = message_size_limit = 52428800 message_strip_characters = milter_command_timeout = 30s milter_connect_macros = j {daemon_name} v milter_connect_timeout = 30s milter_content_timeout = 300s milter_data_macros = i milter_default_action = tempfail milter_end_of_data_macros = i milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enable = no multi_instance_group = multi_instance_name = multi_instance_wrapper = multi_recipient_bounce_reject_code = 550 mydestination = $myhostname localhost.$mydomain localhost mydomain = glasgasperlmair.at myhostname = mail1.glasgasperlmair.at mynetworks = 127.0.0.0/8 [::1]/128 192.168.104.0/23 192.168.103.0/24 mynetworks_style = host myorigin = $mydomain nested_header_checks = $header_checks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 504 non_smtpd_milters = notify_classes = resource, software owner_request_special = yes parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = pickup_service_name = pickup plaintext_reject_code = 450 postmulti_control_commands = reload flush postmulti_start_commands = start postmulti_stop_commands = stop abort drain quick-stop postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_whitelist postscreen_bare_newline_action = drop postscreen_bare_newline_enable = yes postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = drop postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 postscreen_dnsbl_threshold = 2 postscreen_dnsbl_ttl = 1h postscreen_dnsbl_whitelist_threshold = -1 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_upstream_proxy_protocol = postscreen_upstream_proxy_timeout = 5s postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s postscreen_whitelist_interfaces = static:all prepend_delivered_header = command, file, forward process_id = 20233 process_id_directory = pid process_name = postconf propagate_unmatched_extensions = canonical, virtual proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map proxymap_service_name = proxymap proxywrite_service_name = proxywrite qmgr_clog_warn_time = 300s qmgr_daemon_timeout = 1000s qmgr_fudge_factor = 100 qmgr_ipc_timeout = 60s qmgr_message_active_limit = 20000 qmgr_message_recipient_limit = 20000 qmgr_message_recipient_minimum = 10 qmqpd_authorized_clients = qmqpd_client_port_logging = no qmqpd_error_delay = 1s qmqpd_timeout = 300s queue_directory = /var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr rbl_reply_maps = readme_directory = /usr/share/doc/postfix-2.11.3/README_FILES receive_override_options = recipient_bcc_maps = btree:/etc/postfix/recipient_bcc_maps recipient_canonical_classes = envelope_recipient recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps recipient_delimiter = + reject_code = 554 reject_tempfail_action = defer_if_permit relay_clientcerts = relay_delivery_slot_cost = $default_delivery_slot_cost relay_delivery_slot_discount = $default_delivery_slot_discount relay_delivery_slot_loan = $default_delivery_slot_loan relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit relay_destination_concurrency_limit = $default_destination_concurrency_limit relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback relay_destination_rate_delay = $default_destination_rate_delay relay_destination_recipient_limit = $default_destination_recipient_limit relay_domains = btree:/etc/postfix/relay_domains relay_domains_reject_code = 554 relay_extra_recipient_limit = $default_extra_recipient_limit relay_initial_destination_concurrency = $initial_destination_concurrency relay_minimum_delivery_slots = $default_minimum_delivery_slots relay_recipient_limit = $default_recipient_limit relay_recipient_maps = relay_recipient_refill_delay = $default_recipient_refill_delay relay_recipient_refill_limit = $default_recipient_refill_limit relay_transport = relay relayhost = relocated_maps = btree:/etc/postfix/relocated_maps remote_header_rewrite_domain = require_home_directory = no reset_owner_alias = no resolve_dequoted_address = yes resolve_null_domain = no resolve_numeric_domain = no retry_delivery_slot_cost = $default_delivery_slot_cost retry_delivery_slot_discount = $default_delivery_slot_discount retry_delivery_slot_loan = $default_delivery_slot_loan retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit retry_destination_concurrency_limit = $default_destination_concurrency_limit retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback retry_destination_rate_delay = $default_destination_rate_delay retry_destination_recipient_limit = $default_destination_recipient_limit retry_extra_recipient_limit = $default_extra_recipient_limit retry_initial_destination_concurrency = $initial_destination_concurrency retry_minimum_delivery_slots = $default_minimum_delivery_slots retry_recipient_limit = $default_recipient_limit retry_recipient_refill_delay = $default_recipient_refill_delay retry_recipient_refill_limit = $default_recipient_refill_limit rewrite_service_name = rewrite sample_directory = /usr/share/doc/postfix-2.11.3/samples send_cyrus_sasl_authzid = no sender_bcc_maps = btree:/etc/postfix/sender_bcc_maps sender_canonical_classes = envelope_sender sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps sender_dependent_default_transport_maps = sender_dependent_relayhost_maps = sendmail_fix_line_endings = always sendmail_path = /usr/sbin/sendmail.postfix service_throttle_time = 60s setgid_group = postdrop show_user_unknown_table_name = no showq_service_name = showq smtp_address_preference = any smtp_always_send_ehlo = yes smtp_bind_address = smtp_bind_address6 = smtp_body_checks = smtp_cname_overrides_servername = no smtp_connect_timeout = 30s smtp_connection_cache_destinations = smtp_connection_cache_on_demand = yes smtp_connection_cache_time_limit = 2s smtp_connection_reuse_count_limit = 0 smtp_connection_reuse_time_limit = 300s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_defer_if_no_mx_address_found = no smtp_delivery_slot_cost = $default_delivery_slot_cost smtp_delivery_slot_discount = $default_delivery_slot_discount smtp_delivery_slot_loan = $default_delivery_slot_loan smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit smtp_destination_concurrency_limit = $default_destination_concurrency_limit smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback smtp_destination_rate_delay = 150s smtp_destination_recipient_limit = $default_destination_recipient_limit smtp_discard_ehlo_keyword_address_maps = smtp_discard_ehlo_keywords = smtp_dns_resolver_options = smtp_dns_support_level = smtp_enforce_tls = no smtp_extra_recipient_limit = $default_extra_recipient_limit smtp_fallback_relay = $fallback_relay smtp_generic_maps = btree:/etc/postfix/smtp_generic_maps smtp_header_checks = smtp_helo_name = $myhostname smtp_helo_timeout = 300s smtp_host_lookup = dns smtp_initial_destination_concurrency = $initial_destination_concurrency smtp_line_length_limit = 998 smtp_mail_timeout = 300s smtp_mime_header_checks = smtp_minimum_delivery_slots = $default_minimum_delivery_slots smtp_mx_address_limit = 5 smtp_mx_session_limit = 2 smtp_nested_header_checks = smtp_never_send_ehlo = no smtp_per_record_deadline = no smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_maps = smtp_pix_workaround_threshold_time = 500s smtp_pix_workarounds = disable_esmtp,delay_dotcrlf smtp_quit_timeout = 300s smtp_quote_rfc821_envelope = yes smtp_randomize_addresses = yes smtp_rcpt_timeout = 300s smtp_recipient_limit = $default_recipient_limit smtp_recipient_refill_delay = $default_recipient_refill_delay smtp_recipient_refill_limit = $default_recipient_refill_limit smtp_reply_filter = smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus smtp_send_dummy_mail_auth = no smtp_send_xforward_command = no smtp_sender_dependent_authentication = no smtp_skip_5xx_greeting = yes smtp_skip_quit_response = yes smtp_starttls_timeout = 300s smtp_tls_CAfile = smtp_tls_CApath = smtp_tls_block_early_mail_reply = no smtp_tls_cert_file = $smtpd_tls_cert_file smtp_tls_ciphers = medium smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = smtp_tls_eckey_file = $smtp_tls_eccert_file smtp_tls_enforce_peername = yes smtp_tls_exclude_ciphers = aNULL eNULL EXPORT DES 3DES RC4 MD5 PSK aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5 CBC3-SHA AES128-SHA DHE-RSA-AES128-SHA AES256-SHA DHE-RSA-AES256-SHA CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA smtp_tls_fingerprint_cert_match = smtp_tls_fingerprint_digest = md5 smtp_tls_force_insecure_host_tlsa_lookup = no smtp_tls_key_file = $smtpd_tls_key_file smtp_tls_loglevel = 1 smtp_tls_mandatory_ciphers = medium smtp_tls_mandatory_exclude_ciphers = smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_note_starttls_offer = no smtp_tls_per_site = smtp_tls_policy_maps = smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_scert_verifydepth = 9 smtp_tls_secure_cert_match = nexthop, dot-nexthop smtp_tls_security_level = may smtp_tls_session_cache_database = smtp_tls_session_cache_timeout = 3600s smtp_tls_trust_anchor_file = smtp_tls_verify_cert_match = hostname smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_connection_count_limit = 20 smtpd_client_connection_rate_limit = 20 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_client_message_rate_limit = 50 smtpd_client_new_tls_session_rate_limit = 0 smtpd_client_port_logging = no smtpd_client_recipient_rate_limit = 50 smtpd_client_restrictions = smtpd_command_filter = smtpd_data_restrictions = smtpd_delay_open_until_valid_rcpt = yes smtpd_delay_reject = yes smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access smtpd_discard_ehlo_keywords = smtpd_end_of_data_restrictions = smtpd_enforce_tls = no smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ smtpd_forbidden_commands = CONNECT GET POST smtpd_hard_error_limit = ${stress?1}${stress:20} smtpd_helo_required = no smtpd_helo_restrictions = smtpd_history_flush_threshold = 100 smtpd_junk_command_limit = ${stress?1}${stress:100} smtpd_log_access_permit_actions = smtpd_milters = smtpd_noop_commands = smtpd_null_access_lookup_key = <> smtpd_peername_lookup = yes smtpd_per_record_deadline = ${stress?yes}${stress:no} smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s smtpd_policy_service_timeout = 100s smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_options = smtpd_proxy_timeout = 100s smtpd_recipient_limit = 1000 smtpd_recipient_overshoot_limit = 1000 smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/access_recipient-rfc check_client_access cidr:/etc/postfix/access_client check_helo_access btree:/etc/postfix/access_helo check_recipient_access btree:/etc/postfix/access_recipient permit_sasl_authenticated permit_mynetworks check_sender_access btree:/etc/postfix/access_sender reject_rbl_client zen.spamhaus.org reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client bl.spamcop.net reject_unverified_recipient reject_unauth_destination permit smtpd_reject_footer = smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = no smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination smtpd_restriction_classes = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_service = smtp smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = smtpd_sender_restrictions = smtpd_service_name = smtpd smtpd_soft_error_limit = 10 smtpd_starttls_timeout = ${stress?10}${stress:300}s smtpd_timeout = ${stress?10}${stress:300}s smtpd_tls_CAfile = smtpd_tls_CApath = smtpd_tls_always_issue_session_ids = yes smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = no smtpd_tls_ccert_verifydepth = 9 smtpd_tls_cert_file = /etc/pki/postfix/certs/mail1.glasgasperlmair.at.crt smtpd_tls_ciphers = medium smtpd_tls_dcert_file = smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_512.pem smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_eccert_file = smtpd_tls_eckey_file = $smtpd_tls_eccert_file smtpd_tls_eecdh_grade = ultra smtpd_tls_exclude_ciphers = aNULL eNULL EXPORT DES 3DES RC4 MD5 PSK aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5 CBC3-SHA smtpd_tls_fingerprint_digest = md5 smtpd_tls_key_file = /etc/pki/postfix/private/mail1.glasgasperlmair.at.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_exclude_ciphers = smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_security_level = may smtpd_tls_session_cache_database = smtpd_tls_session_cache_timeout = 3600s smtpd_tls_wrappermode = no smtpd_upstream_proxy_protocol = smtpd_upstream_proxy_timeout = 5s smtpd_use_tls = no soft_bounce = no stale_lock_time = 500s stress = strict_7bit_headers = no strict_8bitmime = no strict_8bitmime_body = no strict_mailbox_ownership = yes strict_mime_encoding_domain = no strict_rfc821_envelopes = no sun_mailtool_compatibility = no swap_bangpath = yes syslog_facility = mail syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} tcp_windowsize = 0 tls_append_default_CA = no tls_daemon_random_bytes = 32 tls_dane_digest_agility = on tls_dane_digests = sha512 sha256 tls_dane_trust_anchor_digest_enable = yes tls_disable_workarounds = tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH tls_legacy_public_key_fingerprints = no tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = yes tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom tls_ssl_options = tls_wildcard_matches_multiple_labels = yes tlsmgr_service_name = tlsmgr tlsproxy_enforce_tls = $smtpd_enforce_tls tlsproxy_service_name = tlsproxy tlsproxy_tls_CAfile = $smtpd_tls_CAfile tlsproxy_tls_CApath = $smtpd_tls_CApath tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth tlsproxy_tls_cert_file = $smtpd_tls_cert_file tlsproxy_tls_ciphers = $smtpd_tls_ciphers tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest tlsproxy_tls_key_file = $smtpd_tls_key_file tlsproxy_tls_loglevel = $smtpd_tls_loglevel tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert tlsproxy_tls_security_level = $smtpd_tls_security_level tlsproxy_use_tls = $smtpd_use_tls tlsproxy_watchdog_timeout = 10s trace_service_name = trace transport_maps = btree:/etc/postfix/transport_maps, $relay_domains transport_retry_time = 60s trigger_timeout = 10s undisclosed_recipients_header = unknown_address_reject_code = 450 unknown_address_tempfail_action = $reject_tempfail_action unknown_client_reject_code = 450 unknown_helo_hostname_tempfail_action = $reject_tempfail_action unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_defer_code = 450 unverified_recipient_reject_code = 450 unverified_recipient_reject_reason = Recipient address lookup failed unverified_recipient_tempfail_action = $reject_tempfail_action unverified_sender_defer_code = 450 unverified_sender_reject_code = 450 unverified_sender_reject_reason = Sender address lookup failed unverified_sender_tempfail_action = $reject_tempfail_action verp_delimiter_filter = -=+ virtual_alias_domains = $virtual_alias_maps virtual_alias_expansion_limit = 1000 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf virtual_alias_recursion_limit = 1000 virtual_delivery_slot_cost = $default_delivery_slot_cost virtual_delivery_slot_discount = $default_delivery_slot_discount virtual_delivery_slot_loan = $default_delivery_slot_loan virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit virtual_destination_concurrency_limit = $default_destination_concurrency_limit virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback virtual_destination_rate_delay = $default_destination_rate_delay virtual_destination_recipient_limit = $default_destination_recipient_limit virtual_extra_recipient_limit = $default_extra_recipient_limit virtual_gid_maps = virtual_initial_destination_concurrency = $initial_destination_concurrency virtual_mailbox_base = virtual_mailbox_domains = $virtual_mailbox_maps virtual_mailbox_limit = 51200000 virtual_mailbox_lock = fcntl, dotlock virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_minimum_delivery_slots = $default_minimum_delivery_slots virtual_minimum_uid = 100 virtual_recipient_limit = $default_recipient_limit virtual_recipient_refill_delay = $default_recipient_refill_delay virtual_recipient_refill_limit = $default_recipient_refill_limit virtual_transport = lmtp:[127.0.0.1]:24 virtual_uid_maps = vg, Andi

2 1

Email an sender_bcc_maps und recipient_bcc_maps werden doppelt zugestellt
by Andreas Wass - Glas Gasperlmair 04 Dec '16

04 Dec '16

Hallo! Habe folgende Maps in meiner main.cf definiert, um jede eingehende und ausgehende Mail in Archiven zu haben main.cf: recipient_bcc_maps = btree:/etc/postfix/recipient_bcc_maps sender_bcc_maps = btree:/etc/postfix/sender_bcc_maps Inhalt von /etc/postfix/sender_bcc_maps: @meinedomain.at archiv2016ausgang(a)meinedomain.at Inhalt von /etc/postfix/recipient_bcc_maps: @meinedomain.at archiv2016eingang(a)meinedomain.at postmap natürlich ausgeführt Problem: Email landen immer doppelt in den Postfächern von archiv2016eingang(a)meinedomain.at und archiv2016ausgang(a)meinedomain.at Dieses Verhalten konnte ich auf unserem alten Mailserver nicht feststellen, obwohl das Ganze auch so konfiguriert war. Was kann ich dagegen tun? vg, Andi

3 3

GMX
by Joachim Fahrner 21 Nov '16

21 Nov '16

Hallo, hat hier jemand Erfahrung mit GMX? Eine Bekannte hat dort ihr Mailpostfach, und Mails von ihr werden immer wieder mal geblockt weil GMX es wieder auf eine Blacklist geschafft hat. Beispiel: Oct 25 19:19:39 s3 postfix/postscreen[31947]: NOQUEUE: reject: RCPT from [212.227.17.21]:51793: 550 5.7.1 Service unavailable; client [212.227.17. 21] blocked using spam.dnsbl.sorbs.net; from=<....(a)gmx.de>, to=<....(a)fahrner.name>, proto=ESMTP, helo=<mout.gmx.net> Problem: Sie bekommt darüber keine Info, dass die Mail nicht zustellbar war. Ist das ein Bug bei GMX? -- Mit besten Grüßen Joachim Fahrner PGP-Key: http://www.fahrner.name/JoachimFahrner.asc --------------------------------------------------- Es gibt keine Cloud. Es ist nur der Computer eines Anderen.

5 6

Login Options
by Matthias Schmidt 20 Nov '16

20 Nov '16

Hallo, das IC-Plugin der 4D Datenbank zum Verschicken von Mails macht mir grad ein kleines Problem. Sobald ich in Postfix “plain” deaktiviere, bekomm ich beim Mail schicken einen Timeout, obwohl das Mail ordentlich zugestellt wird. d.h. das Plugin bekommt die Antwort von Postfix in dem Fall nicht mit. Der Login beim [ssl-] Versand läuft über cram-md5 (und nicht plain). In den Logs ist auch nichts ersichtlich, dass hier irgendein Login per Plain stattfinden würde. Der Hersteller behauptet jetzt, es liege an meiner Postfix Konfiguration. Ich hab da zwar meine Zweifel, aber vielleicht hat ja jemand ne Idee und ich überseh irgendwas. Danke Matthias

1 0

ANN: Syntax Highlighting for Postfix
by Patrick Ben Koetter 15 Nov '16

15 Nov '16

Die meisten Distributionen liefern vim mit Syntax Highlighting für Postfix aus. Aber die syntax-Datei ist veraltet und sie deckt z.B. LDAP nicht ab. Wer es lieber aktuell und passend zu aktuell installierten Version hat, der mag sich //github.com/sys4/vim-postfix ansehen. Christian (Rößner) hat zwei Skripte gebaut, die syntax-Dateien für die main.cf und master.cf erstellen. Im README steht, wie ihr die installieren könnt. Hat bei mir auf Anhieb geklappt. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein

1 1

E-Mails an bestimmte Domain in Quarantäne
by Alexander Vowinkel 11 Nov '16

11 Nov '16

Hallo, ich habe das Problem, dass mein Server von hotmail-Servern gesperrt wurde, weil zu viele Mails an nicht-existente Adressen verschickt worden sind. Ich möchte deshalb vorerst alle E-Mails, die an @hotmail.*, etc. geschickt werden sollen in Quarantäne legen. Was Für Möglichkeiten habe ich da? Besten Dank, Alexander

2 2

amavisd blockiert definierten Anhänge nicht
by Andreas Wass - Glas Gasperlmair 10 Nov '16

10 Nov '16

Hallo Postfix und amavisd Profis! Amavisd blockiert die definierten Anhänge nicht, obwohl diese definiert und in den Policies AM.PDP-SOCK und MYSUBMITTERS lt. maillog ja auch richtig angesprochen werden. Woran kann das liegen? Anbei meine Policies in der amavisd.conf und anschl. die beiden Auszüge aus dem Maillog: *Policy für MTA zu MTA* $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, }; * * *Policy für Submission *$policy_bank{'MYSUBMITTERS'} = { originating => 1, banned_filename_maps => ['DEFAULT'], warnbadhsender => 1, notify_method => 'smtp:[127.0.0.1]:10025', forward_method => 'smtp:[127.0.0.1]:10025', }; *Meine Definitionen* %banned_rules = ( 'NO-MS-EXEC'=> new_RE( qr'^\.(exe-ms)$' ), 'PASSALL' => new_RE( [qr'^' => 0] ), 'ALLOW_EXE' => new_RE( qr'.\.(vbs|pif|scr|bat)$'i, [qr'^\.exe$' => 0] ), 'ALLOW_VBS' => new_RE( [qr'.\.vbs$' => 0] ), 'NO-VIDEO' => new_RE( qr'^\.movie$', qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ), 'NO-MOVIES' => new_RE( qr'^\.movie$', qr'.\.(mpg|avi|mov)$'i, ), 'MYNETS-DEFAULT' => new_RE( [ qr'^\.(rpm|cpio|tar)$' => 0 ], qr'.\.(zip|vbs|pif|scr)$'i, ), 'DEFAULT' => $banned_filename_re, ); $banned_filename_re = new_RE( # banned file(1) types, rudimentary qr'^\.(exe-ms|dll)$', # allow any in Unix-type archives [ qr'^\.(rpm|cpio|tar)$' => 0 ], # banned extensions - rudimentary qr'.\.(pif|scr)$'i, # block these MIME types qr'^application/x-msdownload$'i, qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, # banned extension - basic+cmd qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, qr'.\.(zip)$'i, ); * Gesendet über Submission port * Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: connect from unknown[89.26.12.241] Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: Anonymous TLS connection established from unknown[89.26.12.241]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Nov 10 10:45:19 mail postfix/submission/smtpd[2771]: D7B26209B6: client=unknown[89.26.12.241], sasl_method=PLAIN, sasl_username=andi(a)wassa.at Nov 10 10:45:19 mail postfix/cleanup[2784]: D7B26209B6: message-id=<582441AF.90905(a)wassa.at> Nov 10 10:45:20 mail amavis[2769]: (02769-01) Checking: 1TlSqvTJaKWJ AM.PDP-SOCK/MYSUBMITTERS [89.26.12.241] <andi(a)wassa.at> -> <andi(a)wassa.at> Nov 10 10:45:20 mail amavis[2769]: (02769-01) p003 1 Content-Type: multipart/mixed Nov 10 10:45:20 mail amavis[2769]: (02769-01) p001 1/1 Content-Type: text/plain, size: 1 B, name: Nov 10 10:45:20 mail amavis[2769]: (02769-01) p002 1/2 Content-Type: application/octet-stream, size: 38912 B, name: *AdapterTroubleshooter.exe* Nov 10 10:45:20 mail amavis[2769]: (02769-01) spam-tag, <andi(a)wassa.at> -> <andi(a)wassa.at>, No, score=-1 tagged_above=-1000 required=6.31 tests=[ALL_TRUSTED=-1] autolearn=ham autolearn_force=no Nov 10 10:45:20 mail amavis[2769]: (02769-01) Passed CLEAN {AcceptedInternal}, *AM.PDP-SOCK/MYSUBMITTERS* LOCAL [89.26.12.241] [89.26.12.241] <andi(a)wassa.at> -> <andi(a)wassa.at>, Queue-ID: D7B26209B6, Message-ID: <582441AF.90905(a)wassa.at>, mail_id: 1TlSqvTJaKWJ, Hits: -1, size: 54336, 694 ms Nov 10 10:45:20 mail amavis[2769]: (02769-01) TIMING-SA total 570 ms - parse: 5 (0.9%), extract_message_metadata: 9 (1.5%), get_uri_detail_list: 0.25 (0.0%), tests_pri_-1000: 9 (1.6%), tests_pri_-950: 2.5 (0.4%), tests_pri_-900: 1.69 (0.3%), tests_pri_-400: 1.27 (0.2%), tests_pri_0: 454 (79.7%), check_dkim_signature: 2.5 (0.4%), check_dkim_adsp: 7 (1.2%), check_spf: 0.49 (0.1%), check_razor2: 400 (70.3%), check_pyzor: 0.21 (0.0%), tests_pri_500: 3.4 (0.6%), learn: 57 (10.1%), b_learn: 55 (9.7%), b_count_change: 6 (1.1%), get_report: 0.45 (0.1%) Nov 10 10:45:20 mail amavis[2769]: (02769-01) size: 54336, TIMING [total 702 ms] - got data: 0.0 (0%)0, check_init: 5 (1%)1, digest_hdr: 1.1 (0%)1, digest_body: 0.8 (0%)1, collect_info: 3.4 (0%)1, mkdir parts: 22 (3%)5, mime_decode: 20 (3%)7, get-file-type2: 13 (2%)9, decompose_part: 15 (2%)12, parts_decode: 0.1 (0%)12, check_header: 0.7 (0%)12, AV-scan-1: 27 (4%)15, spam-wb-list: 1.3 (0%)16, SA msg read: 0.8 (0%)16, SA parse: 6 (1%)17, SA check: 563 (80%)97, decide_mail_destiny: 3.9 (1%)97, notif-quar: 0.6 (0%)97, prepare-dsn: 3.8 (1%)98, report: 1.6 (0%)98, main_log_entry: 5 (1%)99, update_snmp: 6 (1%)100, rundown: 1.3 (0%)100 Nov 10 10:45:20 mail postfix/qmgr[1102]: D7B26209B6: from=<andi(a)wassa.at>, size=54430, nrcpt=1 (queue active) Nov 10 10:45:20 mail dovecot: lmtp(2790): Connect from 127.0.0.1 Nov 10 10:45:20 mail postfix/submission/smtpd[2771]: disconnect from unknown[89.26.12.241] Nov 10 10:45:21 mail dovecot: lmtp(andi(a)wassa.at): 9+MNNrBBJFjmCgAAu6NIgg: msgid=<582441AF.90905(a)wassa.at>: saved mail to INBOX Nov 10 10:45:21 mail postfix/lmtp[2789]: D7B26209B6: to=<andi(a)wassa.at>, relay=127.0.0.1[127.0.0.1]:24, delay=1.3, delays=1/0.01/0.01/0.23, dsn=2.0.0, status=sent (250 2.0.0 <andi(a)wassa.at> 9+MNNrBBJFjmCgAAu6NIgg Saved) Nov 10 10:45:21 mail dovecot: lmtp(2790): Disconnect from 127.0.0.1: Successful quit Nov 10 10:45:21 mail postfix/qmgr[1102]: D7B26209B6: removed *Gesendet von MTA ZU MTA* Nov 10 10:46:08 mail postfix/postscreen[2791]: CONNECT from [89.26.12.242]:39271 to [172.31.1.100]:25 Nov 10 10:46:08 mail postfix/postscreen[2791]: PASS OLD [89.26.12.242]:39271 Nov 10 10:46:09 mail postfix/smtpd[2795]: connect from mail1.glasgasperlmair.at[89.26.12.242] Nov 10 10:46:09 mail postfix/smtpd[2795]: 42FD0209BB: client=mail1.glasgasperlmair.at[89.26.12.242] Nov 10 10:46:09 mail postfix/cleanup[2784]: 42FD0209BB: resent-message-id=<mm_8McFZG0iK-ai4up9dD03fx(a)mail1.glasgasperlmair.at> Nov 10 10:46:09 mail postfix/cleanup[2784]: 42FD0209BB: message-id=<582441CE.2020806(a)glas-gasperlmair.at> Nov 10 10:46:09 mail amavis[2770]: (02770-01) Checking: Xb0YiIeoenTQ AM.PDP-SOCK [89.26.12.242] <a.wass(a)glas-gasperlmair.at> -> <andi(a)wassa.at> Nov 10 10:46:09 mail amavis[2770]: (02770-01) p004 1 Content-Type: multipart/mixed Nov 10 10:46:09 mail amavis[2770]: (02770-01) p005 1/1 Content-Type: multipart/alternative Nov 10 10:46:09 mail amavis[2770]: (02770-01) p001 1/1/1 Content-Type: text/plain, size: 265 B, name: Nov 10 10:46:09 mail amavis[2770]: (02770-01) p002 1/1/2 Content-Type: text/html, size: 622 B, name: Nov 10 10:46:09 mail amavis[2770]: (02770-01) p003 1/2 Content-Type: application/octet-stream, size: 38912 B, name: *AdapterTroubleshooter.exe* Nov 10 10:46:10 mail amavis[2770]: (02770-01) spam-tag, <a.wass(a)glas-gasperlmair.at> -> <andi(a)wassa.at>, No, score=0.001 tagged_above=-1000 required=6.31 tests=[HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no Nov 10 10:46:10 mail amavis[2770]: (02770-01) Passed CLEAN {AcceptedInbound}, *AM.PDP-SOCK* [89.26.12.242] [89.26.12.242] <a.wass(a)glas-gasperlmair.at> -> <andi(a)wassa.at>, Queue-ID: 42FD0209BB, Message-ID: <582441CE.2020806(a)glas-gasperlmair.at>, Resent-Message-ID: <mm_8McFZG0iK-ai4up9dD03fx(a)mail1.glasgasperlmair.at>, mail_id: Xb0YiIeoenTQ, Hits: 0.001, size: 56550, 889 ms Nov 10 10:46:10 mail amavis[2770]: (02770-01) TIMING-SA total 751 ms - parse: 3.5 (0.5%), extract_message_metadata: 33 (4.4%), get_uri_detail_list: 2.4 (0.3%), tests_pri_-1000: 31 (4.1%), tests_pri_-950: 1.20 (0.2%), tests_pri_-900: 1.32 (0.2%), tests_pri_-400: 0.97 (0.1%), tests_pri_0: 573 (76.3%), check_dkim_signature: 3.3 (0.4%), check_dkim_adsp: 6 (0.8%), check_spf: 13 (1.8%), poll_dns_idle: 0.98 (0.1%), check_razor2: 457 (60.9%), check_pyzor: 0.76 (0.1%), tests_pri_500: 6 (0.8%), learn: 80 (10.7%), b_learn: 76 (10.1%), b_count_change: 20 (2.7%), get_report: 0.41 (0.1%) Nov 10 10:46:10 mail amavis[2770]: (02770-01) size: 56550, TIMING [total 894 ms] - got data: 0.0 (0%)0, check_init: 4.6 (1%)1, digest_hdr: 1.3 (0%)1, digest_body: 0.7 (0%)1, collect_info: 7 (1%)2, mkdir parts: 1.6 (0%)2, mime_decode: 33 (4%)5, get-file-type3: 32 (4%)9, decompose_part: 16 (2%)11, parts_decode: 0.1 (0%)11, check_header: 0.8 (0%)11, AV-scan-1: 26 (3%)14, spam-wb-list: 1.2 (0%)14, SA msg read: 0.6 (0%)14, SA parse: 4.3 (0%)14, SA check: 745 (83%)98, decide_mail_destiny: 3.9 (0%)98, notif-quar: 0.5 (0%)98, prepare-dsn: 3.3 (0%)99, report: 1.7 (0%)99, main_log_entry: 5 (1%)99, update_snmp: 3.5 (0%)100, rundown: 1.4 (0%)100 Nov 10 10:46:10 mail postfix/qmgr[1102]: 42FD0209BB: from=<a.wass(a)glas-gasperlmair.at>, size=56578, nrcpt=1 (queue active) Nov 10 10:46:10 mail postfix/smtpd[2795]: disconnect from mail1.glasgasperlmair.at[89.26.12.242] Nov 10 10:46:10 mail dovecot: lmtp(2790): Connect from 127.0.0.1 Nov 10 10:46:10 mail dovecot: lmtp(andi(a)wassa.at): AQyGE+JBJFjmCgAAu6NIgg: msgid=<582441CE.2020806(a)glas-gasperlmair.at>: saved mail to INBOX Nov 10 10:46:10 mail postfix/lmtp[2789]: 42FD0209BB: to=<andi(a)wassa.at>, relay=127.0.0.1[127.0.0.1]:24, delay=1.3, delays=1.2/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 <andi(a)wassa.at> AQyGE+JBJFjmCgAAu6NIgg Saved) Nov 10 10:46:10 mail dovecot: lmtp(2790): Disconnect from 127.0.0.1: Successful quit Nov 10 10:46:10 mail postfix/qmgr[1102]: 42FD0209BB: removed

2 4

amavisd mit individuellen Einstellungen
by Andreas Wass - Glas Gasperlmair 09 Nov '16

09 Nov '16

Hallo Leute! So, die Einbindung von amavisd mit amavisd-milter habe ich geschafft, allerdings habe ich jetzt noch einige Fragen bezüglich individueller Einstellungen: ich betreibe das Ganze folgendermaßen: MTA zu MTA Verkehr: port 25 # MILTER Policy für MTA zu MTA Traffic $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', #notify_method => 'smtp:127.0.0.1:10025', auth_required_release => 0, }; MUA zu MTA Verkehr: submission port 587 $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], #bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; Ziel: MTA zu MTA Verkehr: Absender soll benachrichtigt werden, wenn unerwünschter Content (exe usw) angeliefert wird - funktioniert ja bereits Absender soll jedoch NICHT benachrichtigt werden, wenn wir z.B. wieder schnell mal alle zip Dateien blocken müssen. Diese sollen aber (wie auch jetzt schon) in Quarantäne landen um diese bei Bedarf zu releasen. MUA zu MTA Verkehr: zip dateien generell ohne Benachrichtigungen zulassen. Sonstige Malware natürlich blocken oder in Quarantäne lässt sich das realisieren? vg, Andi

1 1

Postfix und amavisd per amavisd-milter
by Andreas Wass - Glas Gasperlmair 09 Nov '16

09 Nov '16

Hallo Postfix-Profis! Ich brauch wieder mal eure Hilfe bei amavisd per amavisd-milter. Ich bin gerade dabei einen All-in-One-Mailserver lt. https://dokuwiki.nausch.org/doku.php/centos:mail_c7:start zu konfigurieren. Ich habe auch das mailguru repo eingebunden (wg. amavisd-milter usw.) MTA zu MTA über Port 25 mit amavisd funktioniert MUA zu MTA über submission port 587 ohne amavisd funktioniert auch Aber Sobald ich amavisd per amavisd-milter einbinde, scheitert das Ganze und ich komme einfach nicht dahinter, woran es liegt. Ihr seht sicher sofort, wo der/die Fehler liegen. Vielen Dank im Voraus. vg, Andi Test von fremden MTA zu meinem MTA funktioniert: Auszug aus maillog: Nov 8 11:44:02 mail postfix/postscreen[23037]: CONNECT from [89.26.12.242]:55315 to [172.31.1.100]:25 Nov 8 11:44:02 mail postfix/postscreen[23037]: PASS OLD [89.26.12.242]:55315 Nov 8 11:44:02 mail postfix/smtpd[23038]: connect from mail1.glasgasperlmair.at[89.26.12.242] Nov 8 11:44:02 mail postfix/smtpd[23038]: 7D0EC208EC: client=mail1.glasgasperlmair.at[89.26.12.242] Nov 8 11:44:02 mail postfix/cleanup[23048]: 7D0EC208EC: message-id=<5821AC6F.30309(a)glas-gasperlmair.at> Nov 8 11:44:02 mail amavis[22995]: (22995-02) Checking: qNoKsxTWQPpG AM.PDP-SOCK [89.26.12.242] <a.wass(a)glas-gasperlmair.at> -> <andi(a)wassa.at> Nov 8 11:44:03 mail amavis[22995]: (22995-02) Passed CLEAN {AcceptedInbound}, AM.PDP-SOCK [89.26.12.242] [89.26.12.242] <a.wass(a)glas-gasperlmair.at> -> <andi(a)wassa.at>, Queue-ID: 7D0EC208EC, Message-ID: <5821AC6F.30309(a)glas-gasperlmair.at>, mail_id: qNoKsxTWQPpG, Hits: 0.001, size: 2512, 770 ms Nov 8 11:44:03 mail postfix/qmgr[22911]: 7D0EC208EC: from=<a.wass(a)glas-gasperlmair.at>, size=2538, nrcpt=1 (queue active) Nov 8 11:44:03 mail postfix/smtpd[23038]: disconnect from mail1.glasgasperlmair.at[89.26.12.242] Nov 8 11:44:03 mail dovecot: lmtp(23052): Connect from 127.0.0.1 Nov 8 11:44:03 mail dovecot: lmtp(andi(a)wassa.at): 60mlH3OsIVgMWgAAu6NIgg: msgid=<5821AC6F.30309(a)glas-gasperlmair.at>: saved mail to INBOX Nov 8 11:44:03 mail dovecot: lmtp(23052): Disconnect from 127.0.0.1: Successful quit Nov 8 11:44:03 mail postfix/lmtp[23051]: 7D0EC208EC: to=<andi(a)wassa.at>, relay=127.0.0.1[127.0.0.1]:24, delay=1.7, delays=1.2/0.02/0.09/0.37, dsn=2.0.0, status=sent (250 2.0.0 <andi(a)wassa.at> 60mlH3OsIVgMWgAAu6NIgg Saved) Nov 8 11:44:03 mail postfix/qmgr[22911]: 7D0EC208EC: removed Test mit Thunderbird über port 587 funktioniert nicht Auszug aus maillog: Nov 8 11:40:27 mail postfix/submission/smtpd[23001]: connect from unknown[89.26.12.241] Nov 8 11:40:27 mail postfix/submission/smtpd[23001]: Anonymous TLS connection established from unknown[89.26.12.241]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Nov 8 11:40:27 mail postfix/submission/smtpd[23001]: BC58A208E3: client=unknown[89.26.12.241], sasl_method=PLAIN, sasl_username=andi(a)wassa.at Nov 8 11:40:27 mail postfix/cleanup[23014]: BC58A208E3: message-id=<5821AB9A.4040706(a)wassa.at> Nov 8 11:40:27 mail postfix/qmgr[22911]: BC58A208E3: from=<andi(a)wassa.at>, size=692, nrcpt=1 (queue active) Nov 8 11:40:27 mail amavis[22995]: (22995-01) ESMTP [127.0.0.1]:10024 /var/spool/amavisd/tmp/amavis-20161108T114027-22995-9FDAxjys: <andi(a)wassa.at> -> <a.wass(a)glas-gasperlmair.at> Received: from mail.wassa.at ([127.0.0.1]) by localhost (mail.wassa.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <a.wass(a)glas-gasperlmair.at>; Tue, 8 Nov 2016 11:40:27 +0100 (CET) Nov 8 11:40:27 mail postfix/submission/smtpd[23001]: disconnect from unknown[89.26.12.241] Nov 8 11:40:27 mail amavis[22995]: (22995-01) Checking: 9pw322ZKDeoc ORIGINATING [127.0.0.1] <andi(a)wassa.at> -> <a.wass(a)glas-gasperlmair.at> Nov 8 11:40:28 mail amavis[22995]: (22995-01) (!)connect to [127.0.0.1]:10025 failed, attempt #1: Can't connect to socket [127.0.0.1]:10025 using module IO::Socket::IP: Connection refused Nov 8 11:40:28 mail amavis[22995]: (22995-01) (!)9pw322ZKDeoc FWD from <andi(a)wassa.at> -> <a.wass(a)glas-gasperlmair.at>, 451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:[127.0.0.1]:10025): id=22995-01 Nov 8 11:40:28 mail amavis[22995]: (22995-01) Blocked MTA-BLOCKED {TempFailedOutbound}, ORIGINATING LOCAL [127.0.0.1] [89.26.12.241] <andi(a)wassa.at> -> <a.wass(a)glas-gasperlmair.at>, Message-ID: <5821AB9A.4040706(a)wassa.at>, mail_id: 9pw322ZKDeoc, Hits: -0.999, size: 692, 597 ms Nov 8 11:40:28 mail postfix/smtp[23015]: BC58A208E3: to=<a.wass(a)glas-gasperlmair.at>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.8, delays=0.17/0.02/0.02/0.59, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=22995-01 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:[127.0.0.1]:10025): id=22995-01 (in reply to end of DATA command)) Meine Konfigurationen: ##################################################################### /etc/amavisd/amavisd-milter.conf AMAVIS_USER=amavis WORKING_DIRECTORY=/var/spool/amavisd/tmp SOCKET=inet:10010@127.0.0.1 AMAVISD_SOCKET=/var/spool/amavisd/amavisd.sock MAX_CONNECTIONS=5 MAX_WAIT=300 MAILDAEMON_TIMEOUT=600 AMAVISD_TIMEOUT=600 ##################################################################### /etc/postfix/master.cf smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd -o smtpd_sasl_auth_enable=no # Django : 2014-11-29 amavisd-milter eingebunden -o smtpd_milters=${amavisd_milter} dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=smtp:127.0.0.1:10024 ############################################################################# /etc/postfix/main.cf amavisd_milter = inet:127.0.0.1:10010 ############################################################################### /etc/amavisd/amavisd.conf use strict; ################################################################################ # # # Django : 2014-11-15 - Musterkonfiguration AMaViS 2.9 unter CentOS 7 # # # ################################################################################ # Eine Aufstellung aller möglichen Variablen findet man in der Datei # /usr/share/doc/amavisd-new-2.9.1/amavisd.conf-default aus dem RPM. Auf der # Webseite http://www.ijs.si/software/amavisd/amavisd-new-docs.html findet # man darüber hinaus noch viele erklärungen und Konfigurationsbeispiele ################################################################################ ## PFADANGABEN DER LOKALEN INSTALLATION # # Pfadangaben zu den Programmen und Tools $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # Arbeitsverzeichnisses von AMaViS $MYHOME = '/var/spool/amavisd'; # Verzeichnis für temporäre Daten #$TEMPBASE = '$MYHOME/tmp'; $TEMPBASE = "$MYHOME/tmp"; # Enviroment Variable TMPDIR, wird unter anderem von Spamassassion verwendet $ENV{TMPDIR} = $TEMPBASE; # Keine Quarantäne -> kein Quarantäneverzeichnis notwendig $QUARANTINEDIR = undef; # Verzeichnisses für die Berkeley-Datenbank Dateien nanny/cache/snmp $db_home = "$MYHOME/db"; # Pfade zur PID- und LOCK-Datei $lock_file = "/var/run/amavisd/amavisd.lock"; $pid_file = "/var/run/amavisd/amavisd.pid"; # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # 'user1(a)example.com' => [{'bla-mobile.press(a)example.com' => 10.0}], # 'user3(a)example.com' => [{'.ebay.com' => -3.0}], # 'user4(a)example.com' => [{'cleargreen(a)cleargreen.com' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), # read_hash("/var/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody(a)cert.org' => -3.0, 'cert-advisory(a)us-cert.gov' => -3.0, 'owner-alert(a)iss.net' => -3.0, 'slashdot(a)slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq(a)listserv.ntbugtraq.com' => -3.0, 'security-alerts(a)linuxsecurity.com' => -3.0, 'mailman-announce-admin(a)python.org' => -3.0, 'amavis-user-admin(a)lists.sourceforge.net' => -3.0, 'amavis-user-bounces(a)lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return(a)lists.sophos.com' => -3.0, 'owner-postfix-users(a)postfix.org' => -3.0, 'owner-postfix-announce(a)postfix.org' => -3.0, 'owner-sendmail-announce(a)lists.sendmail.org' => -3.0, 'sendmail-announce-request(a)lists.sendmail.org' => -3.0, 'donotreply(a)sendmail.org' => -3.0, 'ca+envelope(a)sendmail.org' => -3.0, 'noreply(a)freshmeat.net' => -3.0, 'owner-technews(a)postel.acm.org' => -3.0, 'ietf-123-owner(a)loki.ietf.org' => -3.0, 'cvs-commits-list-admin(a)gnome.org' => -3.0, 'rt-users-admin(a)lists.fsck.com' => -3.0, 'clp-request(a)comp.nus.edu.sg' => -3.0, 'surveys-errors(a)lists.nua.ie' => -3.0, 'emailnews(a)genomeweb.com' => -5.0, 'yahoo-dev-null(a)yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews(a)linuxnetworx.com' => -3.0, lc('lvs-users-admin(a)LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews(a)CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender(a)example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); # Utilities mit denen amavis Archive auspackt @decoders = ( ['mail', \&do_mime_decode], ['F', \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ], ['Z', \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ], ['gz', \&do_uncompress, 'gzip -d'], ['gz', \&do_gunzip], ['bz2', \&do_uncompress, 'bzip2 -d'], ['xz', \&do_uncompress, ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ], ['lzma', \&do_uncompress, ['lzmadec', 'xz -dc --format=lzma', 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], ['lrz', \&do_uncompress, ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], ['lzo', \&do_uncompress, 'lzop -d'], ['rpm', \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ], [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ], ['deb', \&do_ar, 'ar'], ['rar', \&do_unrar, ['unrar', 'rar'] ], ['arj', \&do_unarj, ['unarj', 'arj'] ], ['arc', \&do_arc, ['nomarch', 'arc'] ], ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], ['cab', \&do_cabextract, 'cabextract'], ['tnef', \&do_tnef], [['zip','kmz'], \&do_7zip, ['7za', '7z'] ], [['zip','kmz'], \&do_unzip], ['7z', \&do_7zip, ['7zr', '7za', '7z'] ], [[qw(7z zip gz bz2 Z tar)], \&do_7zip, ['7za', '7z'] ], [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)], \&do_7zip, '7z' ], ['exe', \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ], ); # eMails wird komplett dem Virenscanner zugestellt. Dem Inhalt von Archiven # wird grundsätzlich nicht vertraut. @keep_decoded_original_maps = (new_RE( qr'^MAIL$', qr'^MAIL-UNDECIPHERABLE$', qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)', )); ################################################################################ ## GRUNDSÄTZLICHE SERVERANGABEN UND -DEFINITIONEN # # Anzahl Server (pre-forked childs) die gestartet werden sollen. $max_servers = 5; # User und Gruppe des AMaViS Daemon $daemon_user = 'amavis'; $daemon_group = 'amavis'; # Hostname (FQDN) des AMaViS-Servers $myhostname = 'mail.wassa.at'; # Lokale Domäne des AMaViS-Servers $mydomain = 'wassa.at'; # Adresstrennzeichen in der eMail-Adresse $recipient_delimiter = '+'; # Wir setzen alles auf NULL und definieren das Backrouting in den Policy Banks # Wie werden die eMails an den ;MTA zurückgegeben? "undef" bei Verwendung des # amavisd-milter! $forward_method = undef; $notify_method = 'smtp:[mail.wassa.at]:10025'; #$allowed_added_header_fields{lc('X-Virus-Scanned')} = 0; ################################################################################ ## LOGGING # # verbosity 0..5, -d # Django : 2014-11-18 # default: $log_level = 0; $log_level = 3; # disable by-recipient level-0 log entries $log_recip_templ = undef; # log via syslogd (preferred) $do_syslog = 1; # Syslog facility as a string e.g.: mail, daemon, user, local0, ... local7 $syslog_facility = 'mail'; #Syslog base (minimal) priority $syslog_priority = 'debug'; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_db = 1; # enable use of libdb-based cache if $enable_db=1 $enable_global_cache = 1; # enable use of ZeroMQ (SNMP and nanny) # $enable_zmq = 1; # # nanny verbosity: 1: traditional, 2: detailed $nanny_details_level = 2; # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database # @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} ); # $redis_logging_key = 'amavis-log'; # about 250 MB / 100000 # $redis_logging_queue_size_limit = 300000; # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) ################################################################################ ## SOCKETS # # Wo soll AMaViS auf eingehende Verbindungen lauschen? @listen_sockets = ( '127.0.0.1:10024', '127.0.0.1:9998', "$MYHOME/amavisd.sock" ); ################################################################################ ## POLICY MAPPINGS # # Wir routen eingehende Verbindungen aufgrund unterschiedlicher Kriterien in # Policy Banks. # TCP-Sockets auf Policies mappen $interface_policy{'9998'} = 'AM.PDP-INET'; $interface_policy{'10024'} = 'ORIGINATING'; # UNIX-Domain-Sockets auf Policies mappen $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # IP-Adressen/Ranges auf Policies mappen @client_ipaddr_policy = ( [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST', [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS', [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER', [qw( 198.51.100.88/32 )] => 'CUSTOMERS', [qw( 203.0.113.164/32 )] => 'HOSTING', \@mynetworks => 'MYNETS', ); # DKIM-verifizierte Sender(domains) auf Policies mappen @author_to_policy_bank_maps = ( { 'piratenpartei-bayern.de' => 'WHITELIST,NOBANNEDCHECK,NOVIRUSCHECK', '.paypal.de' => 'WHITELIST', '.paypal.com' => 'WHITELIST', 'amazon.de' => 'WHITELIST', } ); ################################################################################ ## DESTINATIONS # # Definition der Verkehrsrichtungen: # Das ist nach intern. Alle anderen Destinationen sind im Umkehrschluss extern. @local_domains_maps = ( [".$mydomain"], read_hash("/etc/postfix/all_local_domains_map"), ); # Das kommt von intern. Alles andere ist per Default von extern, ausser wir # erkennen es an anderen Kriterien wie z.B. DKIM-Signatur oder originating Port @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 172.31.1.0/24 10.0.10.0/26 ); ################################################################################ ## NOTIFICATIONS # # Externe warnen? $warn_offsite = 0; # Envelope Sender $mailfrom_notify_admin = "postmaster\@$mydomain"; $mailfrom_notify_recip = "postmaster\@$mydomain"; $mailfrom_notify_sender = "postmaster\@$mydomain"; $mailfrom_notify_spamadmin = "postmaster\@$mydomain"; $mailfrom_to_quarantine = ''; $dsn_bcc = "postmaster\@$mydomain"; # From: Header $hdrfrom_notify_sender = "Postmaster <postmaster\@$mydomain>"; $hdrfrom_notify_recip = "Postmaster <postmaster\@$mydomain>"; $hdrfrom_notify_release = "Postmaster <postmaster\@$mydomain>"; ################################################################################ ## VIRUS POLICY # # Check aktivieren? # @bypass_virus_checks_maps = (1); # In Quarantäne? $virus_quarantine_to = undef; # Admin benachrichtigen? $virus_admin = undef; # Empfänger benachrichtigen? $warnvirusrecip = 1; # Recipient-Adresse bei Release erweitern? @addr_extension_virus_maps = ('virus'); # eMail bei Release wrappen? $defang_virus = 1; # Wollen wir Content transportieren? $final_virus_destiny = D_REJECT; @av_scanners = ( ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ); @av_scanners_backup = (); #@av_scanners_backup = ( # ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV # ['ClamAV-clamscan', 'clamscan', # "--stdout --no-summary -r --tempdir=$TEMPBASE {}", # [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], #); ################################################################################ ## SPAM POLICY # # Check aktivieren? # @bypass_spam_checks_maps = (1); # In Quarantäne? $spam_quarantine_to = undef; # Admin benachrichtigen? $spam_admin = undef; # Recipient-Adresse bei Release erweitern? @addr_extension_spam_maps = ('spam'); # eMail bei Release wrappen? $defang_spam = undef; # Wollen wir Content transportieren? $final_spam_destiny = D_REJECT; # add spam info headers if at, or above that level $sa_tag_level_deflt = -1000.0; # add 'spam detected' headers at that level $sa_tag2_level_deflt = 6.31; # triggers spam evasive actions (e.g. blocks mail) $sa_kill_level_deflt = 6.31; # spam level beyond which a DSN is not sent $sa_dsn_cutoff_level = 10; # likewise, but for a likely valid From $sa_crediblefrom_dsn_cutoff_level = 18; # spam level beyond which quarantine is off # $sa_quarantine_cutoff_level = 25; # (no effect without a @storage_sql_dsn database) $penpals_bonus_score = 8; # don't waste time on hi spam $penpals_threshold_high = $sa_kill_level_deflt; # spam score points to add for joe-jobbed bounces $bounce_killer_score = 100; # don't waste time on SA if mail is larger $sa_mail_body_size_limit = 400*1024; # only tests which do not require internet access? $sa_local_tests_only = 0; $sa_spam_subject_tag = '***Spam*** '; ################################################################################ ## BANNED POLICY # # Check aktivieren? #@bypass_banned_checks_maps = (1); # In Quarantäne? $banned_quarantine_to = undef; # Admin benachrichtigen? $banned_admin = undef; # Recipient-Adresse bei Release erweitern? @addr_extension_banned_maps = ('banned'); # eMail bei Release wrappen? $defang_banned = 1; # Wollen wir Content transportieren? $final_banned_destiny = D_BOUNCE; # Definitionslisten in denen wir bestimmte Dateitypen zusammenfassen # Die Definitionsnamen können wir in einer Policy verwenden %banned_rules = ( 'NO-MS-EXEC'=> new_RE( qr'^\.(exe-ms)$' ), 'PASSALL' => new_RE( [qr'^' => 0] ), 'ALLOW_EXE' => new_RE( qr'.\.(vbs|pif|scr|bat)$'i, [qr'^\.exe$' => 0] ), 'ALLOW_VBS' => new_RE( [qr'.\.vbs$' => 0] ), 'NO-VIDEO' => new_RE( qr'^\.movie$', qr'.\.(asf|asx|mpg|mpe|mpeg|avi|mp3|wav|wma|wmf|wmv|mov|vob)$'i, ), 'NO-MOVIES' => new_RE( qr'^\.movie$', qr'.\.(mpg|avi|mov)$'i, ), 'MYNETS-DEFAULT' => new_RE( [ qr'^\.(rpm|cpio|tar)$' => 0 ], qr'.\.(vbs|pif|scr)$'i, ), 'DEFAULT' => $banned_filename_re, ); # Alles was in der Definitionsliste oben DEFAULT ist $banned_filename_re = new_RE( # banned file(1) types, rudimentary qr'^\.(exe-ms|dll)$', # allow any in Unix-type archives [ qr'^\.(rpm|cpio|tar)$' => 0 ], # banned extensions - rudimentary qr'.\.(pif|scr)$'i, # block these MIME types qr'^application/x-msdownload$'i, qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, # banned extension - basic+cmd qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, ); ################################################################################ ## HEADER POLICY # # Check aktivieren? # @bypass_header_checks_maps = (1); # In Quarantäne? $bad_header_quarantine_method = undef; # Recipient-Adresse bei Release erweitern? @addr_extension_bad_header_maps = ('badh'); # eMail bei Release wrappen? # NUL or CR character in header $defang_by_ccat{CC_BADH.",3"} = 1; # header line longer than 998 characters $defang_by_ccat{CC_BADH.",5"} = 1; # header field syntax error $defang_by_ccat{CC_BADH.",6"} = 1; # Wollen wir Content transportieren? $final_bad_header_destiny = D_PASS; # Admin benachrichtigen? $bad_header_admin = undef; # Sender benachrichtigen? $warnbadhsender = undef; # Empfänger benachrichtigen? $warnbadhrecip = undef; ################################################################################ ## UNCHECKED POLICY # $undecipherable_subject_tag = ''; $MAXLEVELS = 14; $MAXFILES = 3000; # bytes (default undef, not enforced) $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 500*1024*1024; ################################################################################ ## DKIM - Domain Key Identified Mail # # DKIM-Signaturen verifizieren $enable_dkim_verification = 0; # DKIM-Signaturen erstellen $enable_dkim_signing = 0; # Private Keys und Selectors # # signing domain selector private key options # ------------- -------- ---------------------- ---------- # dkim_key('nausch.org', '201411', '/var/spool/amavis/dkim/201411_nausch.org'); # DKIM Signing Policies @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); # to query p0f-analyzer.pl # $os_fingerprint_method = 'p0f:*:2345'; ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value ################################################################################ ## POLICY BANKS # ## POLICY BANK MYNETWORK # Alles Hosts, die in MYNETS gelistet sind $policy_bank{'MYNETS'} = { # Jede Mail von einen unserer Hosts wird als originating gesetzt originating => 1, # Keine pof Abfragen für interne Clients durchführen. os_fingerprint_method => undef, }; ## POLICY BANK SUBMISSON # Nachrichten unserer Kunden, die auf Port 587 (Submisson) eingeliefert wurden # wird als originating, also von uns gesetzt. $policy_bank{'ORIGINATING'} = { # welcher Host darf soll auf Port 10014 einliefern dürfen inet_acl => [qw( 127.0.0.1 )], # eMails vom Port 587 werdenals "von uns" = originating gesetzt originating => 1, # Disclaimer an jede Mail anfügen, sofern welche verfügbar sind. allow_disclaimers => 1, # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], # allow sending any file names and types bypass_spam_checks_maps => [0], # allow sending any file names and types bypass_banned_checks_maps => [1], # don't remove NOTIFY=SUCCESS option terminate_dsn_on_notify_success => 0, notify_method => 'smtp:[127.0.0.1]:10025', forward_method => 'smtp:[127.0.0.1]:10025', final_virus_destiny => 'D_BOUNCE', }; # Hier schlägt der MILTER auf $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, }; # Hier würden wir releasen $policy_bank{'AM.PDP-INET'} = { protocol => 'AM.PDP', inet_acl => [qw( 127.0.0.1 )], auth_required_release => 0, }; ## POLICY BANK: WHITELIST $policy_bank{'WHITELIST'} = { bypass_spam_checks_maps => [1], spam_lovers_maps => [1], }; ## POLICY BANK: NOVIRUSCHECK $policy_bank{'NOVIRUSCHECK'} = { bypass_decode_parts => 1, bypass_virus_checks_maps => [1], virus_lovers_maps => [1], }; ## POLICY BANK: NOBANNEDCHECK $policy_bank{'NOBANNEDCHECK'} = { bypass_banned_checks_maps => [1], banned_files_lovers_maps => [1], }; 1; # insure a defined return value # vim: set ft=perl sw=4:

2 4