myhostname = mail.mydomain.org mydomain = mydomain.org myorigin = $mydomain smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mydestination = local, localhost.localdomain, localhost mailbox_size_limit = 51200000 message_size_limit = 51200000 recipient_delimiter = inet_interfaces = all inet_protocols = all ##### TLS parameters ###### smtpd_tls_cert_file=/etc/postfix/ssl/mail.mydomain.org.crt smtpd_tls_key_file=/etc/postfix/ssl/mail.mydomain.org.key smtpd_use_tls=yes smtpd_tls_auth_only=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ###### SASL Auth ###### smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_restriction_classes = greylisting , internal #smtpd_restriction_classes = # internal internal = permit_mynetworks, permit_sasl_authenticated, reject ###### Use Dovecot LMTP Service to deliver Mails to Dovecot ###### ##virtual_transport = spamass-dovecot virtual_transport = lmtp:unix:private/dovecot-lmtp ##### Only allow mail transport if client is authenticated or in own network (PHP Scripts, ...) ###### ##### allow mail sending if Client is authenticated or in own network (PHP scripts, ...) , block spam servers ###### ##### smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination # CPK - 2017-03-15 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/sender_access, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, permit # -smtpd_recipient_restrictions = # - permit_mynetworks, # - reject_non_fqdn_recipient, # - reject_unknown_recipient_domain, # - reject_non_fqdn_sender, # - reject_unknown_sender_domain, # - reject_invalid_helo_hostname, # - reject_non_fqdn_helo_hostname, # - reject_unauth_destination, # - reject_unverified_recipient, # - check_client_access pcre:$config_directory/greylisting.pcre, greylisting = permit_dnswl_client mailspike.net, permit_dnswl_client list.dnswl.org, check_policy_service inet:127.0.0.1:10029 #++ CPK 2017-02-21 disable_vrfy_command = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 ###### MySQL Connection ###### virtual_alias_maps = mysql:/etc/postfix/virtual/mysql-aliases.cf virtual_mailbox_maps = mysql:/etc/postfix/virtual/mysql-maps.cf virtual_mailbox_domains = mysql:/etc/postfix/virtual/mysql-domains.cf local_recipient_maps = $virtual_mailbox_maps #content_filter=spamass-dovecot:[127.0.0.1]:10024 content_filter=smtp-amavis:[127.0.0.1]:10024 compatibility_level = 2 smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, check_client_access hash:/etc/postfix/blacklist smtpd_sender_restrictions = hash:/etc/postfix/access debug_peer_list = 91.200.0.0/16