Hallo Ihr!
Da ich mich eine Weile (so ca. 2 Jahre) kaum mehr intensiv mit Postfix beschäftigt habe habt ihr ein paar Tipps für mich was ich evtl. anpassen sollte hauptsächlich im Bezug auf Antispam usw. postscreen will ich mir mal angucken, da es ja auch so lobend im Linuxmag erwähnt wurde ...
Grüsse & Danke im Voraus ... MH
Installierte Versionen usw.: -- ii postfix 2.8.3-1~bpo60+1 High-performance mail transport agent ii postfix-doc 2.5.5-1.1 Documentation for Postfix ii postfix-ldap 2.8.3-1~bpo60+1 LDAP map support for Postfix ii postfix-mysql 2.8.3-1~bpo60+1 MySQL map support for Postfix ii postfix-pcre 2.8.3-1~bpo60+1 PCRE map support for Postfix ii amavisd-new 1:2.6.4-3 Interface between MTA and virus scanner/content filters ii spamassassin 3.3.1-1 Perl-based spam filter using text analysis
postconf -n address_verify_map = btree:/var/spool/postfix/verified_senders address_verify_negative_cache = yes address_verify_negative_refresh_time = 6m address_verify_poll_count = 1 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_size_limit = 1000 config_directory = /etc/postfix content_filter = amavisd-new:[127.0.0.1]:10024 delay_warning_time = 1h disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_size_limit = 0 mime_header_checks = pcre:/etc/postfix/mime_header_checks mydestination = $mydomain, $myhostname localhost mydomain = linuxrocks.dyndns.org myhostname = hermes.linuxrocks.dyndns.org mynetworks = 127.0.0.0/8 myorigin = $mydomain readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_banner = $myhostname ESMTP $mail_name smtpd_data_restrictions = reject_multi_recipient_bounce smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_error_sleep_time = 5s smtpd_hard_error_limit = 15 smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, check_sender_access hash:/etc/postfix/disallow_my_domain check_sender_access hash:/etc/postfix/blacklist_sender check_recipient_access hash:/etc/postfix/roleaccount_exceptions sleep 1, reject_unauth_pipelining, reject_unknown_reverse_client_hostname reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks check_client_access pcre:/etc/postfix/client-checks check_sender_mx_access cidr:/etc/postfix/bogus_mx reject_rbl_client zen.spamhaus.org, warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org, reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client ix.dnsbl.manitu.net reject_unknown_sender_domain permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 5 smtpd_tls_security_level = may unverified_sender_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains virtual_alias_maps = hash:/etc/postfix/virtual_mailbox_aliases virtual_gid_maps = static:1003 virtual_mailbox_base = /var/spool/virtual_mailboxes virtual_mailbox_domains = haegele-clan.eu virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_recipients virtual_uid_maps = static:1003
cat /etc/postfix/master.cf | grep -v ^# smtp inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
amavisd-new unix - - n - 2 smtp -o smtp_data_done_timeout=1200s -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes tlsmgr unix - - - 1000? 1 tlsmgr scache unix - - - - 1 scache discard unix - - - - - discard retry unix - - - - - error --