<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1222599761;
mso-list-type:hybrid;
mso-list-template-ids:242387646 479740820 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:342.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1516842089;
mso-list-type:hybrid;
mso-list-template-ids:52978700 -1852550958 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0E8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hallo,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>ich habe ein Problem mein Postfix im Zusammenspiel mit Amavis korrekt zu konfigurieren.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ich nutze Amavis als proxy_filter, was soweit auch problemlos funktioniert.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Nun habe ich mit dem GTUBE Spamtest ein wenig rumgespielt. Wenn von extern eine eMail mit diesem Test-Spam eintrifft, blockt Amavis als proxy_filter diese Mail mit D_REJECT. -> So soll es sein.<o:p></o:p></p><p class=MsoNormal>Wenn ich versuche eine GTUBE Spam-eMail von meinen Mailserver nach draußen zu schicken, wird die Einlieferung durch Outlook von amavis ebenfalls geblockt. <o:p></o:p></p><p class=MsoNormal>Zwar ist es richtig die Spam-eMail zu blocken, jedoch bemerkt Outlook das REJECT im STMP Protokoll anscheinend nicht – Der Sender bemerkt also nicht dass seine Email nicht raus ist.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'>è<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Lösungsansatz: SASL-Authentifizierte Benutzer sollen kein Reject, sondern einen Bounce von Amavis erhalten. (D_BOUNCE anstelle D_REJECT)<o:p></o:p></p><p class=MsoNormal style='margin-left:36.0pt'>Hierzu wollte ich policy_banks nutzen. Netterweise gibt es ja sogar eine policy_bank ‚MYUSERS‘, doch leider greift diese policy_bank bei mir nicht. Natürlich könnte ich zwei verschiedene IPs nehmen, einen für MX, eine für die internen User, aber das ist irgendwie unschön, ‚MYUSERS‘ wäre schon netter.<o:p></o:p></p><p class=MsoNormal style='margin-left:36.0pt'><o:p> </o:p></p><p class=MsoNormal>Frage a): Woran kann es liegen dass MYUSERS nicht erkannt wird in Amavis? <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Frage b) Gibt es noch andere Lösungen um die Bounces bei eigenen Userns zu verlangen, und bei allen anderen SMTP Einlieferungen REJECTs zu verwenden? <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Vielen Dank für die Hilfe, ich bin da grade etwas Orientierungslos.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Torben Dannhauer<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Meine Daten:<o:p></o:p></p><p class=MsoNormal>OS: Debian Squeeze<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>Main.cf, master.cf, amavis-conf (conf.d/50-user)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>---------------------------- Amavis conf: --------------------------<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>cat /etc/amavis/conf.d/50-user<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>use strict;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Place your configuration directives here. They will override those in<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># earlier files.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># See /usr/share/doc/amavisd-new/ for documentation and examples of<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># the directives you can use in this file<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>$inet_socket_port = [10024, 10030];<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$log_level = 4;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Virus and SPAM check is disabled by default, therefore we have to enable it:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>@bypass_virus_checks_maps = (<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>@bypass_spam_checks_maps = (<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>$final_virus_destiny = D_REJECT; # (data not lost, see virus quarantine)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$final_banned_destiny = D_REJECT; # D_REJECT when front-end MTA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$final_spam_destiny = D_REJECT;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>$sa_spam_subject_tag = '****SPAM**** ';<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$sa_kill_level_deflt = 6.31; # triggers spam evasive actions<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent (Only relevant if D_BOUNCE is used)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Do not save mails in quarantine<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$virus_quarantine_to = undef;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$spam_quarantine_to = undef;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$banned_quarantine_to = undef;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$bad_header_quarantine_to = undef;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># configure how many instances amavis should run at max (postfix-limit+1 [+1 for AM.DPD])<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$max_servers = 7;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># SQL Settings<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>@lookup_sql_dsn = ([ 'DBI:Pg:database=amavis', 'dbuser', 'hiddenpass' ]);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Bounce own users on bads behaviour<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>$policy_bank{'MYUSERS'} = { # mail supposedly originating from our users<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> originating => 1, # declare that mail was submitted by our smtp client<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> final_virus_destiny => D_BOUNCE, # bounce only to authenticated local users<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> final_banned_destiny=> D_BOUNCE,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> final_spam_destiny => D_BOUNCE,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>};<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#------------ Do not modify anything below this line -------------<o:p></o:p></span></p><p class=MsoNormal>1; # ensure a defined return<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>---------------- master.cf---------------------------<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Postfix master process configuration file. For details on the format<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># of the file, see the master(5) manual page (command: "man 5 master").<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Do not forget to execute "postfix reload" after editing this file.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># ==========================================================================<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># service type private unpriv chroot wakeup maxproc command + args<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># (yes) (yes) (yes) (never) (100)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># ==========================================================================<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp inet n - - - - smtpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_proxy_filter=localhost:10024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o content_filter=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>pickup fifo n - - 60 1 pickup<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o content_filter=smtp-amavis:[localhost]:10024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>cleanup unix n - - - 0 cleanup<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>qmgr fifo n - n 300 1 qmgr<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>tlsmgr unix - - - 1000? 1 tlsmgr<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>rewrite unix - - - - - trivial-rewrite<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>bounce unix - - - - 0 bounce<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>defer unix - - - - 0 bounce<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>trace unix - - - - 0 bounce<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>verify unix - - - - 1 verify<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>flush unix n - - 1000? 0 flush<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>proxymap unix - - n - - proxymap<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>proxywrite unix - - n - 1 proxymap<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp unix - - - - - smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># When relaying mail as backup MX, disable fallback_relay to avoid MX loops<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>relay unix - - - - - smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtp_fallback_relay=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>showq unix n - - - - showq<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>error unix - - - - - error<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>retry unix - - - - - error<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>discard unix - - - - - discard<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>local unix - n n - - local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual unix - n n - - virtual<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>lmtp unix - - - - - lmtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>anvil unix - - - - 1 anvil<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>scache unix - - - - 1 scache<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># ====================================================================<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># See the Postfix UUCP_README file for configuration details.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>uucp unix - n n - - pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Other external delivery methods.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ifmail unix - n n - - pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>bsmtp unix - n n - - pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>scalemail-backend unix - n n - 2 pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>mailman unix - n n - - pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ${nexthop} ${user}<o:p></o:p></span></p><p class=MsoNormal>maildrop unix - n n - - pipe<o:p></o:p></p><p class=MsoNormal> flags=DRhu user=vmail:vmail argv=/usr/bin/maildrop -w 85 -d ${user}@${nexthop} ${recipient} ${user} ${nexthop} ${sender}<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>vacation unix - n n - - pipe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> flags=Rq user=vacation:vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Transport method for postfix->amavis to limit the maximum used amavis instances.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp-amavis unix - - - - 6 smtp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtp_data_done_timeout=1800<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o disable_mime_output_conversion=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtp_generic_maps=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># This port is for the return delivery of scanned emails by amavis.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># This port has no anti spam protection to prevent an infinite loop of amavis calls.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>localhost:10025 inet n - n - - smtpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o content_filter=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_proxy_filter=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_authorized_xforward_hosts=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_client_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_helo_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_sender_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_recipient_restrictions=permit_mynetworks,reject<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o smtpd_data_restrictions=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o mynetworks=127.0.0.0/8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> -o recieve_override_options=no_unknown_recipient_checks<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Open port 2333 as alternative SMTP port for ISPs with blocked port 25<o:p></o:p></span></p><p class=MsoNormal>smtp:2333 inet n - - - - smtpd<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>----------------- main.cf-----------------------------<o:p></o:p></p><p class=MsoNormal><span lang=EN-US># See /usr/share/postfix/main.cf.dist for a commented, more complete version<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Debian specific: Specifying a file name will cause the first<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># line of that file to be used as the name. The Debian default<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># is /etc/mailname.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#myorigin = /etc/mailname<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>soft_bounce = no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># General Setup<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>default_database_type = btree<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>biff = no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># appending .domain is the MUA's job.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>append_dot_mydomain = no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Uncomment the next line to generate "delayed mail" warnings<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>#delay_warning_time = 4h<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>myhostname = myhost.domain.tld<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>myorigin = /etc/mailname<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>mydestination = $myhostname, localhost.$mydomain, localhost<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, my-IP<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>relayhost =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>mailbox_size_limit = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>message_size_limit = 52428800<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>recipient_delimiter = +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>inet_interfaces = all<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>html_directory = /usr/share/doc/postfix/html<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_helo_required = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>disable_vrfy_command = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>strict_rfc821_envelopes = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Settings for virtual hosting<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_uid_maps = static:1001<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_gid_maps = static:1001<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Ensures, that no Mails are written to Filesystem outside this path<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_mailbox_base = /var/vmail<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Lookup maps<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## global<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>transport_maps = pgsql:/etc/postfix/pgsql-transport.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>relocated_maps = pgsql:/etc/postfix/pgsql-relocated.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>alias_maps = btree:/etc/aliases pgsql:/etc/postfix/pgsql-aliases.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>alias_database = btree:/etc/aliases<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## virtual<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-domains.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual-mailbox.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias.cf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># SMTP AUTH (SASL)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_sasl_auth_enable = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_sasl_local_domain = $myhostname<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_sasl_security_options = noanonymous<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>broken_sasl_auth_clients = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unknown_local_recipient_reject_code = 550<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Maildrop<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>maildrop_destination_concurrency_limit = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>maildrop_destination_recipient_limit = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unknown_maildrop_mailbox_reject_code = 450<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>## SMTP-Restrictions<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_recipient_restrictions =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Whitelist RFC-conform<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> check_recipient_access btree:/etc/postfix/access_recipient-rfc,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Whitelisting and Blacklisting<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Don't accept unclean mails<o:p></o:p></span></p><p class=MsoNormal># reject_non_fqdn_sender, # Todo: Server checken, die nur über ihren Namen senden<o:p></o:p></p><p class=MsoNormal><span lang=EN-US># reject_non_fqdn_recipient, # Todo: checken, was mit lokalen Accounts wie root, etc ist.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_unknown_sender_domain,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_unknown_recipient_domain,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Allow own users<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> permit_sasl_authenticated,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> permit_mynetworks,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Check RBL<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_rbl_client zen.spamhaus.org,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_rbl_client ix.dnsbl.manitu.net,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_rbl_client bl.spamcop.net,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_rbl_client dnsbl.njabl.org,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Policyd-Weight<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> check_policy_service inet:127.0.0.1:12525,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Greylisting<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> check_policy_service inet:127.0.0.1:10023,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Check for known relay recipients<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_unverified_recipient,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Allow Backup-MX<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> permit_mx_backup,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Stop all other relaying<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> reject_unauth_destination,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># Now everything is checked,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> permit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># Send all email through Amavis:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US># No need to call amavis there, the smtp method in master.cf is praperated to use amavis as smtpd_proxy_filter.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US># TLS PART START<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## SMTP Part<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp_tls_CAfile = /usr/share/ca-certificates/cacert.org/cacert.org.crt<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp_tls_cert_file = /etc/postfix/tls/jonathan.dannhauer.info.crt<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp_tls_key_file = /etc/postfix/tls/jonathan.dannhauer.info.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp_tls_session_cache_database = btree:${data_directory}/smtp_tls_session_cache<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtp_use_tls = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>## SMTPD Part<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_CAfile = /usr/share/ca-certificates/cacert.org/cacert.org.crt<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_cert_file = /etc/postfix/tls/jonathan.dannhauer.info.crt<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_key_file = /etc/postfix/tls/jonathan.dannhauer.info.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_tls_session_cache<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_use_tls = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_received_header = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_ask_ccert = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>smtpd_tls_loglevel = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>tls_random_source = dev:/dev/urandom<o:p></o:p></span></p></div></body></html>