[Techtalk] question reference mail programs

Devdas Bhagat devdas at dvb.homelinux.org
Sun Aug 22 21:16:47 EST 2004


On 22/08/04 08:38 -0400, Helen wrote:
> From everyone's answers and question, I think that I had the right idea
> all along, it is just someone spoofing my address.  I will have to do
> some more research on postfix configuration though.  I was basically using
> it straight out of the box, with only a few minor changes.

For the record, here is my postconf -n output.
Lines beginning with # are comments that I am putting in as
documentation

# Local aliases, importantly root -> normal account.
alias_maps = hash:/etc/postfix/aliases

# Default values
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix

# Prevent idiotic script kiddies from running VRFY. They need to try a
# full dictionary attack instead.
disable_vrfy_command = yes

# Do not install HTML documentation.
html_directory = no

# Listen on all interfaces
inet_interfaces = all

# Deliver one message at a time. Doesn't really matter here.
local_destination_concurrency_limit = 1

# Enumerate local recipients.
local_recipient_maps = unix:passwd.byname $alias_maps

# What system user Postfix runs as.
mail_owner = postfix

# Where to deliver the mail (mbox format)
mail_spool_directory = /var/spool/mail

# Use procmail to deliver mail.
mailbox_command = /usr/bin/procmail

# This system is just for me, so I allow really large mailboxes.
mailbox_size_limit = 10485760000

# Defaults
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man

# Large messages as well.
message_size_limit = 1048576000

# MIME filtering, saves on deleting mails from some crappy viruses.
# I should write a script to parse my logs and locally blacklist hosts
# caught here, but then I also have to whitelist. 
mime_header_checks = regexp:/etc/postfix/mime_headers

# What domains I accept mail for.
mydestination = $myhostname, localhost.$mydomain, mx1.$mydomain

# The FQDN hostname
myhostname = dvb.homelinux.org

# What IP space I fully trust.
mynetworks = 127.0.0.0/8

# Where system generated mail and mail submitted without a full address
# should originate from.
myorigin = $myhostname


newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme_files

# Smarthost via this system
relayhost = [66.98.212.152]

sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop

# The banner that should show up after the 220 greeting. 
# $myhostname is compulsory.
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# Impolite clients are not welcome. Introduce yourself first.
smtpd_helo_required = yes

# Recipient checks.
# In order, permit from trusted networks, enforce valid syntax, reject
# mail for hosts not in $mydestination from anywhere else, possible
# whitelisting, then local blacklists, then checks on remote DNSBLs.
# Attempted optimisation for performance.
smtpd_recipient_restrictions = permit_mynetworks
		reject_invalid_hostname
		reject_non_fqdn_hostname
		reject_non_fqdn_sender
		reject_non_fqdn_recipient
		reject_unauth_destination
		check_client_access hash:/etc/postfix/allowed-clients
		check_recipient_access hash:/etc/postfix/allowed-recipients
		check_client_access hash:/etc/postfix/client-access
		check_client_access cidr:/etc/postfix/cidr-client-access
		check_client_access pcre:/etc/postfix/pcre-client-access
		check_sender_access hash:/etc/postfix/sender-access
		reject_unauth_pipelining
		check_sender_access hash:/etc/postfix/allowed-senders
		reject_unlisted_recipient
		reject_rbl_client	sbl-xbl.spamhaus.org
		reject_rbl_client	dnsbl.sorbs.net
		reject_rbl_client	l1.spews.dnsbl.sorbs.net
		reject_rbl_client	relays.ordb.org
		reject_rbl_client	list.dsbl.org
		reject_rbl_client	relays.visi.com
		reject_rhsbl_sender	rhsbl.sorbs.net

# More syntax checks. Envelope senders and recipients need a <> around
# the address
strict_rfc821_envelopes = yes

# Permanently reject unknown recipients
unknown_local_recipient_reject_code = 550

I hope this helps a bit.

Devdas Bhagat


More information about the Techtalk mailing list