[Techtalk] question reference mail programs
Devdas Bhagat
devdas at dvb.homelinux.org
Sun Aug 22 21:16:47 EST 2004
On 22/08/04 08:38 -0400, Helen wrote:
> From everyone's answers and question, I think that I had the right idea
> all along, it is just someone spoofing my address. I will have to do
> some more research on postfix configuration though. I was basically using
> it straight out of the box, with only a few minor changes.
For the record, here is my postconf -n output.
Lines beginning with # are comments that I am putting in as
documentation
# Local aliases, importantly root -> normal account.
alias_maps = hash:/etc/postfix/aliases
# Default values
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
# Prevent idiotic script kiddies from running VRFY. They need to try a
# full dictionary attack instead.
disable_vrfy_command = yes
# Do not install HTML documentation.
html_directory = no
# Listen on all interfaces
inet_interfaces = all
# Deliver one message at a time. Doesn't really matter here.
local_destination_concurrency_limit = 1
# Enumerate local recipients.
local_recipient_maps = unix:passwd.byname $alias_maps
# What system user Postfix runs as.
mail_owner = postfix
# Where to deliver the mail (mbox format)
mail_spool_directory = /var/spool/mail
# Use procmail to deliver mail.
mailbox_command = /usr/bin/procmail
# This system is just for me, so I allow really large mailboxes.
mailbox_size_limit = 10485760000
# Defaults
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
# Large messages as well.
message_size_limit = 1048576000
# MIME filtering, saves on deleting mails from some crappy viruses.
# I should write a script to parse my logs and locally blacklist hosts
# caught here, but then I also have to whitelist.
mime_header_checks = regexp:/etc/postfix/mime_headers
# What domains I accept mail for.
mydestination = $myhostname, localhost.$mydomain, mx1.$mydomain
# The FQDN hostname
myhostname = dvb.homelinux.org
# What IP space I fully trust.
mynetworks = 127.0.0.0/8
# Where system generated mail and mail submitted without a full address
# should originate from.
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme_files
# Smarthost via this system
relayhost = [66.98.212.152]
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
# The banner that should show up after the 220 greeting.
# $myhostname is compulsory.
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# Impolite clients are not welcome. Introduce yourself first.
smtpd_helo_required = yes
# Recipient checks.
# In order, permit from trusted networks, enforce valid syntax, reject
# mail for hosts not in $mydestination from anywhere else, possible
# whitelisting, then local blacklists, then checks on remote DNSBLs.
# Attempted optimisation for performance.
smtpd_recipient_restrictions = permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
check_client_access hash:/etc/postfix/allowed-clients
check_recipient_access hash:/etc/postfix/allowed-recipients
check_client_access hash:/etc/postfix/client-access
check_client_access cidr:/etc/postfix/cidr-client-access
check_client_access pcre:/etc/postfix/pcre-client-access
check_sender_access hash:/etc/postfix/sender-access
reject_unauth_pipelining
check_sender_access hash:/etc/postfix/allowed-senders
reject_unlisted_recipient
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client l1.spews.dnsbl.sorbs.net
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client relays.visi.com
reject_rhsbl_sender rhsbl.sorbs.net
# More syntax checks. Envelope senders and recipients need a <> around
# the address
strict_rfc821_envelopes = yes
# Permanently reject unknown recipients
unknown_local_recipient_reject_code = 550
I hope this helps a bit.
Devdas Bhagat
More information about the Techtalk
mailing list