Mailgateway
in [Postfix]
|
From: postfix-users on 8 Apr 2010 13:26 Ansgar Wiechers schrieb: > It should work if the FQDN is the FQDN of server B. It shouldn't work if > the FQDN is the FQDN of server A (which was the case in your config > snippet). Ahh ... Was too fast to format that stuff, sorry for that! > The default includes all local users of the machine, which probably is > not what you want, considering the machine's purpose. Thats a good argument - i changed the config! Thanx again :)
From: postfix-users on 8 Apr 2010 13:34 And finally, to showcase my config, the "postconf -n" outputs, modified to remove real hostnames and IP-addresses. A "client" server: config_directory = /etc/postfix mydomain = example.com mynetworks = 127.0.0.1/8 myorigin = $mydomain relayhost = smtp.example.com The MX SMTP server (Server A): alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix disable_vrfy_command = yes local_recipient_maps = $alias_maps mailbox_size_limit = 1073741824 message_size_limit = 20480000 mydestination = localhost mydomain = example.com myhostname = smtp.example.com mynetworks = 127.0.0.0/8, IP.AD.DR.ES/32, IP.AD.DR.ES/32, IP.AD.DR.ES/29, IP.AD.DR.ES/32, IP.AD.DR.ES/32, IP.AD.DR.ES/31, IP.AD.DR.ES/32 myorigin = $mydomain recipient_delimiter = . relay_domains = /etc/postfix/mydomains relay_recipient_maps = hash:/etc/postfix/relay_recipient_map relay_transport = smtp:[mail.example.com] relocated_maps = hash:/etc/postfix/relocated smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/client_access smtpd_data_restrictions = smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no And the IMAP server (Server B): alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix disable_vrfy_command = yes mailbox_size_limit = 1073741824 message_size_limit = 20480000 mydestination = $myhostname, localhost.$mydomain, localhost, /etc/postfix/mydomains mydomain = example.com mynetworks = 127.0.0.0/8, IP.AD.DR.ES/32, IP.AD.DR.ES/32, IP.AD.DR.ES/29, IP.AD.DR.ES/32, IP.AD.DR.ES/32, IP.AD.DR.ES/31, IP.AD.DR.ES/32 myorigin = $mydomain recipient_delimiter = . relayhost = [smtp.example.com] relocated_maps = hash:/etc/postfix/relocated smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/client_access smtpd_data_restrictions = smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no
From: Noel Jones on 8 Apr 2010 15:50 On 4/8/2010 12:34 PM, postfix-users(a)tja-server.de wrote: > And finally, to showcase my config, the "postconf -n" outputs, modified > to remove real hostnames and IP-addresses. > > A "client" server: > > smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache This should use $data_directory rather than $queue_directory. $data_directory must be a directory owned by $mail_owner (default "postfix") and not used by any other programs. On most systems this defaults to /var/lib/postfix. http://www.postfix.org/postconf.5.html#data_directory http://www.postfix.org/postconf.5.html#smtp_tls_session_cache_database > smtpd_client_restrictions = reject_unknown_reverse_client_hostname, > check_client_access hash:/etc/postfix/client_access All smtpd_*_restrictions should start with "permit_mynetworks, permit_sasl_authenticated" to prevent rejecting authorized clients. > smtpd_helo_restrictions = reject_invalid_helo_hostname Same comment as above. > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > check_recipient_access hash:/etc/postfix/recipient_access OK. > smtpd_sender_restrictions = check_sender_access > hash:/etc/postfix/sender_access same comment as smtpd_client_restrictions. > smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache same comment as smtp_tls_session_cache_database > smtpd_use_tls = yes This parameter is obsolete. Rather use smtpd_tls_security_level = may http://www.postfix.org/postconf.5.html#smtpd_tls_security_level > And the IMAP server (Server B): > Same comments as above. -- Noel Jones
From: postfix-users on 8 Apr 2010 18:00 Noel Jones schrieb: > This should use $data_directory rather than $queue_directory. > > $data_directory must be a directory owned by $mail_owner (default > "postfix") and not used by any other programs. On most systems this > defaults to /var/lib/postfix. On my systems (Debian 4 and 5), data_directory is not set! And nothing points to /var/lib/postfix, which not even exists :-O postconf | grep directory | grep \/ | grep -v execution_directory_expansion_filter | grep -v '\$' command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix mail_spool_directory = /var/mail manpage_directory = /usr/share/man queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix sample_directory = /usr/share/doc/postfix/examples postconf mail_version mail_version = 2.3.8 > All smtpd_*_restrictions should start with "permit_mynetworks, > permit_sasl_authenticated" to prevent rejecting authorized clients. > > >> smtpd_helo_restrictions = reject_invalid_helo_hostname > > Same comment as above. OK. I added that! Also to smtpd_sender_restrictions, as you mentioned above. >> smtpd_use_tls = yes > > This parameter is obsolete. Rather use > smtpd_tls_security_level = may OK. I added that too and removed smtpd_tls_auth_only as this will be set anyway. Thank you very much! I begin to like my configurations now :)
From: Noel Jones on 8 Apr 2010 18:15 On 4/8/2010 5:00 PM, postfix-users(a)tja-server.de wrote: > Noel Jones schrieb: >> This should use $data_directory rather than $queue_directory. >> >> $data_directory must be a directory owned by $mail_owner (default >> "postfix") and not used by any other programs. On most systems this >> defaults to /var/lib/postfix. > > On my systems (Debian 4 and 5), data_directory is not set! > And nothing points to /var/lib/postfix, which not even exists :-O > > > postconf | grep directory | grep \/ | grep -v > execution_directory_expansion_filter | grep -v '\$' > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/lib/postfix > mail_spool_directory = /var/mail > manpage_directory = /usr/share/man > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix > sample_directory = /usr/share/doc/postfix/examples > > postconf mail_version > mail_version = 2.3.8 Ah, antique postfix version. That parameter was added a couple years ago in postfix 2.5 http://www.postfix.org/postconf.5.html#data_directory Even though your version doesn't have data_directory built-in, you can add it to your main.cf: data_directory = /var/lib/postfix then type: # mkdir /var/lib/postfix # chown postfix /var/lib/postfix -- Noel Jones
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Email blackhole (was: configure postfix for virtual domains) Next: hotmail problem |