1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/bin/sh
cat <<EOF
# Configure your domain and accounts
mydomain=sample.com
mynetworks = 127.0.0.1/32 192.168.1.0/24
virtual_mailbox_domains = sample.com, other.net
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual_alias
# You'll start with the following lines for maildir storage
virtual_mailbox_base = /var/spool/vmail
virtual_uid_maps = static:`grep vmail /etc/passwd | cut -d ":" -f 3`
virtual_gid_maps = static:`grep vmail /etc/passwd | cut -d ":" -f 4`
# You'll start with the following lines for IMAP storage
#virtual_transport = lmtp:unix:/var/lib/cyrus/socket/lmtp
# General stuff here again
config_directory = /etc/postfix
sample_directory = /etc/postfix
queue_directory = /var/spool/postfix
mail_spool_directory = /var/spool/mail
readme_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
setgid_group = postdrop
mydestination =
unknown_local_recipient_reject_code = 450
mynetworks_style = host
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
permit
smtpd_client_restrictions =
permit_mynetworks,
# reject_unknown_client, # This can cause a lot of false rejects.
reject_invalid_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
# reject_non_fqdn_hostname, # This can cause a lot of false rejects.
# reject_unknown_hostname, # This can cause a lot of false rejects.
reject_invalid_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
# check_sender_access hash:/etc/postfix/access_domains,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
# check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
# check_helo_access pcre:/etc/postfix/helo_checks.pcre,
# check_client_access hash:/etc/postfix/maps/access_client,
# check_client_access hash:/etc/postfix/maps/exceptions_client,
# check_helo_access hash:/etc/postfix/maps/access_helo,
# check_helo_access hash:/etc/postfix/maps/verify_helo,
# check_sender_access hash:/etc/postfix/maps/access_sender,
# check_sender_access hash:/etc/postfix/maps/verify_sender,
# check_recipient_access hash:/etc/postfix/maps/access_recipient,
# reject_multi_recipient_bounce,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
# reject_unlisted_recipient,
#check_policy_service unix:private/policy,
# check_sender_access hash:/etc/postfix/maps/no_verify_sender,
# check_sender_access hash:/etc/postfix/access_domains,
# reject_unverified_sender,
# reject_unverified_recipient
check_recipient_access hash:/etc/postfix/internal_recipient
disable_vrfy_command = yes
EOF
|