Thank you everyone for the excellent information. > Don't do this. You seem to be following some outdated tutorial.
Old hardware running email gateways needed to be retired and replaced. I was to keep the same functionality as was on the servers when I arrived on this job. So, between not having prior knowledge about or experience with any of the software (postfix, etc.), and being told to minimize the performance changes to the systems I thought the safest path was to just copy the master.cf and the main.cf. I ran into the problem that I also had to replace created here "glue scripts" with MailScanner. That forced me to make some changes, some which I obviously did not fully understand. So, I appreciate the corrections. > > reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4 > Yikes. That DNSBL doesn't have a very solid reputation. I know. I know. I know. And I understand why. I am a member of a team in which I am the junior member and the senior members all have an attachment to five-ten because it stops so much spam. I do have to deal with the over aggressive effects on a weekly basics. I loose on this point. > Also, DISCARD is a strange choice. Why not REJECT? I am told there is a logging difference and a program written here is looking at log files for those events. I will revisit this point. >> I currently have these lines in main.cf: >> >> check_client_access=hash:/etc/postfix/access > Irrelevant, ignored. > This is an example of why the list welcome message asks for "postconf -n" and > not lines from main.cf. root:/var/log# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = yes biff = no bounce_size_limit = 1 config_directory = /etc/postfix default_process_limit = 400 header_checks = regexp:/etc/postfix/header_checks inet_interfaces = all mailbox_size_limit = 0 masquerade_domains = $mydomain, cnm.edu, nmvc.org, nmvirtualcollege.org max_use = 100 message_size_limit = 16777216 mydestination = $myhostname, $mydomain, localhost.localdomain, cnm.edu, mail.cnm.edu, mg01.cnm.edu, mg02.cnm.edu, mg03.cnm.edu, mg04.cnm.edu, mg05.cnm.edu, nmvc.org, mail.nmvc.org, mg01.nmvc.org, mg02.nmvc.org, mg03.nmvc.org, mg04.nmvc.org, mg05.nmvc.org, nmvirtualcollege.org, mail.nmvirtualcollege.org, mg01.nmvirtualcollege.org, mg02.nmvirtualcollege.org, mg03.nmvirtualcollege.org, mg04.nmvirtualcollege.org, mg05.nmvirtualcollege.org, nmln.net, ideal-nm.org, ideal-nm.net, idealnm.org, idealnm.net myhostname = mg05.cnm.edu mynetworks = 198.133.182.0/24, 198.133.181.0/24, 198.133.180.0/24, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname notify_classes = resource,software readme_directory = no recipient_delimiter = + relay_domains = $mydestination relayhost = smtp_host_lookup = dns, native smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = cnm.edu smtpd_client_restrictions = permit_mynetworks hash:/etc/postfix/whitelist reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.njabl.org reject_rbl_client blackholes.five-ten-sg.com=127.0.0.4 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.5 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.6 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.7 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.8 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.9 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.10 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.11 reject_rbl_client blackholes.five-ten-sg.com=127.0.0.13 permit smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/overquota reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unlisted_recipient permit_mynetworks reject_unauth_destination reject_unauth_pipeliningreject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_rbl_client zen.spamhaus.org smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/greylist check_sender_access hash:/etc/postfix/sender_access permit_mynetworks reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtualaliases root:/var/log# > BTW the use of MailScanner with Postfix is not recommended and will not be > supported on this list. It uses direct access to the Postfix queue, an > undocumented and unsupported interface. There are other content filter > choices which do it properly; my recommendation is amavisd-new. My understanding is that "uses direct access to the Postfix queue" is an old issue that is no longer the case. In any event, I do not select what we use. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106