config check - submission only system

Wed, 31 Dec 2014 07:48:05 -0800 

I have a working solution for a submission-only system I’m setting up.  It 
seems to be doing what I need.

There will be no local delivery.  Even the cronjobs on this system will be sent 
elsewhere.

The configuration is shown below. I’ve disabled several services; I think they 
won’t be required.

Suggestions and comments welcomed.


# postconf -n
alias_maps = hash:/etc/mail/aliases
config_directory = /usr/local/etc/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
header_checks = pcre:/usr/local/etc/postfix/obscure_smtp_auth
inet_protocols = ipv4
message_size_limit = 32768000
mynetworks =
smtp_tls_CAfile = /usr/local/etc/ssl/root.startssl.com.pem
smtp_tls_cert_file = /usr/local/etc/ssl/clavin.langille.org.pem
smtp_tls_key_file = /usr/local/etc/ssl/clavin.langille.org.nopassword.key
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sender_login_maps = hash:/usr/local/etc/postfix/virtual
smtpd_tls_CAfile = /usr/local/etc/ssl/root.startssl.com.pem
smtpd_tls_cert_file = /usr/local/etc/ssl/clavin.langille.org.pem
smtpd_tls_key_file = /usr/local/etc/ssl/clavin.langille.org.nopassword.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache


# postconf  postconf -Mf
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
submission inet  n       -       n       -       -       smtpd
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o 
smtpd_recipient_restrictions=reject_sender_login_mismatch,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
    -o 
smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain,permit_sasl_authenticated,reject
    -o syslog_name=postfix/submission

— 
Dan Langille
http://langille.org/

Reply via email to