Hi,
Sorry for my english, I'm french.
I have some doubts about my Postfix configuration.
I have a private mail server, at my home, allowing me to have my
personal e-mails ( @my_domain.fr )
My architecture is the following one (on Raspberry Pi with Raspbian):
- 1 mail server with Postfix, Dovecot, Amavis, Spamassassin, ClamAV
- 3 others severs, not mail servers
I can send and receive e-mails, from inside and outside without any
problem.
I use a SMTP relay (my provider SMTP).
I have a domain and the MX record is OK.
But I'm not sure about my Postfix configuration.
Here it is:
* main.cf:
_SMTPD_BANNER = $MYHOSTNAME ESMTP $MAIL_NAME (RASPBIAN)_
_BIFF = NO_
_APPEND_DOT_MYDOMAIN = NO_
_#DELAY_WARNING_TIME = 4H_
_README_DIRECTORY = NO_
_# TLS PARAMETERS_
_SMTPD_TLS_CERT_FILE=/DIRECTORY_OF_SSL_FILES/FULLCHAIN.PEM_
_SMTPD_TLS_KEY_FILE=/DIRECTORY_OF_SSL_FILES/PRIVKEY.PEM_
_SMTPD_TLS_CAFILE=/DIRECTORY_OF_SSL_FILES/CHAIN.PEM_
_SMTPD_USE_TLS=YES_
_SMTPD_TLS_SESSION_CACHE_DATABASE =
BTREE:${DATA_DIRECTORY}/SMTPD_SCACHE_
_SMTPD_TLS_SECURITY_LEVEL = MAY_
_SMTP_TLS_CERT_FILE=/DIRECTORY_OF_SSL_FILES/FULLCHAIN.PEM_
_SMTP_TLS_KEY_FILE=/DIRECTORY_OF_SSL_FILES/PRIVKEY.PEM_
_SMTP_TLS_CAFILE=/DIRECTORY_OF_SSL_FILES/CHAIN.PEM_
_SMTP_USE_TLS=YES_
_SMTP_TLS_SESSION_CACHE_DATABASE = BTREE:${DATA_DIRECTORY}/SMTP_SCACHE_
_SMTPD_RELAY_RESTRICTIONS = PERMIT_MYNETWORKS,
PERMIT_SASL_AUTHENTICATED, DEFER_UNAUTH_DESTINATION_
_#MYHOSTNAME = MY_HOSTNAME_
_ALIAS_MAPS = HASH:/ETC/ALIASES_
_ALIAS_DATABASE = HASH:/ETC/ALIASES_
_MYORIGIN = MY_DOMAIN.FR_
_MYDESTINATION = MY_SERVER1, MY_SERVER2, MY_SERVER3_
_RELAYHOST = [IP_RELAY_HOST]:25_
_MYNETWORKS = 127.0.0.0/8 192.168.1.0/24_
_MAILBOX_SIZE_LIMIT = 10240000_
_RECIPIENT_DELIMITER = +_
_INET_INTERFACES = ALL_
_INET_PROTOCOLS = IPV4_
_VIRTUAL_MAILBOX_DOMAINS =
MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-MAILBOX-DOMAINS.CF_
_VIRTUAL_MAILBOX_MAPS =
MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-MAILBOX-MAPS.CF_
_VIRTUAL_ALIAS_MAPS = MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-ALIAS-MAPS.CF_
_# SASL_
_SMTPD_SASL_TYPE = DOVECOT_
_SMTPD_SASL_PATH = PRIVATE/AUTH_
_SMTP_SASL_AUTH_ENABLE = YES_
_SMTP_SASL_SECURITY_OPTIONS = NOANONYMOUS_
_SMTP_SASL_PASSWORD_MAPS = HASH:/ETC/POSTFIX/SASL/SASL_PASSWD_
_SMTPD_RECIPIENT_RESTRICTIONS = PERMIT_SASL_AUTHENTICATED,
PERMIT_MYNETWORKS, REJECT_UNAUTH_DESTINATION_
_VIRTUAL_TRANSPORT = DOVECOT_
_DOVECOT_DESTINATION_RECIPIENT_LIMIT = 1_
_CONTENT_FILTER = SMTP-AMAVIS:[127.0.0.1]:10024_
_#SENDER_CANONICAL_MAPS = HASH:/ETC/POSTFIX/CANONICAL_
_# TAILLE DES PIÈCES JOINTES_
_MESSAGE_SIZE_LIMIT = 20480000_
_COMPATIBILITY_LEVEL = 2_
* master.cf:
_#_
_# POSTFIX MASTER PROCESS CONFIGURATION FILE. FOR DETAILS ON THE
FORMAT_
_# OF THE FILE, SEE THE MASTER(5) MANUAL PAGE (COMMAND: "MAN 5 MASTER"
OR_
_# ON-LINE: HTTP://WWW.POSTFIX.ORG/MASTER.5.HTML)._
_#_
_# DO NOT FORGET TO EXECUTE "POSTFIX RELOAD" AFTER EDITING THIS FILE._
_#_
_#
==========================================================================_
_# SERVICE TYPE PRIVATE UNPRIV CHROOT WAKEUP MAXPROC COMMAND + ARGS_
_# (YES) (YES) (YES) (NEVER) (100)_
_#
==========================================================================_
_#SMTP INET N - - - 1 POSTSCREEN_
_#SMTPD PASS - - - - - SMTPD_
_#DNSBLOG UNIX - - - - 0 DNSBLOG_
_#TLSPROXY UNIX - - - - 0 TLSPROXY_
_SMTP INET N - Y - - SMTPD_
_# -O SYSLOG_NAME=POSTFIX/SUBMISSION_
_# -O SMTPD_REJECT_UNLISTED_RECIPIENT=NO_
_# -O SMTPD_CLIENT_RESTRICTIONS=$MUA_CLIENT_RESTRICTIONS_
_# -O SMTPD_HELO_RESTRICTIONS=$MUA_HELO_RESTRICTIONS_
_# -O SMTPD_SENDER_RESTRICTIONS=$MUA_SENDER_RESTRICTIONS_
_# -O SMTPD_RECIPIENT_RESTRICTIONS=_
_# -O SMTPD_RELAY_RESTRICTIONS=PERMIT_SASL_AUTHENTICATED,REJECT_
_SUBMISSION INET N - Y - - SMTPD_
_ -O SMTPD_TLS_SECURITY_LEVEL=MAY_
_ -O SMTPD_SASL_AUTH_ENABLE=YES_
_ -O MILTER_MACRO_DAEMON_NAME=ORIGINATING_
_# -O SYSLOG_NAME=POSTFIX/SMTPS_
_# -O SMTPD_TLS_WRAPPERMODE=YES_
_# -O SMTPD_REJECT_UNLISTED_RECIPIENT=NO_
_# -O SMTPD_HELO_RESTRICTIONS=$MUA_HELO_RESTRICTIONS_
_# -O SMTPD_RELAY_RESTRICTIONS=PERMIT_SASL_AUTHENTICATED,REJECT_
_# -O MILTER_MACRO_DAEMON_NAME=ORIGINATING_
_SMTPS INET N - Y - - SMTPD_
_ -O SMTPD_SASL_AUTH_ENABLE=YES_
_ -O SMTPD_TLS_SECURITY_LEVEL=ENCRYPT_
_ -O SMTPD_SASL_AUTH_ENABLE=YES_
_ -O SMTPD_SASL_TYPE=DOVECOT_
_ -O SMTPD_SASL_PATH=PRIVATE/AUTH_
_ -O SMTPD_SASL_SECURITY_OPTIONS=NOANONYMOUS_
_ -O SMTPD_SASL_LOCAL_DOMAIN=$MYHOSTNAME_
_ -O SMTPD_CLIENT_RESTRICTIONS=PERMIT_SASL_AUTHENTICATED,REJECT_
_ -O SMTPD_SENDER_RESTRICTIONS=REJECT_SENDER_LOGIN_MISMATCH_
_ -O
SMTPD_RECIPIENT_RESTRICTIONS=REJECT_NON_FQDN_RECIPIENT,REJECT_UNKNOWN_RECIPIENT_DOMAIN,PERMIT_SASL_AUTHENTICATED,REJECT_
_SMTP-AMAVIS UNIX - - Y - 2 SMTP_
_ -O SMTP_DATA_DONE_TIMEOUT=1200_
_ -O DISABLE_DNS_LOOKUPS=YES_
_127.0.0.1:10025 INET N - Y -
- SMTPD_
_ -O CONTENT_FILTER=_
_ -O LOCAL_RECIPIENT_MAPS=_
_ -O RELAY_RECIPIENT_MAPS=_
_ -O SMTPD_RESTRICTION_CLASSES=_
_ -O SMTPD_CLIENT_RESTRICTIONS=_
_ -O SMTPD_HELO_RESTRICTIONS=_
_ -O SMTPD_SENDER_RESTRICTIONS=_
_ -O SMTPD_RECIPIENT_RESTRICTIONS=PERMIT_MYNETWORKS,REJECT_
_ -O MYNETWORKS=127.0.0.0/8_
_ -O STRICT_RFC821_ENVELOPES=YES_
_#628 INET N - - - - QMQPD_
_PICKUP UNIX N - Y 60 1 PICKUP_
_CLEANUP UNIX N - Y - 0 CLEANUP_
_QMGR UNIX N - N 300 1 QMGR_
_#QMGR UNIX N - N 300 1 OQMGR_
_TLSMGR UNIX - - Y 1000? 1 TLSMGR_
_REWRITE UNIX - - Y - -
TRIVIAL-REWRITE_
_BOUNCE UNIX - - Y - 0 BOUNCE_
_DEFER UNIX - - Y - 0 BOUNCE_
_TRACE UNIX - - Y - 0 BOUNCE_
_VERIFY UNIX - - Y - 1 VERIFY_
_FLUSH UNIX N - Y 1000? 0 FLUSH_
_PROXYMAP UNIX - - N - - PROXYMAP_
_PROXYWRITE UNIX - - N - 1 PROXYMAP_
_SMTP UNIX - - Y - - SMTP_
_# -O SMTP_HELO_TIMEOUT=5 -O SMTP_CONNECT_TIMEOUT=5_
_RELAY UNIX - - Y - - SMTP_
_SHOWQ UNIX N - Y - - SHOWQ_
_ERROR UNIX - - Y - - ERROR_
_RETRY UNIX - - Y - - ERROR_
_DISCARD UNIX - - Y - - DISCARD_
_LOCAL UNIX - N N - - LOCAL_
_VIRTUAL UNIX - N N - - VIRTUAL_
_LMTP UNIX - - Y - - LMTP_
_ANVIL UNIX - - Y - 1 ANVIL_
_#_
_# ====================================================================_
_# INTERFACES TO NON-POSTFIX SOFTWARE. BE SURE TO EXAMINE THE MANUAL_
_# PAGES OF THE NON-POSTFIX SOFTWARE TO FIND OUT WHAT OPTIONS IT WANTS._
_#_
_# MANY OF THE FOLLOWING SERVICES USE THE POSTFIX PIPE(8) DELIVERY_
_# AGENT. SEE THE PIPE(8) MAN PAGE FOR INFORMATION ABOUT ${RECIPIENT}_
_# AND OTHER MESSAGE ENVELOPE OPTIONS._
_# ====================================================================_
_#_
_# MAILDROP. SEE THE POSTFIX MAILDROP_README FILE FOR DETAILS._
_# ALSO SPECIFY IN MAIN.CF: MAILDROP_DESTINATION_RECIPIENT_LIMIT=1_
_#_
_SCACHE UNIX - - Y - 1 SCACHE_
_MAILDROP UNIX - N N - - PIPE_
_ FLAGS=DRHU USER=VMAIL ARGV=/USR/BIN/MAILDROP -D ${RECIPIENT}_
_#_
_# ====================================================================_
_#_
_# RECENT CYRUS VERSIONS CAN USE THE EXISTING "LMTP" MASTER.CF ENTRY._
_#_
_# SPECIFY IN CYRUS.CONF:_
_# LMTP CMD="LMTPD -A" LISTEN="LOCALHOST:LMTP" PROTO=TCP4_
_#_
_# SPECIFY IN MAIN.CF ONE OR MORE OF THE FOLLOWING:_
_# MAILBOX_TRANSPORT = LMTP:INET:LOCALHOST_
_# VIRTUAL_TRANSPORT = LMTP:INET:LOCALHOST_
_#_
_# ====================================================================_
_#_
_# CYRUS 2.1.5 (AMOS GOUAUX)_
_# ALSO SPECIFY IN MAIN.CF: CYRUS_DESTINATION_RECIPIENT_LIMIT=1_
_#_
_#CYRUS UNIX - N N - - PIPE_
_# USER=CYRUS ARGV=/CYRUS/BIN/DELIVER -E -R ${SENDER} -M ${EXTENSION}
${USER}_
_#_
_# ====================================================================_
_# OLD EXAMPLE OF DELIVERY VIA CYRUS._
_#_
_#OLD-CYRUS UNIX - N N - - PIPE_
_# FLAGS=R USER=CYRUS ARGV=/CYRUS/BIN/DELIVER -E -M ${EXTENSION}
${USER}_
_#_
_# ====================================================================_
_#_
_# SEE THE POSTFIX UUCP_README FILE FOR CONFIGURATION DETAILS._
_#_
_UUCP UNIX - N N - - PIPE_
_ FLAGS=FQHU USER=UUCP ARGV=UUX -R -N -Z -A$SENDER - $NEXTHOP!RMAIL
($RECIPIENT)_
_#_
_# OTHER EXTERNAL DELIVERY METHODS._
_#_
_IFMAIL UNIX - N N - - PIPE_
_ FLAGS=F USER=FTN ARGV=/USR/LIB/IFMAIL/IFMAIL -R $NEXTHOP
($RECIPIENT)_
_BSMTP UNIX - N N - - PIPE_
_ FLAGS=FQ. USER=BSMTP ARGV=/USR/LIB/BSMTP/BSMTP -T$NEXTHOP -F$SENDER
$RECIPIENT_
_SCALEMAIL-BACKEND UNIX - N N - 2 PIPE_
_ FLAGS=R USER=SCALEMAIL ARGV=/USR/LIB/SCALEMAIL/BIN/SCALEMAIL-STORE
${NEXTHOP} ${USER} ${EXTENSION}_
_MAILMAN UNIX - N N - - PIPE_
_ FLAGS=FR USER=LIST ARGV=/USR/LIB/MAILMAN/BIN/POSTFIX-TO-MAILMAN.PY_
_ ${NEXTHOP} ${USER}_
_DOVECOT UNIX - N N - - PIPE_
_ FLAGS=DRHU USER=VMAIL:VMAIL ARGV=/USR/LIB/DOVECOT/DOVECOT-LDA -F
${SENDER} -D ${RECIPIENT}_
Is there OK or did I forget/badly parametrize something ?
Thank's.
