Postfix plni frontu a nic
Zahoransky Jan Ing.
zahoranskyj na pp.slposta.sk
Pátek Květen 14 13:27:30 CEST 2004
Tu su conf subory
amavisd.conf
$MYHOME = '/var/amavisd'; # (default is '/var/amavis')
$mydomain = 'pokusna.sk'; # (no useful default)
$myhostname = 'zahoranskyj.pokusna.sk'; # fqdn of this host, default by
uname(3)
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis)
$daemon_group = 'amavis';
$TEMPBASE = $MYHOME;
$ENV{TMPDIR} = $TEMPBASE;
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = 'smtp:127.0.0.1:10025';
$max_servers = 2;
$max_requests = 10;
$child_timeout=5*60;
@local_domains_acl = ( ".$mydomain" );
$relayhost_is_client = 0;
$unix_socketname = "$MYHOME/amavisd.sock";
#$unix_socketname = undef;
$inet_socket_port = 10024; # accept SMTP on this local TCP port
@inet_acl = qw( 127/8 10.133.0/24 192.168.1/24 );
$DO_SYSLOG = 1; # (defaults to false)
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log)
$log_level = 5; # (defaults to 0)
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type
(%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_BOUNCE; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "virusalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$mailfrom_to_quarantine = ''; # override sender address with null return
path
$QUARANTINEDIR = '/var/virusmails';
$virus_quarantine_to = 'virus-quarantine'; # traditional local
quarantine
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned
alone
$remove_existing_spam_headers = 1; # remove existing spam headers if
$keep_decoded_original_re = new_RE(
# qr'^MAIL$', # retain full original message for virus checking (can be
slow)
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',
);
$banned_filename_re = new_RE(
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
$sql_select_white_black_list = undef; # undef disables SQL
white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$localpart_is_case_sensitive = 0; # (default is false)
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be
specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be
specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid
vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which
supports
# the options needed; the rest of us use cpio
@av_scanners = (
# ### http://www.clamav.net/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/usr/local/bin/clamdscan"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN
{}\n","$MYHOME/clamd"],
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
master.conf
#
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
==========================================================================
smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
-o content_filter=
-o receive_override_options=
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
tlsmgr fifo - - y 300 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
#maildrop unix - n n - - pipe
# flags=DRhu user=nobody argv=/usr/bin/maildrop -d ${recipient}
#cyrus-deliver unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
#cyrus unix - n n - - lmtp
# -o lmtp_cache_connection=yes
#cyrus-chroot unix - - y - - lmtp
# -o lmtp_cache_connection=yes
#cyrus-inet unix - - y - - lmtp
# -o lmtp_cache_connection=yes
# -o lmtp_sasl_auth_enable=yes
# -o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass
# -o lmtp_sasl_security_options=noanonymous
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=/usr/bin/uux -r -n -z -a$sender -
$nexthop!rmail ($recipient)
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,10.133.0.0/24,192.168.1.0/24
-o mynetworks_style=host
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_client_connection_limit_exceptions=127.0.0.0/8
lmtp-filter unix - - y - - lmtp
-o lmtp_data_done_timeout=1200
-o disable_dns_lookups=yes
smtp-filter unix - - y - - smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
##### END OF CONTENT FILTER CUSTOMIZATIONS #####
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
# -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
# -o smtpd_error_sleep_time=0
# -o smtpd_soft_error_limit=1001
# -o smtpd_hard_error_limit=1000
main.cf
readme_directory = /usr/share/doc/postfix-2.1.0/README_FILES
sample_directory = /usr/share/doc/postfix-2.1.0/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
default_privs = nobody
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
relay_domains = $mydestination
mynetworks = 10.133.0.0/24, 127.0.0.0/8, 192.168.1.0/24
mynetworks_style = host
delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandrake
Linux)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
recipient_delimiter = +
owner_request_special = no
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
home_mailbox = Mailbox
#home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a @DOMAIN -d $LOGNAME
relay_domains = $mydestination
disable_vrfy_command = yes
smtpd_recipient_limit = 1000
smtpd_timeout = 300
smtpd_error_sleep_time = 3
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 100
content_filter = smtp-amavis:[127.0.0.1]:100024
Další informace o konferenci Linux