Posts Tagged postfix
Posted by mike Filed Under Compile Postfix with Comments Off
Building Postfix from source can be a rewarding experience with great results. This tutorial will show you how to do a basic build and then following tutorials will show you how to build in additional features.
Download Source Code From Here:
http://www.postfix.org/download.html
When you download the source and unpack it you will find a README_FILES directory that contains instructions for the aspects of compiling Postfix. This is very valuable information that you must read. All of the Postfix source files have their own manual page.
AAAREADME NFS_README
ADDRESS_CLASS_README OVERVIEW
ADDRESS_REWRITING_README PACKAGE_README
ADDRESS_VERIFICATION_README PCRE_README
BACKSCATTER_README PGSQL_README
BASIC_CONFIGURATION_README QMQP_README
BUILTIN_FILTER_README QSHAPE_README
CDB_README RELEASE_NOTES
CONNECTION_CACHE_README RESTRICTION_CLASS_README
CONTENT_INSPECTION_README SASL_README
CYRUS_README SCHEDULER_README
DATABASE_README SMTPD_ACCESS_README
DB_README SMTPD_POLICY_README
DEBUG_README SMTPD_PROXY_README
DSN_README SOHO_README
ETRN_README STANDARD_CONFIGURATION_README
FILTER_README STRESS_README
INSTALL TLS_LEGACY_README
IPV6_README TLS_README
LDAP_README TUNING_README
LINUX_README ULTRIX_README
LOCAL_RECIPIENT_README UUCP_README
MAILDROP_README VERP_README
MILTER_README VIRTUAL_README
MULTI_INSTANCE_README XCLIENT_README
MYSQL_README XFORWARD_README
Compile a Basic Postfix
CentOS
Once you have downloaded the source code, move it into the /usr/src directory, other options are available.
mv postfix-2.6.5.tar.gz /usr/lsrc/
Untar the file which will create a directory.
tar zxvf postfix-2.6.5.tar.gz
Move into the new postfix directory.
cd postfix-2.6.5
Install the prerequisites
CentOS
yum install db*-devel
Postfix is built in C so you will be compiling C code. Usually the options that you want to create for a project are contained in a Makefile. The make utility creates this Makefile which is used to determine dependencies, any requirements needed or changes you want to create like adding programs or locations of files. The compiler then takes this information and creates object files and links them together into executables.
However, since Postfix creates its own Makefile, you do not need to edit it at all. In fact, the problem with editing the Makefile for Postfix is that your edits will get written over. So, the way to make changes is to use the CCARGS.
Tools You will need
gcc
make
CentOS
yum install gcc make
When you start the dependencies will be located and installed for you.
Installing:
gcc i386 4.1.2-44.el5 base 5.2 M
Updating:
glibc i686 2.5-34.el5_3.1 updates 5.2 M
glibc-common i386 2.5-34.el5_3.1 updates 16 M
nscd i386 2.5-34.el5_3.1 updates 159 k
Installing for dependencies:
cpp i386 4.1.2-44.el5 base 2.7 M
glibc-devel i386 2.5-34.el5_3.1 updates 2.0 M
glibc-headers i386 2.5-34.el5_3.1 updates 598 k
kernel-headers i386 2.6.18-164.el5 updates 993 k
libgomp i386 4.3.2-7.el5 base 67 k
Since Postfix does not use GNU autotools and so does not have the configure script that you may be used to. Postfix will actually do this work for you by creating it’s own Makefile. Run make as a normal user.
make
Once the compile is complete you will need to create the user and groups for Postfix.
groupadd postfix
groupadd postdrop
The user postfix needs to have an account that cannot log in and be a part of the postfix group that was created.
CentOS
useradd postfix -c postfix -d /tmp -s /bin/false
postfix:x:500:500:postfix:/tmp:/bin/false
Now run the final command which will allow you to choose directories and locations that you want to use with your installation. Read each option closely so that when you run the command you have an idea on what you want to change, if anything. You can take the default settings by choosing ENTER. Note you will need to run this as root so you have permissions to write to these directories.
make install
Please specify the prefix for installed file names. Specify this ONLY if you are building ready-to-install packages for distribution to other machines.
install_root: [/]
Please specify a directory for scratch files while installing Postfix. You must have write permission in this directory.
tempdir: [/usr/local/src/postfix-2.5.5]
Please specify the final destination directory for installed Postfix configuration files.
config_directory: [/etc/postfix]
Please specify the final destination directory for installed Postfix administrative commands. This directory should be in the command search path of administrative users.
command_directory: [/usr/sbin]
Please specify the final destination directory for installed Postfix daemon programs. This directory should not be in the command search path of any users.
daemon_directory: [/usr/libexec/postfix]
Please specify the final destination directory for Postfix-writable data files such as caches or random numbers. This directory should not be shared with non-Postfix software.
data_directory: [/var/lib/postfix]
Please specify the destination directory for the Postfix HTML files. Specify “no” if you do not want to install these files.
html_directory: [no]
Please specify the owner of the Postfix queue. Specify an account with numerical user ID and group ID values that are not used by any other accounts on the system.
mail_owner: [postfix]
Please specify the final destination pathname for the installed Postfix mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]
Please specify the destination directory for the Postfix on-line manual pages. You can no longer specify “no” here.
manpage_directory: [/usr/local/man]
Please specify the final destination pathname for the installed Postfix newaliases command. This is the Sendmail-compatible command to build alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]
Please specify the destination directory for the Postfix README files. Specify “no” if you do not want to install these files.
readme_directory: [no]
Please specify the final destination pathname for the installed Postfix sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]
Please specify the group for mail submission and for queue management commands. Specify a group name with a numerical group ID that is not shared with other accounts, not even with the Postfix mail_owner account. You can no longer specify “no” here.
setgid_group: [postdrop]
This should complete a basic setup for Postfix and you can then start postfix with:
/usr/sbin/postfix start
You should see port 25 listening when you run netstat.
netstat -aunt
Default Postfix Install
Here are the basic features compiled in the default Postfix. You can see several features missing that you may want to compile into Postfix, SASL and MySQL are two that come up often.
ldd `postconf -h daemon_directory`/smtpd
linux-gate.so.1 => (0×00601000)
libdb-4.3.so => /lib/libdb-4.3.so (0×00411000)
libnsl.so.1 => /lib/libnsl.so.1 (0x001a1000)
libresolv.so.2 => /lib/libresolv.so.2 (0x003fc000)
libc.so.6 => /lib/libc.so.6 (0x00bdc000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00d28000)
/lib/ld-linux.so.2 (0x00bb9000)
Posted by mike Filed Under Postfix Configuration with 1 Comment
Recently we asked administrators why they used Postfix Mail Server. Here are some of the responses:
“Being able to manage users and pretty much all mail aspects from a MySQL table”
“Security. Postfix is rock solid and I do not have to worry about the security of the system once it is set up correctly”
“Flexibility!”
“I’ve been running Postfix on an array of servers for the last eight years. I don’t think I’d ever switch to anything else.”
“We’ve run Postfix here at our company and couldn’t be happier”
“I am able to add whatever I want to it. Including webmail options which we use.”
“We use Postfix because it is easier to configure than Sendmail and the modular design helps us save resources.”
“We actually use Zimbra but underneath at the heart of the program is Postfix. We have the Zimbra interface to keep users happy”
“Stable … seems like all we do is keep getting mail like we are supposed to”
“Easy to set up”
Posted by mike Filed Under Spam Control with Comments Off
There will be times when you have you have your Postfix Mail Server set up and Spam is under control and all of a sudden you will see a new wave of Spam hit your site. This article will help you see how you can make some small adjustments to cut down on new waves of Spam. Here is an example of the new wave of Spam I started getting. I will take you through a few steps I used to eliminate this new wave.
Prospector specializes in delivering results for brokers, lenders as well as mortgage products and services
companies nationwide. If you need to jump-start your company’s sales or originations, we can help.
We understand the industry from the inside out and are the only B2B marketer that can GUARANTEE results
with every campaign. An industry leader for almost a decade, Prospector has the largest active network of loan
producers in the nation who are actively seeking help with their businesses.
We specialize in the following areas;
* FHA, Commercial, Hard Money, Reverse, Conventional Programs
* Loan Modification Networks and Affiliates
* MTG Training and Education
* Lead Generators
* Loan Processing and Compliance
Step #1: Check Your Logs
When you check your logs you are looking for several things. One thing that is important is to see what level this particular email was rated at by Spamassassin. You can see the Hits at 6.353. Now because my set up is using Amavisd-new, the hits and what results from those hits is listed in the /etc/amavisd.conf file. The other thing I pick up from the logs is the IP Address of the mail server that is sending the Spam.
Aug 14 12:23:48 ns amavis[30026]: (30026-11) Passed SPAMMY, [64.235.53.98] [64.235.53.98] <noreply@hyperbiz1.com> -> <person@example.com>, Message-ID: <20090814122346.F1ABF27DF53440BF@hyperbiz1.com>, mail_id: OhHzJmCU7qmf, Hits: 6.353, size: 2637, queued_as: A710E207B83, 5129 ms
Aug 14 12:23:54 ns postfix/smtpd[7279]: < unknown[64.235.53.98]: EHLO hyperbiz1.com
Aug 14 12:23:54 ns postfix/smtpd[7279]: < unknown[64.235.53.98]: MAIL FROM:<noreply@hyperbiz1.com>
Aug 14 12:23:54 ns postfix/smtpd[7279]: extract_addr: input: <noreply@hyperbiz1.
Step #2: Drop Hit Levels
Here is the amavisd.conf file hit levels and you can see that the hit level above was 6.3 and the trigger to block the email is at 6.8. Now an easy solution when you start seeing new Spam is to start slowly reducing the hit level. So what I did is reduce the 6.8 down to 6.0 and then reduce the “spam detected” level from 6.2 to 5.8. This is a small adjustment but made a big difference.
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 6.8; # triggers spam evasive actions (e.g. blocks mail)
Be sure to reload amavisd when you are done making changes. Remember, amavisd is what controls Spamassassin in this set up.
./amavisd reload
Daemon [28054] terminated by SIGTERM, waiting for dust to settle…
becoming a new daemon…
Now one question you may ask is why not write a header check or some other check for regular expressions. The answer is that the last thing you want to do is write a lot of special rules. Try to control Spam by using general princicples that will help reduce Spam because if one wave of Spam is gettign through…another is on the way from someone else.
Posted by mike Filed Under Spam Control, Uncategorized with Comments Off
Whitelists / Blacklists
You can set up whitelists and blacklists to modify the settings to make sure certain email addresses never get blocked or always get blocked.
Prevent any Spam Checking
In order to create a situation where you have no Spam checking you can use the bypass option. These options are added to amavisd.conf
@bypass_spam_checks_acl = qw( mike@example.com joe@example.com);
The spam lovers option makes sure that if you do a check the email is not tagged as spam and is not quarantined.
@spam_lovers_acl = (‘mike@example.com’, ‘joe@example.com’);
Sender Whitelist and Blacklist
This is built based on the sender address, the FROM in the SMTP connection. In amavisd if an address is both on the blacklist and on the whitelist both actions take place.
@blacklist_sender_acl = (‘jane@example.org’, ‘john@example.com’);
@whitelist_sender_acl = (‘jane@example.org’, ‘john@example.com’);
You can set up a regular expression option that looks like this.
$blacklist_sender_re = new_RE(
qr’^(money|savings|loan)@’i,
qr’^(health|workouts|diet)@’i,
qr’^(job|at_home|new-job)\d*@’i,
);
Here are the default blacklist/whitelist options in amavisd.conf. Notice that now amavisd will increase the blacklist score so it is more likely to be Spam. The score option helps reduce false positives if that is an issue. In addition, you can add a “-” to decrease the Spam score.
## site-wide opinions about senders (the ‘.’ matches any recipient)
‘.’ => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
# read_hash(“/var/amavis/sender_scores_sitewide”),
{ # a hash-type lookup table (associative array)
‘nobody@cert.org’ => -3.0,
‘cert-advisory@us-cert.gov’ => -3.0,
‘owner-alert@iss.net’ => -3.0,
‘slashdot@slashdot.org’ => -3.0,
‘securityfocus.com’ => -3.0,
‘ntbugtraq@listserv.ntbugtraq.com’ => -3.0,
‘security-alerts@linuxsecurity.com’ => -3.0,
‘mailman-announce-admin@python.org’ => -3.0,
‘amavis-user-admin@lists.sourceforge.net’=> -3.0,
‘amavis-user-bounces@lists.sourceforge.net’ => -3.0,
‘spamassassin.apache.org’ => -3.0,
‘notification-return@lists.sophos.com’ => -3.0,
‘owner-postfix-users@postfix.org’ => -3.0,
‘owner-postfix-announce@postfix.org’ => -3.0,
‘owner-sendmail-announce@lists.sendmail.org’ => -3.0,
‘sendmail-announce-request@lists.sendmail.org’ => -3.0,
‘donotreply@sendmail.org’ => -3.0,
‘ca+envelope@sendmail.org’ => -3.0,
‘noreply@freshmeat.net’ => -3.0,
‘owner-technews@postel.acm.org’ => -3.0,
‘ietf-123-owner@loki.ietf.org’ => -3.0,
‘cvs-commits-list-admin@gnome.org’ => -3.0,
‘rt-users-admin@lists.fsck.com’ => -3.0,
‘clp-request@comp.nus.edu.sg’ => -3.0,
‘surveys-errors@lists.nua.ie’ => -3.0,
‘emailnews@genomeweb.com’ => -5.0,
‘yahoo-dev-null@yahoo-inc.com’ => -3.0,
‘returns.groups.yahoo.com’ => -3.0,
‘clusternews@linuxnetworx.com’ => -3.0,
lc(‘lvs-users-admin@LinuxVirtualServer.org’) => -3.0,
lc(‘owner-textbreakingnews@CNNIMAIL12.CNN.COM’) => -5.0,
# soft-blacklisting (positive score)
‘sender@example.net’ => 3.0,
‘.example.net’ => 1.0,
},
], # end of site-wide tables
});
You certainly can modify the default lists that are in amavisd.conf.
Posted by mike Filed Under Postfix Configuration with Comments Off
One of the newest features of Ubuntu 9.04 is the Postfix Mail Server/Dovecot enhancements to make it easier to set up a mail server. This article is a review of those improvements and a tutorial on how to fix several problems that were experienced.
Before you jump to any conclusions about the new features it is important to understand the goal of both Ubuntu and the Ubuntu-server team, at least as I understand it. The mail server is one of the most difficult to set up and manage correctly. Sure Postfix is easier than some but there are a lot of issues you must deal with like; security, configuring anti_virus, spam reduction, integrating Dovecot, Spamassassin, amavisd-new, Postfix, squirrelmail, etc. It is the integration that presents so many issues. That said, the goal seems to be to move in the direction of a one click install to make this all happen.
Here is the claim on the enhanced mail stack:
“In Ubuntu-server team we’ve decided that this should be much easier and, based on experience of our members, created integrated mail stack with safe default setup. This setup won’t solve all mail configuration problems (we don’t setup any antispam and antivirus countermeasures), but it will enable your startup to get working e-mail server out of the box.
So, what’s included? Mail server stack is based on dovecot for IMAP/POP3 protocols and postfix for SMTP. Feature list:
- POP3, IMAP, POP3S, IMAPS
- SMTP, SMTP/TLS
- Maildir storage for e-mails
- SASL authentication (SMTP-AUTH)
- dovecot MDA (mail delivery agent)
- support for sieve scripting
- managesieve protocol for managing sieve scripts on *server* from your *client*, like thunderbird or kmail
- IMAP & POP3 workarounds for buggy clients”
- See the whole blog article: HERE
It is an interesting idea to create a one click install, however if you are looking at easy mail installs take a look at Citadel which is easier and has more features or Zimbra which has everything done…the one click install all complete with 10 times the features. The problem with the Ubuntu install is twofold. First, since there is no documentation, you are left with a lot of questions about what was done and what needs yet to be done with the install. Now as you will see below I have listed for you the changes to dovecot-postfix.conf and main.cf of Postfix. That is a good place to see what changes were done.
Here is a look at the install procedure:
sudo apt-get install dovecot-postfix
The following extra packages will be installed:
dovecot-common dovecot-imapd dovecot-pop3d
The following NEW packages will be installed:
dovecot-common dovecot-imapd dovecot-pop3d dovecot-postfix
Creating config file /etc/dovecot/dovecot-sql.conf with new version
adduser: Warning: The home directory `/usr/lib/dovecot’ does not belong to the user you are currently creating.
You already have ssl certs for dovecot.
Creating config file /etc/dovecot/dovecot-postfix.conf with new version
* Restarting IMAP/POP3 mail server dovecot Error: ssl_cert_file: Can’t use /etc/ssl/certs/ssl-mail.pem: No such file or directory
In fact the file does exist and once I restarted it was OK.
Fatal: Invalid configuration in /etc/dovecot/dovecot-postfix.conf
[fail]
This failure was also fixed with a restart of Dovecot.
Dovecot Not Start Correctly
After install a check with netstat showed that Postfix was running but Dovecot was not. So I started Dovecot manually with:
/etc/init.d/dovecot start
Now a review of netstat shows it is all running.
# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
Here are the config options set by default for Dovecot. This is found in the /etc/dovecot/dovecot-postfix.conf file and is part of what has been set up by the Ubuntu team. Note that if you do not want all options listed for imap,pop3, imaps,pop3s and managesieve just remove them and restart Dovecot and Postfix.
protocols = imap pop3 imaps pop3s managesieve
disable_plaintext_auth = yes
log_timestamp = “%Y-%m-%d %H:%M:%S ”
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/ssl-mail.pem
ssl_key_file = /etc/ssl/private/ssl-mail.ke
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
mail_location = maildir:~/Maildir
mail_privileged_group = mail
protocol imap {
mail_max_userip_connections = 10
login_greeting_capability = yes
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
mail_max_userip_connections = 3
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol managesieve {
sieve=~/.dovecot.sieve
sieve_storage=~/sieve
}
protocol lda {
postmaster_address = postmaster
mail_plugins = cmusieve
quota_full_tempfail = yes
deliver_log_format = msgid=%m: %$
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client { path = /var/spool/postfix/private/dovecot-auth
path = /var/spool/postfix/private/dovecot-auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
Postfix Configuration
These are settings hat the Ubuntu team has configured to help with setting up the mail server. The major time savers is the TLS setup so you can have encrypted connections. If TLS is what you want to use be sure to turn off imap and pop3 so you are forced to use the secure connections.
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = ub904
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = ub904, localhost.localdomain, , localhost
relayhost =
mynetwork = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m “${EXTENSION}”
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
Summary;
If you have set up Postfix with Dovecot and TLS in the past you will certainly appreciate the work done by the Ubuntu team. This will save you a lot of time making those decisions. On the other hand there is a lot left to do and if you are new to mail servers ….you will be lost initially trying to find the holes. Several things you will need to fix:
1. Send mail to another user instead of root – See Here
2. Check your Relays - See Here
3. Review how the TLS and Dovecot work – See Here
4. Verify your identity settings – See Here
5. Check your Postfix install – See Here
5. Set Up Spamassassin – See Here
6. Set Up Anti-Virus – See Here
Options
7. Multiple Domains – See Here
8. Set Up filters - See Here
9. Send yourself mail stats - See Here
There is certainly a lot left to do but you have a start and it will save you time.
Posted by mike Filed Under Postfix Configuration with 2 Comments
Deferred queue
If Postfix cannot deliver a message to a recipient it is placed in the deferred queue. The queue manager will scan the deferred queue to see it if can place mail back into the active queue. How often this scan occurs is determined by the queue_run_delay. Postfix will scan the incoming queue at the same time as the deferred queue just to make sure that one does not take all the resources and so each can continue to move messages.
The queue_run_delay is by default 300s or 300 seconds. Each time the deferred queue is scanned it will only reinject a portion of the messages.
If you have a very busy mail server you may see a large deferred queue. The first instinct is to flush the queue but that actually may be counter productive. The only reason you would flush the deferred queue is if you think that the messages now have a good chance of delivery. If they still do not have a good chance of delivery it will only slow down an already busy server.
The real question is, What is causing messages to be deferred? One of the major reasons that messages are deferred is that your server is going to place mail to “unknown recipients” into the deferred queue if they do not have a legitimate user to go to.
Here is the process to view and analyze why mail is deferred. The fist warning is that you see deferred mail in your messages logs. In the example there are 2 listed.
Postfix log summaries for Feb 17
Grand Totals
————
messages
101 received
106 delivered
0 forwarded
2 deferred (35 deferrals)
0 bounced
104 rejected (49%)
0 reject warnings
0 held
0 discarded (0%)
1263k bytes received
1331k bytes delivered
32 senders
23 sending hosts/domains
17 recipients
11 recipient hosts/domains
Once you know that mail is in the deferred queue you need to locate the message Ids so you can read the mail in the queue. Use the command postqueue to view mail Ids.
postqueue -p
-Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
9DF7520804A 3726 Mon Feb 16 03:06:41 MAILER-DAEMON
(connect to hydra.udag.de[89.31.140.33]: Connection timed out)
www-data@hydra.udag.de
CC1D4208048 3786 Mon Feb 16 02:39:50 MAILER-DAEMON
(connect to bootes.caixa.gov.br[200.201.166.138]: Connection timed out)
servicos@caixa.gov.br
– 8 Kbytes in 2 Requests.
Once you have the message ID you can use postcat to open the message in the queue. The first line shows that it is one of the deferred messages. As you view the contents of the email you can see the reason it is deferred, in this example someone is trying to send mail as if it is from the real user, thus this is SPAM and has been detected.
postcat -q 9DF7520804A
*** ENVELOPE RECORDS deferred/9/9DF7520804A ***
message_size: 3726 589 1 0
message_arrival_time: Mon Feb 16 03:06:41 2009
create_time: Mon Feb 16 03:06:41 2009
named_attribute: rewrite_context=local
named_attribute: envelope_id=AM..20090216T110641Z@ns.example.org
sender:
named_attribute: log_client_name=ns.example.org
named_attribute: log_client_address=127.0.0.1
named_attribute: log_message_origin=ns.example.org[127.0.0.1]
named_attribute: log_helo_name=localhost
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=ns.example.org
named_attribute: reverse_client_name=ns.example.org
named_attribute: client_address=127.0.0.1
named_attribute: helo_name=localhost
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;www-data@hydra.udag.de
original_recipient: www-data@hydra.udag.de
recipient: www-data@hydra.udag.de
*** MESSAGE CONTENTS deferred/9/9DF7520804A ***
Received: from localhost (ns.example.org [127.0.0.1])
by ns.example.org (Postfix) with ESMTP id 9DF7520804A
for <www-data@hydra.udag.de>; Mon, 16 Feb 2009 03:06:41 -0800 (PST)
Content-Type: multipart/report; report-type=delivery-status;
boundary=”———-=_1234782401-3999-0″
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
In-Reply-To: <9d798f4d2f18e5879bdfe20b2504d376@www.team-koeln.de>
Message-ID: <SSlkPbEmzalURU@ns.example.org>
From: “Content-filter at ns.example.org” <postmaster@example.org>
To: <www-data@hydra.udag.de>
Date: Mon, 16 Feb 2009 03:06:34 -0800 (PST)
This is a multi-part message in MIME format…
————=_1234782401-3999-0
Content-Type: text/plain; charset=”iso-8859-1″
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
A message from <www-data@hydra.udag.de> to:
-> user@gmail.com
was considered unsolicited bulk e-mail (UBE).
Our internal reference code for your message is 03999-12/lkPbEmzalURU
The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.
We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases of UBE some balance
between losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on both sides.
First upstream SMTP client IP address: [89.31.140.33]
According to a ‘Received:’ trace, the message originated at: [89.31.140.33],
Return-Path: <www-data@hydra.udag.de>
From: Caixa Economica Federal <servicos@caixa.gov.br>
Message-ID: <9d798f4d2f18e5879bdfe20b2504d376@www.team-koeln.de>
Subject: Atualizacao Caixa
Delivery of the email was stopped!
————=_1234782401-3999-0
Content-Type: message/delivery-status; name=”dsn_status”
Content-Disposition: inline; filename=”dsn_status”
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
Reporting-MTA: dns; ns.example.org
Received-From-MTA: smtp; ns.example.org ([127.0.0.1])
Arrival-Date: Mon, 16 Feb 2009 03:06:34 -0800 (PST)
Original-Recipient: rfc822;fred@example.com
Final-Recipient: rfc822;user@gmail.com
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=03999-12 – SPAM
Last-Attempt-Date: Mon, 16 Feb 2009 03:06:34 -0800 (PST)
Final-Log-ID: 03999-12/lkPbEmzalURU
————=_1234782401-3999-0
Content-Type: text/rfc822-headers; name=”header”
Content-Disposition: inline; filename=”header”
Content-Transfer-Encoding: 7bit
Content-Description: Message header section
Return-Path: <www-data@hydra.udag.de>
Received: from hydra.udag.de (hydra.udag.de [89.31.140.33])
by ns.example.org (Postfix) with ESMTP id 4CA89208029
for <fred@example.com>; Mon, 16 Feb 2009 03:06:33 -0800 (PST)
Received: by hydra.udag.de (Postfix, from userid 33)
id 32D3E45C463; Mon, 16 Feb 2009 12:21:10 +0100 (CET)
To: fred@example.com
Subject: Atualizacao Caixa
Date: Mon, 16 Feb 2009 12:21:07 +0100
From: Caixa Economica Federal <servicos@caixa.gov.br>
Reply-to: Caixa Economica Federal <servicos@caixa.gov.br>
Message-ID: <9d798f4d2f18e5879bdfe20b2504d376@www.team-koeln.de>
X-Priority: 3
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.10.2800.1409.518512323.rg.sm31
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset=”iso-8859-1″
————=_1234782401-3999-0–
*** HEADER EXTRACTED deferred/9/9DF7520804A ***
*** MESSAGE FILE END deferred/9/9DF7520804A ***
Posted by mike Filed Under Citadel with Comments Off
Citadel offers and easy to install and easy to configure mail server.
On an Ubuntu server you can install the suite with:
sudo apt-get install citadel-suite
During the install you will be asked several questions. The first question you will be asked if you want to use Apache for the web interface or WebCit. This example shows the choice of WebCit which is the easiest option.
You will need to select a port that the server will run on so you can connect to the web interface. You can choose any port over 1024.
Once installed you can access your server at the port that you entered. Usernames and passwords will be collected from /etc/passwd or LDAP.
Posted by mike Filed Under Postfix Configuration with Comments Off
You can list the default settings with Postfix with this command:
postconf -d
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = postmaster
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, nis:mail.aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 20
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
enable_original_recipient = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_host_lookup = dns
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_enable = no
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_cert_file =
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_scert_verifydepth = 5
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 200600825
mail_spool_directory = /var/mail
mail_version = 2.3.3
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 1000s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = spidertools.org
myhostname = ns.spidertools.org
mynetworks = 127.0.0.0/8 127.0.0.1/32 12.32.36.123/32
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 1000s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = no
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /etc/postfix
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_enable = no
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_scert_verifydepth = 5
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!”#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers =
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH
tls_low_cipherlist = !EXPORT:ALL:+RC4:@STRENGTH
tls_medium_cipherlist = !EXPORT:!LOW:ALL:+RC4:@STRENGTH
tls_null_cipherlist = !aNULL:eNULL+kRSA
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =
« Older Entries
Newer Entries »
