Portál AbcLinuxu, 12. května 2025 08:06
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dun.dnsrbl.net, permitrad bych se zeptal, zda-li mi tato volba v postfixu udela to, ze mi nepropusti postfix zadne maily ze zakazanych IP adres lidi co mi posilaji maily, ktere jsou ulozeny napr. na spamhaus.org nebo je to jen ochrana pred tim, aby overil mou IP kdyz odesilam neco z postfixu, jestli neni ulozena v cerne listine techto serveru? Diky za odpoved
smtpd_client_restrictions
kdo se muze pripojit a zkusit dorucit email. RBL = blacklisting domen ze kterych odchazi spamy. Cili odmita maily z domen uvedenych na blacklistingu, je li na nem vlastni domena, tak to projde, protoze zalezi na poradi a permit_mynetworks je prvni.
Nov 10 10:52:26 _MUJ_SERVER_ postfix/smtpd[29881]: NOQUEUE: reject: RCPT from szkola-236.interblock.pl[85.219.198.236]: 554 Service unavailable; Client host [85.219.198.236] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?85.219.198.236; from=<_nejaky_spammer_> to=<_UZIVATEL_@_MUJ_SERVER_> proto=ESMTP helo=<_spamerova_domena_>
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client relays.mail-abuse.org, reject_rbl_client dialups.mail-abuse.org, reject_rbl_client blackholes.mail-abuse.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dev.null.dk, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.ahbl.org
reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname,
# See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = mail._MOJE_DOMENA_.CZ mydestination = $myhostname, localhost.$mydomain, $mydomain, _MOJE_DOMENA_.CZ mynetworks = 127.0.0.0/8, _JEDNA_MOJE_SPECIALNI_SOUKROMA_ADRESA mailbox_size_limit = 0 recipient_delimiter = + virtual_mailbox_base = /var/vmail virtual_minimum_uid = 500 virtual_mailbox_maps = mysql:/var/spool/postfix/etc/sql/vmailbox virtual_maps = mysql:/var/spool/etc/postfix/sql/virtual transport_maps = mysql:/var/spool/postfix/etc/sql/transport virtual_uid_maps = static:500 virtual_gid_maps = static:500 local_recipient_maps = unix:passwd.byname $alias_maps $virtual_mailbox_maps fallback_transport = virtual relay_domains = $transport_maps virtual_alias_maps = mysql:/var/spool/postfix/etc/sql/virtual recipient_bcc_maps = mysql:/var/spool/postfix/etc/sql/recipient_bcc mydomain = _MOJE_DOMENA_.CZ myorigin = _MOJE_DOMENA_.CZ content_filter = smtp-amavis:[127.0.0.1]:10024 maildrop_destination_recipient_limit = 1 maildrop_destination_concurrency_limit = 1 message_size_limit = 10240000 smtpd_enforce_tls = no smtpd_tls_auth_only = yes smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mail._MOJE_DOMENA_.CZ broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_helo_required = yes disable_vrfy_command = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client relays.mail-abuse.org, reject_rbl_client dialups.mail-abuse.org, reject_rbl_client blackholes.mail-abuse.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dev.null.dk, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.ahbl.orgmaster.cf:
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}
#flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
smtp-amavis unix - - n - 2 smtp -o smtp_data_timeout=1200 -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classe
s= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetwo
rks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.