postfix (main.cf)
Categoria: Networking
Software: postfix
[ Hits: 39.199 ]
Por: Tiago D.G
arquivo de configuração do Postfix com restrições por cabeçalho, corpo, restrição de envio para usuários do próprio dominio, relay fechado, restrição por envio e recebimento de arquivos com extensões supeitas de virus, configuração para o amavis, tudo comentado por mim em portugues.
############################################################################### ###############################SOFT BOUNCE##################################### ############################################################################### # Parametro utilizado quando se configura um antivirus para email. soft_bounce = yes #Localização de todos os comandos do Postix command_directory = /usr/sbin #Localização de todos deamons do Postfix (Definidos no master.cf) daemon_directory = /usr/lib/postfix # Usuário responsável pela queue Postfix e por grande parte dos deamons. Use um usuário exclusivo para essa definição. default_privs = tiago default_privs = tiago #Nome dos servidores e nome da maquina que é servidor #Nome da máquina que funciona como servidor de email #myhostname = hostname # Dominio ao qual a máquina pertence. #mydomain = domainname ############################################################################### ################################SENDING MAIL################################### ############################################################################### # Domínio que deve ser anexado aos cabeçalhos de emails que são recebidos e/ou enviados pelo MTA. ############################################################################### ################################RECEIVING MAIL################################# ############################################################################### #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #proxy_interfaces = #proxy_interfaces = 1.2.3.4 #Lista de domínios que o servidor é o responsável pelo destino final. #mydestination = $myhostname, localhost.$mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain #mydestination = $myhostname, localhost.$mydomain, $mydomain, ############################################################################### #####################REJECTING MAIL FOR UNKNOWN LOCAL USERS#################### ############################################################################### #local_recipient_maps = unix:passwd.byname $alias_maps #local_recipient_maps = proxy:unix:passwd.byname $alias_maps #local_recipient_maps = # Unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 450 ############################################################################### ########################TRUST AND RELAY CONTROL################################ ############################################################################### # Lista de endereços que tem permissões de enviar emails (relays) através do Postfix. Existem duas maneiras de definir isso, manualmente (através de mynetworks) ou automaticamente(mynetworks_style). #mynetworks_style = class #mynetworks_style = subnet #mynetworks_style = host # Definição manual de endereços que tem permissões de enviar emails (relay)atraves do postfix. mynetworks = 192.168.201.0/24, 192.168.202.0/24, 127.0.0.0/8, #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table #Quais destinos (dominios) serão aceitos para serem processados. Por padrão o Postfix tem relay para: # - Clientes confiáveis (especificados por $mynetworks ou $mynetworks_style) para qualquer destino. # - De qualquer origem, clientes não-confiáveis, para os destinos especificados por relay_domains. O valor padrão deste parametro é mydestination. # relay_domains = $mydestination, curimbaba.com.br # Maquina padrão para ser enviada um email não local quando nenhuma entrada é encontrada na tabela opcional transport(5). Quando não definido, os emails localmente repassando isso para o servidor de email do ISP, por exemplo. #relayhost = $mydomain #relayhost = gateway.my.domain #relayhost = uucphost #relayhost = [an.ip.add.ress] #relay_recipient_maps = hash:/etc/postfix/relay_recipients #in_flow_delay = 1s ############################################################################### ############################ALIAS############################################## ############################################################################### # Uma característica bastante importante do sistema de correio eletrônico está na possibilidade de criar aliases. Isso permite que o usuário tenha uma série de apelidos para a sua caixa postal. #Alias_map especifica o arquivo responsável pela base de dados de alias usados pelo MTA para entregar os emails #alias_maps = dbm:/etc/aliases alias_maps = hash:/etc/postfix/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases # Base de dados para a entrega feita por local(8), podendo ser atualizada através do comando "newaliases". Isso é um parametro de configuração a parte, pois nem todas as tabelas especificadas em alias_map são arquivos locais. #alias_database = dbm:/etc/aliases alias_database = hash:/etc/postfix/aliases #alias_database = hash:/etc/aliases #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases ############################################################################### ########################DELIVERY TO MAILBOX#################################### ############################################################################### # Parametro opcional que define o path do arquivo de mailboxes relativo ao home dir dos usuários. Implementa o estilo de mailbo chamado de Maildir #home_mailbox = maildir/ mailbox_command = /usr/bin/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" #mailbox_transport = lmtp:unix:/file/name #mailbox_transport = cyrus #fallback_transport = lmtp:unix:/file/name #fallback_transport = cyrus #fallback_transport = #luser_relay = $user@other.host #luser_relay = $local@other.host #luser_relay = admin+$local ############################################################################### ##############################FAST ETRN SERVICE################################ ############################################################################### # SHOW SOFTWARE VERSION OR NOT #smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) # PARALLEL DELIVERY TO THE SAME DESTINATION # Nível de debug debug_peer_level = 2 # Parâmetros para o debug #debugger_command = # PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin # xxgdb $daemon_directory/$process_name $process_id & sleep 5 # Caminho do Sendmail sendmail_path = /usr/sbin/sendmail # Caminho do Newaliases newaliases_path = /usr/bin/newaliases # Caminho do Mailq mailq_path = /usr/bin/mailq # Grupo do Postfix setgid_group = postdrop # Diretório do Manual manpage_directory = /usr/local/man # Diretório de Exemplos sample_directory = /etc/postfix/sample readme_directory = no #smtpd_sasl_auth_enable = yes # Tamanho da caixa do usuário ( 50 Megas ) mailbox_size_limit = 51200000 # Tamanho máximo da mensagem (5/ 10 Megas ) 10=10240000 message_size_limit = 10240000 # Número máximo de destinatários no mesmo e-mail smtpd_recipient_limit = 2500 # Respeita RFC 821 - MAIL FROM e RCPT TO strict_rfc821_envelopes = yes # Ativo checagem de helo smtpd_helo_required = yes # Desabilitada VRFY disable_vrfy_command = yes # Habilita requisição de HELO/EHLO smtpd_helo_required = yes ############################################################################### ###############################Listas de RBL################################### ############################################################################### #Obs.: Utilizar com cuidado as listas, pois algumas bloqueiam e-mails do Brasil. Mais informações em: http://www.dnsstuff.com maps_rbl_domains = relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net ############################################################################### ######################RESTRIÇOES DE CLIENTES################################### ############################################################################### # Restricão do cliente - Após o aceite da conexao SMTP # Opção de restrição a nível de requisição de conexões de clientes SMTP. O padrão do Postfix é aceitar tudo. smtpd_client_restrictions = # Checa conteúdo do CLIENT_ACCESS #check_client_access hash:/etc/postfix/client_access, # Permite "mynetwork" permit_mynetworks, # Permite conteudo do ACCESS #hash:/etc/postfix/access, # Quando não há entrada PTR do IP reject_unknown_client, # Bloqueio de dominios inválidos reject_unknown_sender_domain, # Bloqueio comando para forçar entrega #reject_unauth_pipelining, # Bloqueia IP's listados em RBL reject_rbl_client maps_rbl_domains ############################################################################### ##########################RESTRIÇOES DE HELO################################### ############################################################################### # Restricão durante comando HELO/EHLO smtpd_helo_restrictions = # Permite "mynetwork" permit_mynetworks, # # Quando não é informado o hostname reject_invalid_hostname, # # Quando não existe entrada DNS A ou MX reject_unknown_hostname, # # Quando o hostname não apresenta hostname válido reject_non_fqdn_hostname, # # Bloqueio comando para forçar entrega reject_unauth_pipelining, # # Bloqueia IP's listados em RBL reject_rbl_client maps_rbl_domains ############################################################################### ######################RESTRICAO DE ENVIO(SENDER)############################### ############################################################################### # Restriçoes opcionais que o Postfix aplica no valor definido no comando mail from. O padrão é permitir tudo. #smtpd_sender_restrictions = # Permite "mynetwork" # permit_mynetworks, # Permite conteudo do ACCESS # Procura por especificações feitas em uma base para o endereço,o dominio etc # check_sender_access hash:/etc/postfix/access # Bloqueio quando não existe entrada DNS A ou MX # Rejeita a requisição quando o dominio especificado em MAIL FROM não tem um registro DNS A ou MX e o postfix # não é o destino final para o remetente. # reject_unknown_sender_domain, # Quando o hostname não apresenta hostname válido # Rejeita a requisição quando o dominio especificado em MAIL FROM não estiver em FQDN, conforme a RFC. # reject_non_fqdn_sender, # Bloqueio comando para forçar entrega. # reject_unauth_pipelining ############################################################################### ########################RESTRIÇÃO DE ENVIO POR USUARIO######################### ############################################################################### #smtpd_restriction_classes = dominios_restritos #dominios_restritos = check_sender_access hash:/etc/postfix/dominios_restritos, reject ############################################################################### ###################RESTRIÇÃO APLICADA AO RCP TO################################ ############################################################################### # Restricão aplicada no RCPT TO # Restrições opcionais do Postfix no que diz respeito a valores do campo RCPT_TO. Por padrão são definidos o #smtpd_recipient_restrictions = # Restricao de envio por usuario # hash:/etc/postfix/usuarios_restritos # Permite "mynetwork" # permit_mynetworks # Permite conteúdo do ACCESS # permit network e reject_unauth_destination # check_sender_access hash:/etc/postfix/access, # Bloqueia quando não existe entrada DNS A ou MX # reject_unknown_recipient_domain, # Quando o hostname não apresenta hostname válido # reject_non_fqdn_recipient, # Bloqueio comando para forçar entrega # reject_unauth_pipelining ############################################################################### ########################BLOQUEIO POR ASSUNTO E ANEXO########################### ############################################################################### #Bloqueio por Assunto header_checks = pcre:/etc/postfix/header_checks #mime_header_checks = $header_checks #nested_header_checks = $header_checks ############################################################################### ##########################Bloqueio por Conteúdo################################ ############################################################################### #body_checks = pcre:/etc/postfix/body_checks #body_checks = hash:/etc/postfix/corpo # Verifica os 50 K inicais #body_checks_size_limit = 51200 ## Outros comandos # Todos os e-mails que chegam irão para e-mail abaixo #always_bcc = email@meudominio.com.br # Tamanho da mensagem de erro # Tamanho máximo do HEADER aceito # Entrega de e-mails para mesmo destino smtp_destination_concurrency_limit = 20 #Tempo de reenvio de mensagem em fila fast_flush_refresh_time = 12h # Tempo de deleção de mensagem em fila fast_flush_purge_time = 1d # Tempo de mensagem em fila maximal_queue_lifetime = 240m ############################################################################### ###############################VIRUS SCANNER################################### ############################################################################### content_filter=smtp-amavis:[127.0.0.1]:10024 ############################################################################### ##########################OPCOES DE TRANSPORTE################################# ############################################################################### transport_maps = hash:/etc/postfix/transport ############################################################################### ###############RESTRIÇÃO DE ENVIO PARA ALGUNS USUARIOS######################### ############################################################################### #Restrição de envio para usuários contidos em restricted_senders e libera apenas para dominios contidos em local_domain smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, check_relay_domains smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
Comparação entre os escalonadores BFQ e MQ-Deadline (acesso a disco) no Arch e Debian
Conciliando o uso da ZRAM e SWAP em disco na sua máquina
Servidor de Backup com Ubuntu Server 24.04 LTS, RAID e Duplicati (Dell PowerEdge T420)
Visualizar câmeras IP ONVIF no Linux sem necessidade de instalar aplicativos
Converter os repositórios Debian para o novo formato com as chaves
Instalando Spotify no Debian 13
Realizar overclock no Miyoo Mini (plus ou normal)
Dúvidas sobre a originalidade de conteúdos online (12)
Direcionar uma URL para Outra No Mikrotik (1)
Monitoramento pfsense com zabbix (4)
Erro na inicialização do Debian como resolver (5)
linux mint reconhece microfone de lapela como fone de ouvido sem micro... (4)