Read
Virtual postfix -
http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1∞
Content inspection & redirect -
http://www.postfix.org/header_checks.5.html∞
Postfix basic installation
I'm installing postfix2.4.3 from source over a server that has postfix-2.2 installed via rpm.
tar zxvf postfix-2.4.3.tar.gz
cd postfix-2.4.3
make -f Makefile.init makefiles
make makefiles CC=/usr/bin/gcc
make
make install
# All defaults answers are good.
Enabling SPF on postfix
Get add-on from
http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.004.tar.gz∞
Install perl module Mail::SPF
perl -MCPAN -e 'install Module::Build'
perl -MCPAN -e 'install Mail::SPF'
Install the add-on
tar zxvf postfix-policyd-spf-perl-2.004.tar.gz
cd postfix-policyd-spf-perl-2.004
cp postfix-policyd-spf-perl /usr/libexec/postfix/policyd-spf-perl
Then append the following to the end of /etc/postfix/master.cf
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
Then edit /etc/postfix/main.cf, change the line
smtpd_recipient_restrictions to
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy
If you do not have smtp auth enabled, the line should just be
smtpd_recipient_restrictions = check_policy_service unix:private/policy
You should see this in your maillog:
www postfix/smtpd[3779]: connect from ug-out-1314.google.com[66.249.92.174]
www postfix/policy-spf[3785]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3785]: : Policy action=PREPEND Received-SPF: pass (gmail.com ... _spf.google.com: 66.249.92.174 is authorized to use 'sender@domain.com' in 'mfrom' identity (mechanism 'ip4:66.249.80.0/20' matched)) receiver=domain2.com; identity=mfrom; envelope-from="sender@domain.com"; helo=ug-out-1314.google.com; client-ip=66.249.92.174
www postfix/smtpd[3779]: A146A354A0C: client=ug-out-1314.google.com[66.249.92.174]
www postfix/cleanup[3786]: A146A354A0C: message-id=<85e064830706270118x30df8ba4ua4f012c34821505f@mail.gmail.com>
www postfix/qmgr[3365]: A146A354A0C: from=<sender@domain.com>, size=2287, nrcpt=1 (queue active)
www postfix/local[3788]: A146A354A0C: to=<recipient@domain2.com>, relay=local, delay=1.1, delays=1.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: A146A354A0C: removed
www postfix/smtpd[3779]: disconnect from ug-out-1314.google.com[66.249.92.174]
spamassassin and postfix
Create user
useradd -s /bin/false spamd
Edit master.cf
smtp inet n - - - - smtpd
-o content_filter=spamassin
spamassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Not working, check the followings:
- Your client need to deliver via network, not using sendmail.
- You have spamassass service started.
More reading:
http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix∞
Postfix and Dspam
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}
Reducing spam
Set the following options
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
For the version I installed, mails will be accepted for delivery even if there is no SPF record. But I haven't tested the scenario where SPF records says mail is coming from the wrong domain. Maybe later.
SMTP routes or transport maps
Add the following to main.cf:
transport_maps = hash:/etc/postfix/transport
proxy_read_maps = $transport_maps
Then create /etc/postfix/transport in this format. line 2 says all sub domains should be routed there as well
domain.tld smtp:1.2.3.4
.domain.tld smtp:1.2.3.4
Run
postmap /etc/postfix/transport to create the hash.
There are 124 comments on this page. [Display comments]