Additions:
Deletions:
Additions:
Deletions:
Additions:
SMTP routes or transport maps
Add the following to main.cf:
transport_maps = hash:/etc/postfix/transport
proxy_read_maps = $transport_maps
Then create /etc/postfix/transport in this format. line 2 says all sub domains should be routed there as well
domain.tld smtp:1.2.3.4
.domain.tld smtp:1.2.3.4
Run postmap /etc/postfix/transport to create the hash.
Additions:
Deletions:
Additions:
Additions:
Additions:
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Not working, check the followings:
- Your client need to deliver via network, not using sendmail.
- You have spamassass service started.
Deletions:
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Your client need to deliver via network, not using sendmail!
Additions:
smtp inet n - - - - smtpd
-o content_filter=spamassin
spamassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Your client need to deliver via network, not using sendmail!
Deletions:
#
smtp inet n - - - - smtpd
-o content_filter=spamassassin
#
#
spamfilter unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -i ${sender} ${recipient}
#
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test!
Additions:
Postfix and Dspam
smtp inet n - n - - smtpd
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}
Additions:
Create user
useradd -s /bin/false spamd
smtp inet n - - - - smtpd
-o content_filter=spamassassin
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -i ${sender} ${recipient}
Deletions:
Create a wrapper script
%%(bash;spamfilter.sh)
#!/bin/bash
/usr/local/bin/spamc | /usr/sbin/sendmail -i "$@"
exit $?ate a wrapper script
Change owner and permission
useradd -s /bin/false spamfilter
chown spamfilter:spamfilter /usr/local/bin/spamfilter.sh
chmod 711 /usr/local/bin/spamfilter.sh
smtp inet n - n - - smtpd
-o content_filter=spamfilter:dummy
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${sender} -- ${recipient}
Additions:
spamassassin and postfix
Create a wrapper script
%%(bash;spamfilter.sh)
#!/bin/bash
/usr/local/bin/spamc | /usr/sbin/sendmail -i "$@"
exit $?ate a wrapper script
Change owner and permission
useradd -s /bin/false spamfilter
chown spamfilter:spamfilter /usr/local/bin/spamfilter.sh
chmod 711 /usr/local/bin/spamfilter.sh
Edit master.cf
#
smtp inet n - n - - smtpd
-o content_filter=spamfilter:dummy
#
#
spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${sender} -- ${recipient}
#
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test!
Additions:
Deletions:
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
Additions:
You should see this in your maillog:
Reducing spam
Set the following options
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
Deletions:
Yuo should see this in your maillog:
Additions:
For the version I installed, mails will be accepted for delivery even if there is no SPF record. But I haven't tested the scenario where SPF records says mail is coming from the wrong domain. Maybe later.
Additions:
www postfix/smtpd[3779]: connect from ug-out-1314.google.com[66.249.92.174]
www postfix/policy-spf[3785]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3785]: : Policy action=PREPEND Received-SPF: pass (gmail.com ... _spf.google.com: 66.249.92.174 is authorized to use 'sender@domain.com' in 'mfrom' identity (mechanism 'ip4:66.249.80.0/20' matched)) receiver=domain2.com; identity=mfrom; envelope-from="sender@domain.com"; helo=ug-out-1314.google.com; client-ip=66.249.92.174
www postfix/smtpd[3779]: A146A354A0C: client=ug-out-1314.google.com[66.249.92.174]
www postfix/cleanup[3786]: A146A354A0C: message-id=<85e064830706270118x30df8ba4ua4f012c34821505f@mail.gmail.com>
www postfix/qmgr[3365]: A146A354A0C: from=<sender@domain.com>, size=2287, nrcpt=1 (queue active)
www postfix/local[3788]: A146A354A0C: to=<recipient@domain2.com>, relay=local, delay=1.1, delays=1.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: A146A354A0C: removed
www postfix/smtpd[3779]: disconnect from ug-out-1314.google.com[66.249.92.174]
Deletions:
www postfix/smtpd[3402]: connect from somesmtp.net[1.2.3.4]
www postfix/policy-spf[3407]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3407]: : Policy action=PREPEND Received-SPF: none (datapipe.com: No applicable sender policy available) receiver=dpkn.servebeer.com; identity=mfrom; envelope-from="xxx@xxx.com"; helo=somesmtp.net; client-ip=1.2.3.4
www postfix/smtpd[3402]: 3537D354A0C: client=somesmtp.net[1.2.3.4]
www postfix/cleanup[3409]: 3537D354A0C: message-id=<46821AF5.4050501@datapipe.com>
www postfix/qmgr[3365]: 3537D354A0C: from=<xxx@xxx.com>, size=1698, nrcpt=1 (queue active)
www postfix/local[3410]: 3537D354A0C: to=<yyy@yyy.com>, relay=local, delay=0.2, delays=0.2/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: 3537D354A0C: removed
www postfix/smtpd[3402]: disconnect from somesmtp.net[1.2.3.4]
Additions:
www postfix/smtpd[3402]: connect from somesmtp.net[1.2.3.4]
www postfix/policy-spf[3407]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3407]: : Policy action=PREPEND Received-SPF: none (datapipe.com: No applicable sender policy available) receiver=dpkn.servebeer.com; identity=mfrom; envelope-from="xxx@xxx.com"; helo=somesmtp.net; client-ip=1.2.3.4
www postfix/smtpd[3402]: 3537D354A0C: client=somesmtp.net[1.2.3.4]
www postfix/cleanup[3409]: 3537D354A0C: message-id=<46821AF5.4050501@datapipe.com>
www postfix/qmgr[3365]: 3537D354A0C: from=<xxx@xxx.com>, size=1698, nrcpt=1 (queue active)
www postfix/local[3410]: 3537D354A0C: to=<yyy@yyy.com>, relay=local, delay=0.2, delays=0.2/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: 3537D354A0C: removed
www postfix/smtpd[3402]: disconnect from somesmtp.net[1.2.3.4]
Deletions:
Jun 27 01:12:49 www postfix/smtpd[3402]: connect from somesmtp.net[1.2.3.4]
Jun 27 01:12:49 www postfix/policy-spf[3407]: handler sender_policy_framework: is decisive.
Jun 27 01:12:49 www postfix/policy-spf[3407]: : Policy action=PREPEND Received-SPF: none (datapipe.com: No applicable sender policy available) receiver=dpkn.servebeer.com; identity=mfrom; envelope-from="xxx@xxx.com"; helo=somesmtp.net; client-ip=1.2.3.4
Jun 27 01:12:49 www postfix/smtpd[3402]: 3537D354A0C: client=somesmtp.net[1.2.3.4]
Jun 27 01:12:49 www postfix/cleanup[3409]: 3537D354A0C: message-id=<46821AF5.4050501@datapipe.com>
Jun 27 01:12:49 www postfix/qmgr[3365]: 3537D354A0C: from=<xxx@xxx.com>, size=1698, nrcpt=1 (queue active)
Jun 27 01:12:49 www postfix/local[3410]: 3537D354A0C: to=<yyy@yyy.com>, relay=local, delay=0.2, delays=0.2/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jun 27 01:12:49 www postfix/qmgr[3365]: 3537D354A0C: removed
Jun 27 01:12:49 www postfix/smtpd[3402]: disconnect from somesmtp.net[1.2.3.4]
Additions:
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
Yuo should see this in your maillog:
Jun 27 01:12:49 www postfix/smtpd[3402]: connect from somesmtp.net[1.2.3.4]
Jun 27 01:12:49 www postfix/policy-spf[3407]: handler sender_policy_framework: is decisive.
Jun 27 01:12:49 www postfix/policy-spf[3407]: : Policy action=PREPEND Received-SPF: none (datapipe.com: No applicable sender policy available) receiver=dpkn.servebeer.com; identity=mfrom; envelope-from="xxx@xxx.com"; helo=somesmtp.net; client-ip=1.2.3.4
Jun 27 01:12:49 www postfix/smtpd[3402]: 3537D354A0C: client=somesmtp.net[1.2.3.4]
Jun 27 01:12:49 www postfix/cleanup[3409]: 3537D354A0C: message-id=<46821AF5.4050501@datapipe.com>
Jun 27 01:12:49 www postfix/qmgr[3365]: 3537D354A0C: from=<xxx@xxx.com>, size=1698, nrcpt=1 (queue active)
Jun 27 01:12:49 www postfix/local[3410]: 3537D354A0C: to=<yyy@yyy.com>, relay=local, delay=0.2, delays=0.2/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jun 27 01:12:49 www postfix/qmgr[3365]: 3537D354A0C: removed
Jun 27 01:12:49 www postfix/smtpd[3402]: disconnect from somesmtp.net[1.2.3.4]
Deletions:
user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
Additions:
Install the add-on
tar zxvf postfix-policyd-spf-perl-2.004.tar.gz
cd postfix-policyd-spf-perl-2.004
cp postfix-policyd-spf-perl /usr/libexec/postfix/policyd-spf-perl
Then append the following to the end of /etc/postfix/master.cf
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
Then edit /etc/postfix/main.cf, change the line
smtpd_recipient_restrictions to
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy
If you do not have smtp auth enabled, the line should just be
smtpd_recipient_restrictions = check_policy_service unix:private/policy
Additions:
Deletions:
Postfix installation
Postfix installation
I'm installing postfix2.4.3 from source over a server that has postfix-2.2 installed via rpm.
tar zxvf postfix-2.4.3.tar.gz
cd postfix-2.4.3
make -f Makefile.init makefiles
make makefiles CC=/usr/bin/gcc
make
make install
# All defaults answers are good.