poudenes
By:
poudenes

Postfix master.cf - right order of rules

March 14, 2016 791 views
FAQ Security Email Firewall DigitalOcean CentOS

Hi Guys,

Im final done and let work spam assassin to work to filter spam. Did lot of changes and tried lot of things from different websites. But now i don't know if the order of all lines are correct. So maybe something is wrong and my mailserver is open-relay, or something els that is not correct. Can someone take a look and tell me if i have to change something?

I have comment some things out. When enable spam assassin don't check and my mails not received as **SPAM* in subject

  1. # # Postfix master process configuration file. For details on the format
  2. # of the file, see the Postfix master(5) manual page.
  3. #
  4. # ***** Unused items removed *****
  5. # ==========================================================================
  6. # service type private unpriv chroot wakeup maxproc command + args
  7. # (yes) (yes) (yes) (never) (100)
  8. # ==========================================================================
  9. smtp inet n - n - - smtpd
  10. -o content_filter=spamassassin
  11. -o smtpdsaslauth_enable=yes
  12. -o receiveoverrideoptions=noaddressmappings
  13. # -o content_filter=amavisfeed:127.0.0.1:10024
  14. submission inet n - n - - smtpd
  15. -o smtpdenforcetls=yes
  16. -o smtpdsaslauth_enable=yes
  17. -o smtpdclientrestrictions=permitsaslauthenticated,rejectunauthdestination
  18. -o smtpdsaslsecurity_options=noanonymous
  19. -o smtpdsasllocal_domain=mail.oudenes.photography
  20. -o header_checks=
  21. -o body_checks=
  22. -o smtpdsaslsecurity_options=noanonymous,noplaintext
  23. -o smtpdsasltlssecurityoptions=noanonymous
  24. smtps inet n - n - - smtpd
  25. -o content_filter=spamassassin
  26. -o smtpdtlswrappermode=yes
  27. -o smtpdsaslauth_enable=yes
  28. -o smtpdclientrestrictions=permitsaslauthenticated,reject
  29. # -o content_filter=amavisfeed:127.0.0.1:10024
  30. -o syslog_name=postfix/smtps
  31. spamfilter unix - n n - - pipe
  32. flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} {recipient}
  33. spamassassin unix - n n - - pipe
  34. user=amavis argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
  35. pickup fifo n - n 60 1 pickup
  36. -o content_filter=
  37. -o receiveoverrideoptions=noheaderbody_checks
  38. cleanup unix n - n - 0 cleanup
  39. qmgr fifo n - n 300 1 qmgr
  40. #qmgr fifo n - n 300 1 oqmgr
  41. tlsmgr unix - - n 1000? 1 tlsmgr
  42. rewrite unix - - n - - trivial-rewrite
  43. bounce unix - - n - 0 bounce
  44. defer unix - - n - 0 bounce
  45. trace unix - - n - 0 bounce
  46. verify unix - - n - 1 verify
  47. flush unix n - n 1000? 0 flush
  48. proxymap unix - - n - - proxymap
  49. smtp unix - - n - - smtp
  50. # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
  51. relay unix - - n - - smtp
  52. -o fallback_relay=
  53. showq unix n - n - - showq
  54. error unix - - n - - error
  55. discard unix - - n - - discard
  56. local unix - n n - - local
  57. virtual unix - n n - - virtual
  58. lmtp unix - - n - - lmtp
  59. anvil unix - - n - 1 anvil
  60. scache unix - - n - 1 scache
  61. # ====================================================================
  62. # Interfaces to non-Postfix software. Be sure to examine the manual
  63. # pages of the non-Postfix software to find out what options it wants.
  64. # ====================================================================
  65. maildrop unix - n n - - pipe
  66. flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
  67. uucp unix - n n - - pipe
  68. flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  69. ifmail unix - n n - - pipe
  70. flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  71. bsmtp unix - n n - - pipe
  72. flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
  73. # Dovecot LDA
  74. dovecot unix - n n - - pipe
  75. # flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
  76. flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
  77. # Vacation mail
  78. vacation unix - n n - - pipe
  79. flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
  80. #
  81. # spam/virus section
  82. #
  83. amavisfeed unix - - y - 5 smtp
  84. -o lmtpdatadone_timeout=1200
  85. -o disablednslookups=yes
  86. -o lmtpsendxforward_command=yes
  87. -o max_use=10
  88. -o smtpsendxforward_command=yes
  89. 127.0.0.1:10025 inet n - - - - smtpd
  90. -o content_filter=
  91. -o smtpdhelorestrictions=
  92. -o smtpdsenderrestrictions=
  93. -o smtpdrecipientrestrictions=permit_mynetworks,reject
  94. -o mynetworks=127.0.0.0/8
  95. -o smtpderrorsleep_time=0
  96. -o smtpdsofterror_limit=1001
  97. -o smtpdharderror_limit=1000
  98. -o receiveoverrideoptions=noheaderbody_checks
  99. -o smtpdhelorequired=no
  100. -o smtpdclientrestrictions=
  101. -o smtpdrestrictionclasses=
  102. -o disablevrfycommand=no
  103. -o strictrfc821envelopes=yes
  104. -o smtpddelayreject=no
  105. -o smtpdclientrestrictions=permit_mynetworks,reject
  106. -o smtpddatarestrictions=rejectunauthpipelining
  107. -o smtpdendofdatarestrictions=
  108. -o smtpdrestrictionclasses=
  109. -o smtpdclientconnectioncountlimit=0
  110. -o smtpdclientconnectionratelimit=0
  111. -o receiveoverrideoptions=noheaderbodychecks,nounknownrecipientchecks
  112. -o localheaderrewrite_clients=
  113. -o smtpdauthorizedxforward_hosts=127.0.0.0/8
Be the first one to answer this question.