Postfix main.cf
e See /usr/share/postfix/main.cf.dist for a commented, more complete version
20121011 undo above change
20160825 RS add greylisting using postgrey (check_policy
20180603 RS temp tuen off mailman
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
myorigin = /etc/mailname
Moved the queue!
queuedirectory = /usr/local/postfix
smtpdbanner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
defaultdestinationrecipientlimit = 80
defaultdestinationconcurrencylimit = 60
localdestinationconcurrencylimit = 10
smtpmxsessionlimit=75
smtpdestinationconcurrency_limit = 75
Some queue things - RAD
maximalqueuelifetime =5d
minimalbackofftime = 1000
maximalbackofftime = 4000
bouncequeuelifetime = 12h
maximalqueuelifetime =1d
minimalbackofftime = 300s
maximalbackofftime = 1000s
qmgrmessageactivelimit = 50000
qmgrmessagerecipientlimit = 50000
disablednslookups = no
This is for Mailman things
ownerrequestspecial = no
localrecipientmaps = proxy:unix:passwd.byname $aliasmaps
smtpdhelorequired = yes
disablevrfycommand = yes
strictrfc821_envelopes = yes
2016-02-13 RS duplicate entry unknownlocalrecipientrejectcode = 550
relaydomainsrejectcode = 554
unknownaddressrejectcode = 550
unknownclientrejectcode = 554
unknownhostnamerejectcode = 550
unknownlocalrecipientrejectcode = 554
unknownrelayrecipientrejectcode = 554
nonfqdnrejectcode = 554
invalidhostnamerejectcode = 554
multirecipientbouncerejectcode = 554
unknownvirtualaliasrejectcode = 554
unknownvirtualmailboxrejectcode = 554
unverifiedsenderreject_code = 554
Deliver Qmail style
home_mailbox = Maildir/
Probably shouldn’t be mailing them. Rachel 1/12/08
increased 3^?20121230 by RS
messagesizelimit = 30960000
Size of a mailbox or mailfile - must be smaller than above number
mailboxsizelimit = 40960000
Adjusted to fight dos 1/27/13
smtpdclientconnectionratelimit = 100
smtpdclientconnectioncountlimit = 50
smtpdclientconnectionratelimit = 30
smtpdclientconnectioncountlimit = 10
smtpdclientconnectionlimitexceptions = $mynetworks,.sgeinc.com,localhost
defaultprocesslimit = 50
defaultprocesslimit = 150
appending .domain is the MUA’s job.
appenddotmydomain = no
delaywarningtime = 12h
Slow down bad sites
smtpdsofterrorlimit = 10
smtpdharderrorlimit = 20
smtpderrorsleep_time = 1s
TLS parameters
smtpdtlscertfile=/etc/postfix/certs/postfixpublic_cert.pem
smtpdtlskeyfile=/etc/postfix/certs/postfixprivate_key.pem
smtpdtlscertfile=/usr/lib/ssl/certs/dovecot.pem
smtpdtlskeyfile=/usr/lib/ssl/private/dovecot.pem
smtpdusetls=yes
smtpdtlsauthonly=no
smtpdtlssessioncachedatabase = btree:$queuedirectory/smtpdtlscache
smtptlssessioncachedatabase = btree:$queuedirectory/smtpscache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
myhostname = sge.sgeinc.com
alias_maps = hash:/etc/aliases
,hash:/usr/local/mailman/data/aliases
alias_database = hash:/etc/aliases
,hash:/usr/local/mailman/data/aliases
virt domain stuff here - spg
virtualaliasdomains = hash:/etc/postfix/virtualaliasdomains
virtualaliasmaps = hash:/etc/postfix/virtualaliasmaps
myorigin = /etc/mailname
mydomain = sgeinc.com
mydestination = sge.sgeinc.com, $mydomain, localhost.$mydomain localhost
relayhost =
20161024 RS mynetworks = 199.181.141.0/24,127.0.0.0/8,192.168.0.0/16,75.180.132.0/24
mynetworks = 159.89.179.40,127.0.0.0/8,192.168.0.0/16,100.4.219.205,89.187.178.196
89.187.178.196 100.4.219.205 rmarczak
See above mailbox limit
mailboxsizelimit = 0
recipientdelimiter = +
inet_interfaces = all
smtpdsenderrestrictions=checksenderaccess hash:/etc/postfix/access
Sender restrictions:
smtpdsenderrestrictions =
permitmynetworks,
rejectnonfqdnsender,
rejectunknownsender_domain,
permit
2016-02-15 RS the following line should allow relay until smtp auth implimented
smtpdrelayrestrictions =
smtpdclientrestrictions =
2018-06-03 RS remove temporarily
smtpdrecipientrestrictions =
#permitmynetworks,
#rejectnonfqdnrecipient,
rejectinvalidhostname,
rejectunauthpipelining,
checkclientaccess hash:/var/lib/pop-before-smtp/hosts,
rejectunknownsenderdomain,
rejectunknownrecipientdomain,
permitmynetworks,
checkclientaccess hash:/etc/postfix/internalnetworks,
checksenderaccess hash:/etc/postfix/notourdomainassender,
rejectunauthdestination,
checkrecipientaccess hash:/etc/postfix/roleaccountexceptions,
checkheloaccess hash:/etc/postfix/helochecks,
#rejectnonfqdnhostname,
rejectinvalidhostname,
checksendermxaccess cidr:/etc/postfix/bogusmx,
#rejectrblclient bl.spamcop.net,
rejectrhsblsender dsn.rfc-ignorant.org,
rejectrblclient combined.rbl.msrbl.net,
rejectrblclient multi.uribl.com,
#rejectrblclient dul.dnsbl.sorbs.net,
rejectrblclient sbl-xbl.spamhaus.org,
#rejectrblclient dnsbl.sorbs.net,
rejectrblclient cbl.abuseat.org,
rejectrblclient ix.dnsbl.msrbl.net,
rejectrblclient rabl.nuclearelephant.com,
# The following checks the greylist
checkpolicyservice inet:127.0.0.1:10023,
#rejectunverified_sender,
permit
2012/07/07 RS added mailman stuff for fultonweather
2016/05/22 RS NOTE: mailman now in /usr/local/mailman
2016/05/22 RS removed fultonweather an marchreport relay_domains=lists.sgeinc.com,lists.marchreport.com,lists.fultonnyweather.org
relay_domains=lists.sgeinc.com
relayrecipientmaps =hash:/var/lib/mailman/data/virtual-mailman
transport_maps = hash:/etc/postfix/transport
mailmandestinationrecipient_limit = 1
smtpdrestrictionclasses =
hasourdomainassender
hasourdomainassender =
checksenderaccess hash:/etc/postfix/ourdomainas_sender
reject
smtpdtlsexclude_ciphers = EXPORT
Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.