postfix (main.cf)
Categoria: Networking
Software: postfix
[ Hits: 38.772 ]
Por: Tiago D.G
arquivo de configuração do Postfix com restrições por cabeçalho, corpo, restrição de envio para usuários do próprio dominio, relay fechado, restrição por envio e recebimento de arquivos com extensões supeitas de virus, configuração para o amavis, tudo comentado por mim em portugues.
############################################################################### ###############################SOFT BOUNCE##################################### ############################################################################### # Parametro utilizado quando se configura um antivirus para email. soft_bounce = yes #Localização de todos os comandos do Postix command_directory = /usr/sbin #Localização de todos deamons do Postfix (Definidos no master.cf) daemon_directory = /usr/lib/postfix # Usuário responsável pela queue Postfix e por grande parte dos deamons. Use um usuário exclusivo para essa definição. default_privs = tiago default_privs = tiago #Nome dos servidores e nome da maquina que é servidor #Nome da máquina que funciona como servidor de email #myhostname = hostname # Dominio ao qual a máquina pertence. #mydomain = domainname ############################################################################### ################################SENDING MAIL################################### ############################################################################### # Domínio que deve ser anexado aos cabeçalhos de emails que são recebidos e/ou enviados pelo MTA. ############################################################################### ################################RECEIVING MAIL################################# ############################################################################### #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #proxy_interfaces = #proxy_interfaces = 1.2.3.4 #Lista de domínios que o servidor é o responsável pelo destino final. #mydestination = $myhostname, localhost.$mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain #mydestination = $myhostname, localhost.$mydomain, $mydomain, ############################################################################### #####################REJECTING MAIL FOR UNKNOWN LOCAL USERS#################### ############################################################################### #local_recipient_maps = unix:passwd.byname $alias_maps #local_recipient_maps = proxy:unix:passwd.byname $alias_maps #local_recipient_maps = # Unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 450 ############################################################################### ########################TRUST AND RELAY CONTROL################################ ############################################################################### # Lista de endereços que tem permissões de enviar emails (relays) através do Postfix. Existem duas maneiras de definir isso, manualmente (através de mynetworks) ou automaticamente(mynetworks_style). #mynetworks_style = class #mynetworks_style = subnet #mynetworks_style = host # Definição manual de endereços que tem permissões de enviar emails (relay)atraves do postfix. mynetworks = 192.168.201.0/24, 192.168.202.0/24, 127.0.0.0/8, #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table #Quais destinos (dominios) serão aceitos para serem processados. Por padrão o Postfix tem relay para: # - Clientes confiáveis (especificados por $mynetworks ou $mynetworks_style) para qualquer destino. # - De qualquer origem, clientes não-confiáveis, para os destinos especificados por relay_domains. O valor padrão deste parametro é mydestination. # relay_domains = $mydestination, curimbaba.com.br # Maquina padrão para ser enviada um email não local quando nenhuma entrada é encontrada na tabela opcional transport(5). Quando não definido, os emails localmente repassando isso para o servidor de email do ISP, por exemplo. #relayhost = $mydomain #relayhost = gateway.my.domain #relayhost = uucphost #relayhost = [an.ip.add.ress] #relay_recipient_maps = hash:/etc/postfix/relay_recipients #in_flow_delay = 1s ############################################################################### ############################ALIAS############################################## ############################################################################### # Uma característica bastante importante do sistema de correio eletrônico está na possibilidade de criar aliases. Isso permite que o usuário tenha uma série de apelidos para a sua caixa postal. #Alias_map especifica o arquivo responsável pela base de dados de alias usados pelo MTA para entregar os emails #alias_maps = dbm:/etc/aliases alias_maps = hash:/etc/postfix/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases # Base de dados para a entrega feita por local(8), podendo ser atualizada através do comando "newaliases". Isso é um parametro de configuração a parte, pois nem todas as tabelas especificadas em alias_map são arquivos locais. #alias_database = dbm:/etc/aliases alias_database = hash:/etc/postfix/aliases #alias_database = hash:/etc/aliases #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases ############################################################################### ########################DELIVERY TO MAILBOX#################################### ############################################################################### # Parametro opcional que define o path do arquivo de mailboxes relativo ao home dir dos usuários. Implementa o estilo de mailbo chamado de Maildir #home_mailbox = maildir/ mailbox_command = /usr/bin/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" #mailbox_transport = lmtp:unix:/file/name #mailbox_transport = cyrus #fallback_transport = lmtp:unix:/file/name #fallback_transport = cyrus #fallback_transport = #luser_relay = $user@other.host #luser_relay = $local@other.host #luser_relay = admin+$local ############################################################################### ##############################FAST ETRN SERVICE################################ ############################################################################### # SHOW SOFTWARE VERSION OR NOT #smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) # PARALLEL DELIVERY TO THE SAME DESTINATION # Nível de debug debug_peer_level = 2 # Parâmetros para o debug #debugger_command = # PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin # xxgdb $daemon_directory/$process_name $process_id & sleep 5 # Caminho do Sendmail sendmail_path = /usr/sbin/sendmail # Caminho do Newaliases newaliases_path = /usr/bin/newaliases # Caminho do Mailq mailq_path = /usr/bin/mailq # Grupo do Postfix setgid_group = postdrop # Diretório do Manual manpage_directory = /usr/local/man # Diretório de Exemplos sample_directory = /etc/postfix/sample readme_directory = no #smtpd_sasl_auth_enable = yes # Tamanho da caixa do usuário ( 50 Megas ) mailbox_size_limit = 51200000 # Tamanho máximo da mensagem (5/ 10 Megas ) 10=10240000 message_size_limit = 10240000 # Número máximo de destinatários no mesmo e-mail smtpd_recipient_limit = 2500 # Respeita RFC 821 - MAIL FROM e RCPT TO strict_rfc821_envelopes = yes # Ativo checagem de helo smtpd_helo_required = yes # Desabilitada VRFY disable_vrfy_command = yes # Habilita requisição de HELO/EHLO smtpd_helo_required = yes ############################################################################### ###############################Listas de RBL################################### ############################################################################### #Obs.: Utilizar com cuidado as listas, pois algumas bloqueiam e-mails do Brasil. Mais informações em: http://www.dnsstuff.com maps_rbl_domains = relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net ############################################################################### ######################RESTRIÇOES DE CLIENTES################################### ############################################################################### # Restricão do cliente - Após o aceite da conexao SMTP # Opção de restrição a nível de requisição de conexões de clientes SMTP. O padrão do Postfix é aceitar tudo. smtpd_client_restrictions = # Checa conteúdo do CLIENT_ACCESS #check_client_access hash:/etc/postfix/client_access, # Permite "mynetwork" permit_mynetworks, # Permite conteudo do ACCESS #hash:/etc/postfix/access, # Quando não há entrada PTR do IP reject_unknown_client, # Bloqueio de dominios inválidos reject_unknown_sender_domain, # Bloqueio comando para forçar entrega #reject_unauth_pipelining, # Bloqueia IP's listados em RBL reject_rbl_client maps_rbl_domains ############################################################################### ##########################RESTRIÇOES DE HELO################################### ############################################################################### # Restricão durante comando HELO/EHLO smtpd_helo_restrictions = # Permite "mynetwork" permit_mynetworks, # # Quando não é informado o hostname reject_invalid_hostname, # # Quando não existe entrada DNS A ou MX reject_unknown_hostname, # # Quando o hostname não apresenta hostname válido reject_non_fqdn_hostname, # # Bloqueio comando para forçar entrega reject_unauth_pipelining, # # Bloqueia IP's listados em RBL reject_rbl_client maps_rbl_domains ############################################################################### ######################RESTRICAO DE ENVIO(SENDER)############################### ############################################################################### # Restriçoes opcionais que o Postfix aplica no valor definido no comando mail from. O padrão é permitir tudo. #smtpd_sender_restrictions = # Permite "mynetwork" # permit_mynetworks, # Permite conteudo do ACCESS # Procura por especificações feitas em uma base para o endereço,o dominio etc # check_sender_access hash:/etc/postfix/access # Bloqueio quando não existe entrada DNS A ou MX # Rejeita a requisição quando o dominio especificado em MAIL FROM não tem um registro DNS A ou MX e o postfix # não é o destino final para o remetente. # reject_unknown_sender_domain, # Quando o hostname não apresenta hostname válido # Rejeita a requisição quando o dominio especificado em MAIL FROM não estiver em FQDN, conforme a RFC. # reject_non_fqdn_sender, # Bloqueio comando para forçar entrega. # reject_unauth_pipelining ############################################################################### ########################RESTRIÇÃO DE ENVIO POR USUARIO######################### ############################################################################### #smtpd_restriction_classes = dominios_restritos #dominios_restritos = check_sender_access hash:/etc/postfix/dominios_restritos, reject ############################################################################### ###################RESTRIÇÃO APLICADA AO RCP TO################################ ############################################################################### # Restricão aplicada no RCPT TO # Restrições opcionais do Postfix no que diz respeito a valores do campo RCPT_TO. Por padrão são definidos o #smtpd_recipient_restrictions = # Restricao de envio por usuario # hash:/etc/postfix/usuarios_restritos # Permite "mynetwork" # permit_mynetworks # Permite conteúdo do ACCESS # permit network e reject_unauth_destination # check_sender_access hash:/etc/postfix/access, # Bloqueia quando não existe entrada DNS A ou MX # reject_unknown_recipient_domain, # Quando o hostname não apresenta hostname válido # reject_non_fqdn_recipient, # Bloqueio comando para forçar entrega # reject_unauth_pipelining ############################################################################### ########################BLOQUEIO POR ASSUNTO E ANEXO########################### ############################################################################### #Bloqueio por Assunto header_checks = pcre:/etc/postfix/header_checks #mime_header_checks = $header_checks #nested_header_checks = $header_checks ############################################################################### ##########################Bloqueio por Conteúdo################################ ############################################################################### #body_checks = pcre:/etc/postfix/body_checks #body_checks = hash:/etc/postfix/corpo # Verifica os 50 K inicais #body_checks_size_limit = 51200 ## Outros comandos # Todos os e-mails que chegam irão para e-mail abaixo #always_bcc = email@meudominio.com.br # Tamanho da mensagem de erro # Tamanho máximo do HEADER aceito # Entrega de e-mails para mesmo destino smtp_destination_concurrency_limit = 20 #Tempo de reenvio de mensagem em fila fast_flush_refresh_time = 12h # Tempo de deleção de mensagem em fila fast_flush_purge_time = 1d # Tempo de mensagem em fila maximal_queue_lifetime = 240m ############################################################################### ###############################VIRUS SCANNER################################### ############################################################################### content_filter=smtp-amavis:[127.0.0.1]:10024 ############################################################################### ##########################OPCOES DE TRANSPORTE################################# ############################################################################### transport_maps = hash:/etc/postfix/transport ############################################################################### ###############RESTRIÇÃO DE ENVIO PARA ALGUNS USUARIOS######################### ############################################################################### #Restrição de envio para usuários contidos em restricted_senders e libera apenas para dominios contidos em local_domain smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, check_relay_domains smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Melhorando a precisão de valores flutuantes em python[AJUDA] (9)
GLPI - Configuração de destinatário com conta Microsoft Exchange (0)
Vou voltar moderar conteúdos de Dicas e Artigos (3)
OpenVPN no MACBOOK conecta mas não pinga pastas de rede compartilhada ... (1)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta