[Postfixbuch-users] Postscreen HowTo
Jim Knuth
jk at jkart.de
Di Feb 15 12:11:21 CET 2011
am 12.02.11 17:08 schrieb Driessen <driessen at fblan.de>:
> On Behalf Of Jim Knuth
>> am 08.02.11 16:02 schrieb Christian Roessner
>> <c at roessner-network-solutions.com>:
>>>>>> wie kann man eigentlich verhindern, dass Postscreen bei
>>>>>> authentifizierten Usern (Sendern) "zuschlägt"? Ich habe
>>>>>> manchmal diese Meldung beim Senden über den Mailclient
>>>>>> (Thunderbird). Siehe Anhang.
>>>>>
>>>>> Gar nicht. Die müssen über z.B. submission gehen
>>>>>
>>>>
>>>> echt? Das ist ja dumm .. :-/
>>>
>>> Tipp: 2te IP spendieren
>>
>> die muss aber nicht mit einer real existierenden Domain einhergehen,
>> oder? Nur im DNS als bspw. submission.domain.de eingetragen sein?
>
> Für die eigenen Kunden fürs Relay wird kein PTR benötigt.
> Für Fremde Mailserver zu dir reicht ebenfalls ein MX / A Record.
>
> Wenn du aber an andere liefern möchtest dann wird das bekannte Tripple
>
> PTR = A = Helo benötigt.
>
> Wie möchtest du es denn jetzt machen?
>
> Für deine Kunden ändert sich nichts?
ja, so soll es sein. Tschuldigung, bin etwas aus der Übung. So,
wie im Anhang?
--
Mit freundlichen Grüßen,
Jim Knuth
P.S.: Bitte senden Sie KEINE HTML-Mails!
Danke.
#####
Zufallszitat:
Der Gewissensbiss ist, wie der Biss des Hundes gegen
einen Stein, eine Dummheit. [Nietzsche]
-------------- nächster Teil --------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
body_checks = regexp:$filter/body_checks.regexp
bounce_queue_lifetime = 3d
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
default_privs = mail
delay_warning_time = 3h
disable_vrfy_command = yes
header_checks = regexp:$filter/header_checks.regexp pcre:$filter/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
local_destination_concurrency_limit = 1
local_header_rewrite_clients =
local_recipient_maps = proxy:unix:passwd.byname
mail_name = Postfix
mail_owner = postfix
mailbox_command = /usr/bin/procmail -t /etc/procmailrc
mailbox_size_limit = 102400000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 51200000
mime_header_checks = pcre:$filter/mime_header_checks
mydestination = $myhostname
myhostname = server1.art-domains.de
mynetworks = 127.0.0.0/8
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = black.uribl.com zen.spamhaus.org spam.ipv6.kutukupret.com bl.spamcop.net dnsbl.njabl.org ix.dnsbl.manitu.net
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
postscreen_helo_required = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = drop
postscreen_pipelining_enable = yes
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
remote_header_rewrite_domain =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_bind_address = NEUE IP
smtp_connect_timeout = 90s
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_client_restrictions = permit_mynetworks
smtpd_data_restrictions = permit_mynetworks reject_multi_recipient_bounce reject_unauth_pipelining permit_sasl_authenticated check_client_access regexp:$filter/add_auth_header.regexp
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname
smtpd_junk_command_limit = 50
smtpd_policy_service_max_idle = 3600s
smtpd_policy_service_max_ttl = 3600s
smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unknown_sender_domain permit_sasl_authenticated reject_unauth_destination reject_unlisted_sender reject_unlisted_recipient check_recipient_access hash:$filter/verbotene_empfaenger check_client_access pcre:$filter/dynip check_client_access mysql:$mysql/client_access.cf check_sender_access mysql:$mysql/sender_access.cf check_sender_mx_access hash:$filter/wildcard_mx check_sender_mx_access cidr:$filter/bogon_networks.cidr check_policy_service inet:127.0.0.1:12525 check_policy_service inet:127.0.0.1:10031
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = mail.server1.domain.de
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks
smtpd_tls_cert_file = $certs/postfix_public_cert.pem
smtpd_tls_key_file = $certs/postfix_private_key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes
strict_mime_encoding_domain = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
-------------- nächster Teil --------------
ALTE IP:submission inet n - n 0 - smtpd
-o myhostname="server2.domain.de"
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5
-o smtpd_client_message_rate_limit=10
-o smtpd_client_recipient_rate_limit=30
-o smtpd_sasl_auth_enable=yes
-o content_filter=lmtp-amavis:[127.0.0.1]:10024
-o smtp_bind_address=127.0.0.1
-o anvil_rate_time_unit=120s
-o smtpd_recipient_restrictions=${submission_smtpd_recipient_restrictions}
-o cleanup_service_name=cleanup2
ALTE IP:smtp inet n - n 0 - smtpd
-o myhostname="server2.domain.de"
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5
-o smtpd_client_message_rate_limit=10
-o smtpd_client_recipient_rate_limit=30
-o smtpd_sasl_auth_enable=yes
-o content_filter=lmtp-amavis:[127.0.0.1]:10024
-o smtp_bind_address=127.0.0.1
-o anvil_rate_time_unit=120s
-o smtpd_recipient_restrictions=${submission_smtpd_recipient_restrictions}
-o cleanup_service_name=cleanup2
smtpd pass - - n - - smtpd
-o receive_override_options=no_address_mappings
-o content_filter=lmtp-amavis:[127.0.0.1]:10024
smtp inet n - n - 1 postscreen
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
lmtp-amavis unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200s
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error
Mehr Informationen über die Mailingliste Postfixbuch-users