postfix (main.cf)

Categoria: Networking

Software: postfix

[ Hits: 38.766 ]

Por: Tiago D.G


arquivo de configuração do Postfix com restrições por cabeçalho, corpo, restrição de envio para usuários do próprio dominio, relay fechado, restrição por envio e recebimento de arquivos com extensões supeitas de virus, configuração para o amavis, tudo comentado por mim em portugues.


###############################################################################
###############################SOFT BOUNCE#####################################
###############################################################################
# Parametro utilizado quando se configura um antivirus para email.
soft_bounce = yes

#Localização de todos os comandos do Postix
command_directory = /usr/sbin

#Localização de todos deamons do Postfix (Definidos no master.cf)
daemon_directory = /usr/lib/postfix

# Usuário responsável pela queue Postfix e por grande parte dos deamons. Use um usuário exclusivo para essa definição.

default_privs = tiago

default_privs = tiago

#Nome dos servidores e nome da maquina que é servidor

#Nome da máquina que funciona como servidor de email
#myhostname = hostname

# Dominio ao qual a máquina pertence.
#mydomain = domainname

###############################################################################
################################SENDING MAIL###################################
###############################################################################
# Domínio que deve ser anexado aos cabeçalhos de emails que são recebidos e/ou enviados pelo MTA. 

###############################################################################
################################RECEIVING MAIL#################################
###############################################################################
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#Lista de domínios que o servidor é o responsável pelo destino final.
#mydestination = $myhostname, localhost.$mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,

###############################################################################
#####################REJECTING MAIL FOR UNKNOWN LOCAL USERS####################
###############################################################################
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

# Unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450

###############################################################################
########################TRUST AND RELAY CONTROL################################
###############################################################################

# Lista de endereços que tem permissões de enviar emails (relays) através do Postfix. Existem duas maneiras de definir isso, manualmente (através de mynetworks) ou automaticamente(mynetworks_style).
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

# Definição manual de endereços  que tem permissões de enviar emails (relay)atraves do postfix.
mynetworks = 192.168.201.0/24, 192.168.202.0/24, 127.0.0.0/8,
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#Quais destinos (dominios) serão aceitos para serem processados. Por padrão o Postfix tem relay para:
# - Clientes confiáveis (especificados por $mynetworks ou $mynetworks_style) para qualquer destino.
# - De qualquer origem, clientes não-confiáveis, para os destinos especificados por relay_domains. O valor padrão deste parametro é mydestination.
#
relay_domains = $mydestination, curimbaba.com.br

# Maquina padrão para ser enviada um email não local quando nenhuma entrada é encontrada na tabela opcional transport(5). Quando não definido, os emails localmente repassando isso para o servidor de email do ISP, por exemplo.

#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
#in_flow_delay = 1s

###############################################################################
############################ALIAS##############################################
###############################################################################

# Uma característica bastante importante do sistema de correio eletrônico está na possibilidade de criar aliases. Isso permite que o usuário tenha uma série de apelidos para a sua caixa postal.

#Alias_map especifica o arquivo responsável pela base de dados de alias usados pelo MTA para entregar os emails

#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/postfix/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

# Base de dados para a entrega feita por local(8), podendo ser atualizada através do comando "newaliases". Isso é um parametro de configuração a parte, pois nem todas as tabelas especificadas em alias_map são arquivos locais.

#alias_database = dbm:/etc/aliases
alias_database = hash:/etc/postfix/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

###############################################################################
########################DELIVERY TO MAILBOX####################################
###############################################################################

# Parametro opcional que define o path do arquivo de mailboxes relativo ao home dir dos usuários. Implementa o estilo de mailbo chamado de Maildir

#home_mailbox = maildir/
mailbox_command = /usr/bin/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =

#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local

############################################################################### 
##############################FAST ETRN SERVICE################################
###############################################################################

# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION
# Nível de debug
debug_peer_level = 2

# Parâmetros para o debug
#debugger_command =
#    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
#    xxgdb $daemon_directory/$process_name $process_id & sleep 5

# Caminho do Sendmail
sendmail_path = /usr/sbin/sendmail
 
# Caminho do Newaliases
newaliases_path = /usr/bin/newaliases

# Caminho do Mailq
mailq_path = /usr/bin/mailq

# Grupo do Postfix
setgid_group = postdrop

# Diretório do Manual
manpage_directory = /usr/local/man
 
# Diretório de Exemplos
sample_directory = /etc/postfix/sample

readme_directory = no

#smtpd_sasl_auth_enable = yes

# Tamanho da caixa do usuário ( 50 Megas )
mailbox_size_limit = 51200000

# Tamanho máximo da mensagem (5/ 10 Megas ) 10=10240000
message_size_limit = 10240000

# Número máximo de destinatários no mesmo e-mail
smtpd_recipient_limit = 2500

# Respeita RFC 821 - MAIL FROM e RCPT TO
strict_rfc821_envelopes = yes

# Ativo checagem de helo
smtpd_helo_required = yes

# Desabilitada VRFY
disable_vrfy_command = yes

# Habilita requisição de HELO/EHLO
smtpd_helo_required = yes

###############################################################################
###############################Listas de RBL###################################
###############################################################################

#Obs.: Utilizar com cuidado as listas, pois algumas bloqueiam e-mails do Brasil. Mais informações em: http://www.dnsstuff.com
maps_rbl_domains = relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net

###############################################################################
######################RESTRIÇOES DE CLIENTES###################################
###############################################################################

# Restricão do cliente - Após o aceite da conexao SMTP
# Opção de restrição a nível de requisição de conexões de clientes SMTP. O padrão do Postfix é aceitar tudo.
smtpd_client_restrictions =
   # Checa conteúdo do CLIENT_ACCESS
   #check_client_access hash:/etc/postfix/client_access,
   # Permite "mynetwork"
   permit_mynetworks,
   # Permite conteudo do ACCESS
   #hash:/etc/postfix/access,
   # Quando não há entrada PTR do IP
   reject_unknown_client,
   # Bloqueio de dominios inválidos
   reject_unknown_sender_domain,
   # Bloqueio comando para forçar entrega
   #reject_unauth_pipelining,
   # Bloqueia IP's listados em RBL
   reject_rbl_client maps_rbl_domains

###############################################################################
##########################RESTRIÇOES DE HELO###################################
###############################################################################

# Restricão durante comando HELO/EHLO
smtpd_helo_restrictions =
#    Permite "mynetwork"
   permit_mynetworks,
#   # Quando não é informado o hostname
   reject_invalid_hostname,
#   # Quando não existe entrada DNS A ou MX
   reject_unknown_hostname,
#   # Quando o hostname não apresenta hostname válido
   reject_non_fqdn_hostname,
#   # Bloqueio comando para forçar entrega
   reject_unauth_pipelining, 
#   # Bloqueia IP's listados em RBL
   reject_rbl_client maps_rbl_domains

###############################################################################
######################RESTRICAO DE ENVIO(SENDER)###############################
###############################################################################

# Restriçoes opcionais que o Postfix aplica no valor definido no comando mail from. O padrão é permitir tudo.
#smtpd_sender_restrictions =
   # Permite "mynetwork"
#   permit_mynetworks,
   # Permite conteudo do ACCESS
   # Procura por especificações feitas em uma base para o endereço,o dominio etc
#   check_sender_access hash:/etc/postfix/access
   # Bloqueio quando não existe entrada DNS A ou MX
   # Rejeita a requisição quando o dominio especificado em MAIL FROM não tem um registro DNS A ou MX e o postfix
   # não é o destino final para o remetente.
#   reject_unknown_sender_domain,
   # Quando o hostname não apresenta hostname válido
   # Rejeita a requisição quando o dominio especificado em MAIL FROM não estiver em FQDN, conforme a RFC.
#   reject_non_fqdn_sender,
   # Bloqueio comando para forçar entrega.
#   reject_unauth_pipelining

###############################################################################
########################RESTRIÇÃO DE ENVIO POR USUARIO#########################
###############################################################################

#smtpd_restriction_classes = dominios_restritos
#dominios_restritos = check_sender_access hash:/etc/postfix/dominios_restritos, reject

###############################################################################
###################RESTRIÇÃO APLICADA AO RCP TO################################
###############################################################################

# Restricão aplicada no RCPT TO
# Restrições opcionais do Postfix  no que diz respeito a valores do campo RCPT_TO. Por padrão são definidos o 
#smtpd_recipient_restrictions =
   # Restricao de envio por usuario
#   hash:/etc/postfix/usuarios_restritos
   # Permite "mynetwork"
#   permit_mynetworks
   # Permite conteúdo do ACCESS
#   permit network e reject_unauth_destination
#   check_sender_access hash:/etc/postfix/access,
   # Bloqueia quando não existe entrada DNS A ou MX
#   reject_unknown_recipient_domain,
   # Quando o hostname não apresenta hostname válido
#   reject_non_fqdn_recipient,
   # Bloqueio comando para forçar entrega
#   reject_unauth_pipelining

###############################################################################
########################BLOQUEIO POR ASSUNTO E ANEXO###########################
###############################################################################

#Bloqueio por Assunto
header_checks = pcre:/etc/postfix/header_checks
#mime_header_checks = $header_checks
#nested_header_checks = $header_checks

###############################################################################
##########################Bloqueio por Conteúdo################################
###############################################################################

#body_checks = pcre:/etc/postfix/body_checks
#body_checks = hash:/etc/postfix/corpo
# Verifica os 50 K inicais
#body_checks_size_limit = 51200

## Outros comandos
# Todos os e-mails que chegam irão para e-mail abaixo
#always_bcc = email@meudominio.com.br

# Tamanho da mensagem de erro

# Tamanho máximo do HEADER aceito

# Entrega de e-mails para mesmo destino
smtp_destination_concurrency_limit = 20

#Tempo de reenvio de mensagem em fila
fast_flush_refresh_time = 12h

# Tempo de deleção de mensagem em fila
fast_flush_purge_time = 1d

# Tempo de mensagem em fila
maximal_queue_lifetime = 240m

###############################################################################
###############################VIRUS SCANNER###################################
###############################################################################

content_filter=smtp-amavis:[127.0.0.1]:10024

###############################################################################
##########################OPCOES DE TRANSPORTE#################################
###############################################################################

transport_maps = hash:/etc/postfix/transport

###############################################################################
###############RESTRIÇÃO DE ENVIO PARA ALGUNS USUARIOS#########################
###############################################################################

#Restrição de envio para usuários contidos em restricted_senders e libera apenas para dominios contidos em local_domain
smtpd_recipient_restrictions =
 check_sender_access hash:/etc/postfix/restricted_senders,
 permit_mynetworks,
 check_relay_domains
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
  


Comentários
[1] Comentário enviado por removido em 18/12/2007 - 19:11h

?comentario= amigo, estou com um problema veja se pode me ajudar!

atualizei o meu antivirus e depois disso nao consiguia enviar e nem receber emails, tive que comentar a linha

content_filter=smtp-amavis:[127.0.0.1]:10024

segue o erro quando nao comento:

[root@box etc]# tail -f /var/log/maillog | grep @yahoo.com.br
Dec 18 19:32:28 box postfix/smtp[15119]: D30592C004: to=<inasimbsb@yahoo.com.br>, relay=127.0.0.1[127.0.0.1], delay=1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=15068-01, virus_scan FAILED: virus_scan ALL FAILED: (in reply to end of DATA command))


pesquisei na internet e dissera que tem que voltar uma lib do antivirus, que a mcaffe tem esse problema, mas nao diz como... tambem nao sei

ajuda nois!

abracos


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts