tachtler:postfix_centos_7_-_amavis_anbinden_amavisd-milter
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungLetzte ÜberarbeitungBeide Seiten der Revision | ||
tachtler:postfix_centos_7_-_amavis_anbinden_amavisd-milter [2015/10/15 10:41] – klaus | tachtler:postfix_centos_7_-_amavis_anbinden_amavisd-milter [2015/10/19 11:09] – [/etc/postfix/main.cf] klaus | ||
---|---|---|---|
Zeile 43: | Zeile 43: | ||
<code ini> | <code ini> | ||
... | ... | ||
+ | # SPF (spf-milter) | ||
+ | spf_milter = inet: | ||
# AMaViS (amavisd-milter) | # AMaViS (amavisd-milter) | ||
amavisd_milter = inet: | amavisd_milter = inet: | ||
Zeile 55: | Zeile 57: | ||
<code ini> | <code ini> | ||
+ | # | ||
+ | # Postfix master process configuration file. For details on the format | ||
+ | # of the file, see the master(5) manual page (command: "man 5 master" | ||
+ | # on-line: http:// | ||
+ | # | ||
+ | # Do not forget to execute " | ||
+ | # | ||
# ========================================================================== | # ========================================================================== | ||
# service type private unpriv | # service type private unpriv | ||
# | # | ||
# ========================================================================== | # ========================================================================== | ||
- | ... | + | # Tachtler - disabled - |
- | ... | + | #smtp inet n |
- | ... | + | # Tachtler - new - |
+ | # Incoming traffic from untrust networks, with postscreen. | ||
+ | 192.168.1.60: | ||
# Tachtler - enabled - | # Tachtler - enabled - | ||
- | # Outgoing FROM Postfix TO AMaViS | + | # Incoming traffic passed from untrust networks, with postscreen. |
smtpd | smtpd | ||
- | -o smtpd_milters=${amavisd_milter} | + | -o smtpd_milters=${spf_milter}, |
+ | # Tachtler - new - | ||
+ | # Outgoing traffic from trusted networks, with amavisd-new (altermime). | ||
+ | 192.168.1.60: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter=192.168.0.70: | ||
+ | -o smtpd_client_connection_count_limit=4 | ||
+ | -o smtpd_proxy_options=speed_adjust | ||
+ | 192.168.0.60: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter=192.168.0.70: | ||
+ | -o smtpd_client_connection_count_limit=4 | ||
+ | -o smtpd_proxy_options=speed_adjust | ||
+ | 127.0.0.1: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter=192.168.0.70: | ||
+ | -o smtpd_client_connection_count_limit=4 | ||
+ | -o smtpd_proxy_options=speed_adjust | ||
# Tachtler - new - | # Tachtler - new - | ||
- | # Incoming FROM AMaViS TO Postfix | + | # Outgoing traffic, BACK from amavisd-new from smtpd_proxy_filter. |
192.168.0.60: | 192.168.0.60: | ||
-o content_filter= | -o content_filter= | ||
-o smtpd_proxy_filter= | -o smtpd_proxy_filter= | ||
+ | -o smtpd_milters= | ||
-o smtpd_authorized_xforward_hosts=127.0.0.0/ | -o smtpd_authorized_xforward_hosts=127.0.0.0/ | ||
-o smtpd_client_restrictions= | -o smtpd_client_restrictions= | ||
-o smtpd_helo_restrictions= | -o smtpd_helo_restrictions= | ||
-o smtpd_sender_restrictions= | -o smtpd_sender_restrictions= | ||
- | -o smtpd_relay_restrictions=permit_mynetworks, | + | -o smtpd_relay_restrictions= |
- | -o smtpd_recipient_restrictions= | + | -o smtpd_recipient_restrictions=permit_mynetworks, |
-o smtpd_data_restrictions= | -o smtpd_data_restrictions= | ||
- | | + | -o mynetworks=0.0.0.0/ |
- | -o smtpd_etrn_restrictions= | + | |
- | | + | |
-o receive_override_options=no_unknown_recipient_checks | -o receive_override_options=no_unknown_recipient_checks | ||
+ | # Tachtler - new - | ||
+ | # Outgoing traffic, BACK from amavisd-new from content_filter. | ||
+ | 192.168.0.60: | ||
+ | -o content_filter= | ||
+ | -o smtpd_proxy_filter= | ||
+ | -o smtpd_milters= | ||
+ | -o smtpd_authorized_xforward_hosts=127.0.0.0/ | ||
+ | -o smtpd_delay_reject=no | ||
+ | -o smtpd_client_restrictions= | ||
+ | -o smtpd_helo_restrictions= | ||
+ | -o smtpd_sender_restrictions= | ||
+ | -o smtpd_relay_restrictions= | ||
+ | -o smtpd_recipient_restrictions=permit_mynetworks, | ||
+ | -o smtpd_data_restrictions=reject_unauth_pipelining | ||
+ | -o smtpd_end_of_data_restrictions= | ||
+ | -o smtpd_restriction_classes= | ||
+ | -o mynetworks=0.0.0.0/ | ||
+ | -o smtpd_error_sleep_time=0 | ||
+ | -o smtpd_soft_error_limit=1001 | ||
+ | -o smtpd_hard_error_limit=1000 | ||
+ | -o smtpd_client_connection_count_limit=0 | ||
+ | -o smtpd_client_connection_rate_limit=0 | ||
+ | -o receive_override_options=no_header_body_checks, | ||
+ | -o local_header_rewrite_clients= | ||
... | ... | ||
... | ... | ||
+ | ... | ||
+ | # Tachtler - enabled - | ||
+ | submission inet n | ||
+ | -o syslog_name=postfix/ | ||
+ | -o content_filter=lmtp: | ||
+ | -o smtpd_tls_security_level=encrypt | ||
+ | -o smtpd_sasl_auth_enable=yes | ||
+ | -o smtpd_reject_unlisted_recipient=no | ||
+ | # -o smtpd_client_restrictions=$mua_client_restrictions | ||
+ | # -o smtpd_helo_restrictions=$mua_helo_restrictions | ||
+ | # -o smtpd_sender_restrictions=$mua_sender_restrictions | ||
+ | -o smtpd_recipient_restrictions= | ||
+ | -o smtpd_relay_restrictions=permit_sasl_authenticated, | ||
+ | -o milter_macro_daemon_name=ORIGINATING | ||
+ | ... | ||
+ | ... | ||
+ | ... | ||
+ | pickup | ||
+ | -o content_filter=lmtp: | ||
... | ... | ||
</ | </ | ||
- | **__Nachfolgend Erklärungen zu den einzelnen | + | **__Nachfolgend Erklärungen zu den WICHTIGSTEN |
- | * <code ini> | + | * <code ini> -o smtpd_milters=${spf_milter}, |
- | Die Option sorgt dafür, dass dem Parameter '' | + | Die Option sorgt dafür, dass dem Parameter '' |
- | * <code ini> | + | ===== Neustart ===== |
- | Festlegung auf welcher | + | Falls vorstehende Änderungen (natürlich an die jeweiligen Bedürfnisse angepasst) durchgeführt wurden, muss ein **Neustart** von [[http:// |
- | | + | Danach kann der **postfix**-Server mit nachfolgendem Befehle **__neu__** gestartet werden: |
- | -o smtpd_proxy_filter=</ | + | < |
+ | # systemctl restart postfix | ||
+ | </ | ||
- | Deaktivieren | + | Mit nachfolgendem Befehl kann der Status des abgefragt werden: |
+ | < | ||
+ | # systemctl status postfix | ||
+ | postfix.service | ||
+ | | ||
+ | | ||
+ | Process: 1128 ExecStop=/ | ||
+ | Process: 1144 ExecStart=/ | ||
+ | Process: 1141 ExecStartPre=/ | ||
+ | Process: 1138 ExecStartPre=/ | ||
+ | Main PID: 1216 (master) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
- | * <code ini> | + | Oct 15 11:11:26 server60.idmz.tachtler.net systemd[1]: Starting Postfix Mail... |
- | + | Oct 15 11:11:26 server60.idmz.tachtler.net postfix/postfix-script[1214]: | |
- | Angabe von Clients, welche die '' | + | Oct 15 11:11:26 server60.idmz.tachtler.net |
- | + | Oct 15 11:11:26 server60.idmz.tachtler.net systemd[1]: Started Postfix Mail ... | |
- | ^ Information | + | Hint: Some lines were ellipsized, use -l to show in full. |
- | | Dokumentation | + | </ |
- | + | ||
- | * <code ini> | + | |
- | -o smtpd_helo_restrictions= | + | |
- | -o smtpd_sender_restrictions= | + | |
- | -o smtpd_relay_restrictions=permit_mynetworks, | + | |
- | -o smtpd_recipient_restrictions= | + | |
- | -o smtpd_data_restrictions= | + | |
- | -o smtpd_end_of_data_restriction= | + | |
- | -o smtpd_etrn_restrictions=</ | + | |
- | + | ||
- | Setzen der einzelnen Restrictions auf leeren Inhalt, somit finden keinerlei Prüfungen bei der Wiedereinlieferung nach [[http://www.postfix.org|Postfix]] statt. **Eine Ausnahme von diesen Regelungen besteht bei den '' | + | |
- | + | ||
- | * <code ini></ | + | |
- | abc |
tachtler/postfix_centos_7_-_amavis_anbinden_amavisd-milter.txt · Zuletzt geändert: 2015/10/19 11:22 von klaus