control config on safety + multiple domain question

Discussion in 'Server Operation' started by falcon5, Oct 9, 2007.

Thread Status:
Not open for further replies.
  1. falcon5

    falcon5 New Member

    Hi,

    I've a falko like postfix, mysql courier-imap-ssel config and I would like to have one domain (domain1.ext) as external fully independent domain. I mean by an external domain: a server config for that particular domain which is capable of sending mails all over the world or to the outside world.
    The other domain (domain2.ext) should only be used for internal use in the company except for a very limited number of addresses which should do both internal and external communication.

    Also domain2.ext should have a disclaimer implemented if possible and not domain1.ext.

    Thanks in advance,
    Falcon5

    Bellow is my config.
    Could anyone look at it and tell me if it's safe as it is now?

    main.cf
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    alias_maps = hash:/etc/aliases
    mydestination = mail.domain2.ext, localhost, localhost.localdomain
    mynetworks = 212.68.*.*, 193.190.*.*, 127.0.0.0/8, 192.168.*.*/24, 192.168.*.*/24, 192.168.2.0/24
    relayhost = smtp.ISP.com
    myhostname = server.domain2.ext

    virtual_alias_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_alias_maps.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /share/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/mysql_virtual_domains_maps.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_maps.cf
    virtual_minimum_uid = 5000
    virtual_transport = virtual
    #maildrop_destination_recipient_limit = 1
    virtual_uid_maps = static:5000

    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes


    #smtpd_recipient_restrictions =
    # permit_mynetworks,
    # permit_sasl_authenticated,
    # reject_unauth_destination,
    # reject_unauth_pipelining,
    # reject_non_fqdn_hostname,
    # reject_non_fqdn_sender,
    # reject_non_fqdn_recipient,
    # reject_invalid_hostname,
    # reject_unknown_sender_domain,
    # reject_unknown_recipient_domain,
    # reject_rbl_client bl.spamcop.net,
    # reject_rbl_client sbl.spamhaus.org,
    # reject_rbl_client t1.dnsbl.net.au,
    # reject_rbl_client dnsbl.njabl.org,
    # reject_rbl_client blackholes.mail-abuse.org,
    # permit

    smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_rbl_client multi.uribl.com,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client combined.rbl.msrbl.net,
    reject_rbl_client rabl.nuclearelephant.com,
    permit


    disable_vrfy_command = yes
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous

    smtpd_helo_required = yes
    smtpd_helo_restrictions =
    permit_mynetworks,
    reject_invalid_hostname,
    reject_unknown_hostname,
    reject_non_fqdn_hostname,
    warn_if_reject

    strict_rfc821_envelopes = yes
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554

    smtpd_data_restrictions =
    reject_unauth_pipelining,
    permit

    smtpd_sender_restrictions=
    permit_mynetworks,
    reject_unknown_address,
    reject_unauth_pipelining

    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain2.ext.crt
    smtpd_tls_key_file = /etc/postfix/ssl/mail.domain2.key
    smtpd_tls_loglevel = 2
    smtpd_tls_received_header = yes
    smtpd_tls_ask_ccert = yes

    transport_maps = hash:/etc/postfix/transport
    vacation_destination_recipient_limit = 1

    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps


    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Please don't double-post.
     
Thread Status:
Not open for further replies.

Share This Page