This is my Postfix configuration (is working so fine but nothing is perfect, want to improve it ), here is my main.cf -------------------------------------------------------------------------------------- # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_use_tls = yes smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtp_use_tls = yes smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/urandom ### Checks to remove badly formed email smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = server1.xxxxx.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname #mydestination = server1.xxxx.com, localhost.xxxx.com, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unauth_pipelining, regexp:/etc/postfix/helo.regexp, permit smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, #reject_rbl_client dul.dnsbl.sorbs.net, BLOCKS DYNAMIC IP's reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, #reject_rbl_client dnsbl.sorbs.net, BLOCKS HOTMAIL reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names message_size_limit = 20480000 -------------------------------------------------------------------------------------- any improve if included sender_recipient_restrictions & client_restrictions? thk u all
You could integrate amavisd-new into Postfix for spam/virus fighting: http://www.howtoforge.com/amavisd_postfix_debian_ubuntu
