control my main cf plz + multiple domain question Hi, I've a falko like postfix, mysql courier-imap-ssel config and I would like to have one domain (domain1.ext) as external fully independent domain. I mean by an external domain: a server config for that particular domain which is capable of sending mails all over the world or to the outside world. The other domain (domain2.ext) should only be used for internal use in the company except for a very limited number of addresses which should do both internal and external communication. Also domain2.ext should have a disclaimer implemented if possible and not domain1.ext. Thanks in advance, Falcon5 Bellow is my config. Could anyone look at it and tell me if it's safe as it is now? main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h alias_maps = hash:/etc/aliases mydestination = mail.domain2.ext, localhost, localhost.localdomain mynetworks = 212.68.*.*, 193.190.*.*, 127.0.0.0/8, 192.168.*.*/24, 192.168.*.*/24, 192.168.2.0/24 relayhost = smtp.ISP.com myhostname = server.domain2.ext virtual_alias_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /share/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5000 virtual_transport = virtual #maildrop_destination_recipient_limit = 1 virtual_uid_maps = static:5000 virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes #smtpd_recipient_restrictions = # permit_mynetworks, # permit_sasl_authenticated, # reject_unauth_destination, # reject_unauth_pipelining, # reject_non_fqdn_hostname, # reject_non_fqdn_sender, # reject_non_fqdn_recipient, # reject_invalid_hostname, # reject_unknown_sender_domain, # reject_unknown_recipient_domain, # reject_rbl_client bl.spamcop.net, # reject_rbl_client sbl.spamhaus.org, # reject_rbl_client t1.dnsbl.net.au, # reject_rbl_client dnsbl.njabl.org, # reject_rbl_client blackholes.mail-abuse.org, # permit smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit disable_vrfy_command = yes smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, warn_if_reject strict_rfc821_envelopes = yes invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_sender_restrictions= permit_mynetworks, reject_unknown_address, reject_unauth_pipelining smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain2.ext.crt smtpd_tls_key_file = /etc/postfix/ssl/mail.domain2.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes transport_maps = hash:/etc/postfix/transport vacation_destination_recipient_limit = 1 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
I think the disclaimer can be added by some kind of Postfix filter: http://www.postfix.org/FILTER_README.html Your main.cf looks ok.
OK thanks a lot. Is there a way to have one domain which is able to send to the outside world an another which is not except for a limited number of addresses. I guess Mysql config... BTW for the disclaimer I would like to have something in Mysql so that i can write a PHP script for it... Thanks in advance.