postfix (main.cf)

arquivo de configuração do Postfix com restrições por cabeçalho, corpo, restrição de envio para usuários do próprio dominio, relay fechado, restrição por envio e recebimento de arquivos com extensões supeitas de virus, configuração para o amavis, tudo comentado por mim em portugues.
tiagodge
Por Tiago D.G em 02/03/2006
Hits: 39.561 Categoria: Networking
Download main.cf
Esconder código-fonte
###############################################################################
###############################SOFT BOUNCE#####################################
###############################################################################
# Parametro utilizado quando se configura um antivirus para email.
soft_bounce = yes

#Localização de todos os comandos do Postix
command_directory = /usr/sbin

#Localização de todos deamons do Postfix (Definidos no master.cf)
daemon_directory = /usr/lib/postfix

# Usuário responsável pela queue Postfix e por grande parte dos deamons. Use um usuário exclusivo para essa definição.

default_privs = tiago

default_privs = tiago

#Nome dos servidores e nome da maquina que é servidor

#Nome da máquina que funciona como servidor de email
#myhostname = hostname

# Dominio ao qual a máquina pertence.
#mydomain = domainname

###############################################################################
################################SENDING MAIL###################################
###############################################################################
# Domínio que deve ser anexado aos cabeçalhos de emails que são recebidos e/ou enviados pelo MTA. 

###############################################################################
################################RECEIVING MAIL#################################
###############################################################################
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#Lista de domínios que o servidor é o responsável pelo destino final.
#mydestination = $myhostname, localhost.$mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,

###############################################################################
#####################REJECTING MAIL FOR UNKNOWN LOCAL USERS####################
###############################################################################
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

# Unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450

###############################################################################
########################TRUST AND RELAY CONTROL################################
###############################################################################

# Lista de endereços que tem permissões de enviar emails (relays) através do Postfix. Existem duas maneiras de definir isso, manualmente (através de mynetworks) ou automaticamente(mynetworks_style).
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

# Definição manual de endereços  que tem permissões de enviar emails (relay)atraves do postfix.
mynetworks = 192.168.201.0/24, 192.168.202.0/24, 127.0.0.0/8,
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#Quais destinos (dominios) serão aceitos para serem processados. Por padrão o Postfix tem relay para:
# - Clientes confiáveis (especificados por $mynetworks ou $mynetworks_style) para qualquer destino.
# - De qualquer origem, clientes não-confiáveis, para os destinos especificados por relay_domains. O valor padrão deste parametro é mydestination.
#
relay_domains = $mydestination, curimbaba.com.br

# Maquina padrão para ser enviada um email não local quando nenhuma entrada é encontrada na tabela opcional transport(5). Quando não definido, os emails localmente repassando isso para o servidor de email do ISP, por exemplo.

#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
#in_flow_delay = 1s

###############################################################################
############################ALIAS##############################################
###############################################################################

# Uma característica bastante importante do sistema de correio eletrônico está na possibilidade de criar aliases. Isso permite que o usuário tenha uma série de apelidos para a sua caixa postal.

#Alias_map especifica o arquivo responsável pela base de dados de alias usados pelo MTA para entregar os emails

#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/postfix/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

# Base de dados para a entrega feita por local(8), podendo ser atualizada através do comando "newaliases". Isso é um parametro de configuração a parte, pois nem todas as tabelas especificadas em alias_map são arquivos locais.

#alias_database = dbm:/etc/aliases
alias_database = hash:/etc/postfix/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

###############################################################################
########################DELIVERY TO MAILBOX####################################
###############################################################################

# Parametro opcional que define o path do arquivo de mailboxes relativo ao home dir dos usuários. Implementa o estilo de mailbo chamado de Maildir

#home_mailbox = maildir/
mailbox_command = /usr/bin/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =

#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local

############################################################################### 
##############################FAST ETRN SERVICE################################
###############################################################################

# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION
# Nível de debug
debug_peer_level = 2

# Parâmetros para o debug
#debugger_command =
#    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
#    xxgdb $daemon_directory/$process_name $process_id & sleep 5

# Caminho do Sendmail
sendmail_path = /usr/sbin/sendmail
 
# Caminho do Newaliases
newaliases_path = /usr/bin/newaliases

# Caminho do Mailq
mailq_path = /usr/bin/mailq

# Grupo do Postfix
setgid_group = postdrop

# Diretório do Manual
manpage_directory = /usr/local/man
 
# Diretório de Exemplos
sample_directory = /etc/postfix/sample

readme_directory = no

#smtpd_sasl_auth_enable = yes

# Tamanho da caixa do usuário ( 50 Megas )
mailbox_size_limit = 51200000

# Tamanho máximo da mensagem (5/ 10 Megas ) 10=10240000
message_size_limit = 10240000

# Número máximo de destinatários no mesmo e-mail
smtpd_recipient_limit = 2500

# Respeita RFC 821 - MAIL FROM e RCPT TO
strict_rfc821_envelopes = yes

# Ativo checagem de helo
smtpd_helo_required = yes

# Desabilitada VRFY
disable_vrfy_command = yes

# Habilita requisição de HELO/EHLO
smtpd_helo_required = yes

###############################################################################
###############################Listas de RBL###################################
###############################################################################

#Obs.: Utilizar com cuidado as listas, pois algumas bloqueiam e-mails do Brasil. Mais informações em: http://www.dnsstuff.com
maps_rbl_domains = relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net

###############################################################################
######################RESTRIÇOES DE CLIENTES###################################
###############################################################################

# Restricão do cliente - Após o aceite da conexao SMTP
# Opção de restrição a nível de requisição de conexões de clientes SMTP. O padrão do Postfix é aceitar tudo.
smtpd_client_restrictions =
   # Checa conteúdo do CLIENT_ACCESS
   #check_client_access hash:/etc/postfix/client_access,
   # Permite "mynetwork"
   permit_mynetworks,
   # Permite conteudo do ACCESS
   #hash:/etc/postfix/access,
   # Quando não há entrada PTR do IP
   reject_unknown_client,
   # Bloqueio de dominios inválidos
   reject_unknown_sender_domain,
   # Bloqueio comando para forçar entrega
   #reject_unauth_pipelining,
   # Bloqueia IP's listados em RBL
   reject_rbl_client maps_rbl_domains

###############################################################################
##########################RESTRIÇOES DE HELO###################################
###############################################################################

# Restricão durante comando HELO/EHLO
smtpd_helo_restrictions =
#    Permite "mynetwork"
   permit_mynetworks,
#   # Quando não é informado o hostname
   reject_invalid_hostname,
#   # Quando não existe entrada DNS A ou MX
   reject_unknown_hostname,
#   # Quando o hostname não apresenta hostname válido
   reject_non_fqdn_hostname,
#   # Bloqueio comando para forçar entrega
   reject_unauth_pipelining, 
#   # Bloqueia IP's listados em RBL
   reject_rbl_client maps_rbl_domains

###############################################################################
######################RESTRICAO DE ENVIO(SENDER)###############################
###############################################################################

# Restriçoes opcionais que o Postfix aplica no valor definido no comando mail from. O padrão é permitir tudo.
#smtpd_sender_restrictions =
   # Permite "mynetwork"
#   permit_mynetworks,
   # Permite conteudo do ACCESS
   # Procura por especificações feitas em uma base para o endereço,o dominio etc
#   check_sender_access hash:/etc/postfix/access
   # Bloqueio quando não existe entrada DNS A ou MX
   # Rejeita a requisição quando o dominio especificado em MAIL FROM não tem um registro DNS A ou MX e o postfix
   # não é o destino final para o remetente.
#   reject_unknown_sender_domain,
   # Quando o hostname não apresenta hostname válido
   # Rejeita a requisição quando o dominio especificado em MAIL FROM não estiver em FQDN, conforme a RFC.
#   reject_non_fqdn_sender,
   # Bloqueio comando para forçar entrega.
#   reject_unauth_pipelining

###############################################################################
########################RESTRIÇÃO DE ENVIO POR USUARIO#########################
###############################################################################

#smtpd_restriction_classes = dominios_restritos
#dominios_restritos = check_sender_access hash:/etc/postfix/dominios_restritos, reject

###############################################################################
###################RESTRIÇÃO APLICADA AO RCP TO################################
###############################################################################

# Restricão aplicada no RCPT TO
# Restrições opcionais do Postfix  no que diz respeito a valores do campo RCPT_TO. Por padrão são definidos o 
#smtpd_recipient_restrictions =
   # Restricao de envio por usuario
#   hash:/etc/postfix/usuarios_restritos
   # Permite "mynetwork"
#   permit_mynetworks
   # Permite conteúdo do ACCESS
#   permit network e reject_unauth_destination
#   check_sender_access hash:/etc/postfix/access,
   # Bloqueia quando não existe entrada DNS A ou MX
#   reject_unknown_recipient_domain,
   # Quando o hostname não apresenta hostname válido
#   reject_non_fqdn_recipient,
   # Bloqueio comando para forçar entrega
#   reject_unauth_pipelining

###############################################################################
########################BLOQUEIO POR ASSUNTO E ANEXO###########################
###############################################################################

#Bloqueio por Assunto
header_checks = pcre:/etc/postfix/header_checks
#mime_header_checks = $header_checks
#nested_header_checks = $header_checks

###############################################################################
##########################Bloqueio por Conteúdo################################
###############################################################################

#body_checks = pcre:/etc/postfix/body_checks
#body_checks = hash:/etc/postfix/corpo
# Verifica os 50 K inicais
#body_checks_size_limit = 51200

## Outros comandos
# Todos os e-mails que chegam irão para e-mail abaixo
#always_bcc = email@meudominio.com.br

# Tamanho da mensagem de erro

# Tamanho máximo do HEADER aceito

# Entrega de e-mails para mesmo destino
smtp_destination_concurrency_limit = 20

#Tempo de reenvio de mensagem em fila
fast_flush_refresh_time = 12h

# Tempo de deleção de mensagem em fila
fast_flush_purge_time = 1d

# Tempo de mensagem em fila
maximal_queue_lifetime = 240m

###############################################################################
###############################VIRUS SCANNER###################################
###############################################################################

content_filter=smtp-amavis:[127.0.0.1]:10024

###############################################################################
##########################OPCOES DE TRANSPORTE#################################
###############################################################################

transport_maps = hash:/etc/postfix/transport

###############################################################################
###############RESTRIÇÃO DE ENVIO PARA ALGUNS USUARIOS#########################
###############################################################################

#Restrição de envio para usuários contidos em restricted_senders e libera apenas para dominios contidos em local_domain
smtpd_recipient_restrictions =
 check_sender_access hash:/etc/postfix/restricted_senders,
 permit_mynetworks,
 check_relay_domains
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
#1 Comentário enviado por removido em 18/12/2007 - 19:11h
?comentario= amigo, estou com um problema veja se pode me ajudar!

atualizei o meu antivirus e depois disso nao consiguia enviar e nem receber emails, tive que comentar a linha

content_filter=smtp-amavis:[127.0.0.1]:10024

segue o erro quando nao comento:

[root@box etc]# tail -f /var/log/maillog | grep @yahoo.com.br
Dec 18 19:32:28 box postfix/smtp[15119]: D30592C004: to=<inasimbsb@yahoo.com.br>, relay=127.0.0.1[127.0.0.1], delay=1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=15068-01, virus_scan FAILED: virus_scan ALL FAILED: (in reply to end of DATA command))

pesquisei na internet e dissera que tem que voltar uma lib do antivirus, que a mcaffe tem esse problema, mas nao diz como... tambem nao sei

ajuda nois!

abracos
postfix (main.cf)

Outros confs deste autor

Leitura recomendada

Comentários

Contribuir com comentário
