История изменений
Исправление macik, (текущая версия) :
мне и не приходит спам. Ящик человека взломали на моем сервер. и от его имени слали спам на другие сервера. Первых 2 письма были тест, потом 10 именно с содержанием которое написал выше.
ну если охота, то читайте, конфиг
main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
mydestination = $myhostname, localhost, localhost.$myhostname
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mynetworks = 127.0.0.0/8
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
relayhost =
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
mime_header_checks = regexp:/etc/postfix/config/mime_header_checks
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
queue_run_delay=5m
minimal_backoff_time = 5m
maximal_backoff_time = 10m
message_size_limit = 26214400
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql-virtual-alias-maps.cf,proxy:mysql:/etc/postfix/sql/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_mailbox_base = /home/vmail
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 5000
mail_owner = postfix
setgid_group = postdrop
mailbox_transport = dovecot
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
tls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
smtpd_tls_key_file = /home/vmail/ssl/1.key
smtpd_tls_cert_file = /home/vmail/ssl/1.crt
smtpd_tls_CAfile = /home/vmail/ssl/AddTrustExternalCARoot.crt
proxy_read_maps = $local_recipient_maps $mydestination $smtpd_sender_login_maps $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $relay_recipient_maps $mynetworks
smtpd_restriction_classes = verify_sender, rbl_cbl_abuseat_org, rbl_sbl_spamhaus_org, rbl_dul_ru, rbl_client, rbl_spamcop, white_client_ip, black_client_ip, block_dsl, white_client, mx_access, helo_access_db
verify_sender = reject_unverified_sender, permit
rbl_cbl_abuseat_org = reject_rbl_client cbl.abuseat.org
rbl_client = reject_rbl_client dul.dnsbl.sorbs.net
rbl_dul_ru = reject_rbl_client dul.ru
rbl_sbl_spamhaus_org = reject_rbl_client sbl.spamhaus.org
rbl_spamcop = reject_rbl_client bl.spamcop.net
white_client_ip = check_client_access hash:/etc/postfix/config/white_client_ip
black_client_ip = check_client_access hash:/etc/postfix/config/black_client_ip
block_dsl = regexp:/etc/postfix/config/block_dsl
helo_access_db = check_helo_access hash:/etc/postfix/config/helo_checks_db
white_client = check_sender_access pcre:/etc/postfix/config/white_client
mx_access = check_sender_mx_access cidr:/etc/postfix/config/mx_access
smtpd_client_restrictions = black_client_ip,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
white_client_ip,
reject_unknown_client,
reject_unauth_pipelining,
block_dsl,
reject_unknown_address,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
rbl_dul_ru,
rbl_sbl_spamhaus_org,
rbl_spamcop,
rbl_cbl_abuseat_org,
permit
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
#helo_access,
helo_access_db,
reject_invalid_helo_hostname,
#reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permit
smtpd_sender_restrictions = reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040,
hash:/etc/postfix/config/access,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_multi_recipient_bounce,
permit,
check_policy_service inet:127.0.0.1:10023
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_reject_unlisted_recipient = yes
sender_bcc_maps = mysql:/etc/postfix/sql/sender_bcc.cf
recipient_bcc_maps = mysql:/etc/postfix/sql/recipient_bcc.cf
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
policy-spf_time_limit = 3600s
compatibility_level = 2
initial_destination_concurrency = 5
smtp_destination_concurrency_limit = 5
default_destination_recipient_limit = 15
default_destination_concurrency_limit = 5
default_destination_concurrency_failed_cohort_limit = 5
default_destination_rate_delay = 1
transport_retry_time = 30
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtp_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv1, !SSLv2, !SSLv3
Исправление macik, :
мне и не приходит спам. Ящик человека взломали на моем сервер. и от его имени слали спам на другие сервера. Первых 2 письма были тест, потом 10 именно с содержанием которое написал выше.
ну если охота, то читайте, конфиг
main.cf
ф
Исходная версия macik, :
причем тут это?!
мне и не приходит спам. Ящик человека взломали на моем сервер. и от его имени слали спам на другие сервера. Первых 2 письма были тест, потом 10 именно с содержанием которое написал выше.
ну если охота, то читайте, конфиг
main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
mydestination = $myhostname, localhost, localhost.$myhostname
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mynetworks = 127.0.0.0/8
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
relayhost =
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
mime_header_checks = regexp:/etc/postfix/config/mime_header_checks
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
queue_run_delay=5m
minimal_backoff_time = 5m
maximal_backoff_time = 10m
message_size_limit = 26214400
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql-virtual-alias-maps.cf,proxy:mysql:/etc/postfix/sql/mysql-email2email.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_mailbox_base = /home/vmail
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 5000
mail_owner = postfix
setgid_group = postdrop
mailbox_transport = dovecot
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
tls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
smtpd_tls_key_file = /home/vmail/ssl/zet_com_ua_privat.key
smtpd_tls_cert_file = /home/vmail/ssl/zet_com_ua.crt
smtpd_tls_CAfile = /home/vmail/ssl/AddTrustExternalCARoot.crt
proxy_read_maps = $local_recipient_maps $mydestination $smtpd_sender_login_maps $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $relay_recipient_maps $mynetworks
smtpd_restriction_classes = verify_sender, rbl_cbl_abuseat_org, rbl_sbl_spamhaus_org, rbl_dul_ru, rbl_client, rbl_spamcop, white_client_ip, black_client_ip, block_dsl, white_client, mx_access, helo_access_db
verify_sender = reject_unverified_sender, permit
rbl_cbl_abuseat_org = reject_rbl_client cbl.abuseat.org
rbl_client = reject_rbl_client dul.dnsbl.sorbs.net
rbl_dul_ru = reject_rbl_client dul.ru
rbl_sbl_spamhaus_org = reject_rbl_client sbl.spamhaus.org
rbl_spamcop = reject_rbl_client bl.spamcop.net
white_client_ip = check_client_access hash:/etc/postfix/config/white_client_ip
black_client_ip = check_client_access hash:/etc/postfix/config/black_client_ip
block_dsl = regexp:/etc/postfix/config/block_dsl
helo_access_db = check_helo_access hash:/etc/postfix/config/helo_checks_db
white_client = check_sender_access pcre:/etc/postfix/config/white_client
mx_access = check_sender_mx_access cidr:/etc/postfix/config/mx_access
smtpd_client_restrictions = black_client_ip,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
white_client_ip,
reject_unknown_client,
reject_unauth_pipelining,
block_dsl,
reject_unknown_address,
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
rbl_dul_ru,
rbl_sbl_spamhaus_org,
rbl_spamcop,
rbl_cbl_abuseat_org,
permit
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
#helo_access,
helo_access_db,
reject_invalid_helo_hostname,
#reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
permit
smtpd_sender_restrictions = reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040,
hash:/etc/postfix/config/access,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_multi_recipient_bounce,
permit,
check_policy_service inet:127.0.0.1:10023
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_reject_unlisted_recipient = yes
sender_bcc_maps = mysql:/etc/postfix/sql/sender_bcc.cf
recipient_bcc_maps = mysql:/etc/postfix/sql/recipient_bcc.cf
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
policy-spf_time_limit = 3600s
compatibility_level = 2
initial_destination_concurrency = 5
smtp_destination_concurrency_limit = 5
default_destination_recipient_limit = 15
default_destination_concurrency_limit = 5
default_destination_concurrency_failed_cohort_limit = 5
default_destination_rate_delay = 1
transport_retry_time = 30
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtp_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv1, !SSLv2, !SSLv3