====== main.cf ======
http://www.postfix.org/postconf.5.html
debian 範例設定檔放在 /usr/share/postfix 中。
===== Basic =====
==== 變數 ====
引用的變數不需要事先定義
myhostname = host.domain.com
mydestination = $myhostname
mydestination = $myhostname
myhostname = host.domain.com
所以上面兩種設定方式皆可
==== 設定值 ====
以空白、逗號、Tab區隔
==== 外部設定檔 ====
可將設定值擺在外部檔案
mydestination = /etc/postfix/file
==== 註解 ====
# 開頭為註解,只可放在每一行第一個字:
# 這是註解
hostname = test.test.com # 這是不合法的註解
===== 接受外來的連線 =====
inet_interfaces = all
===== 主機名稱 =====
myhostname = mail.abc.orz
===== 主機所在網域 =====
mydomain = abc.orz
===== 可接收的郵件位址 =====
預設只接收和主機名稱相同的信件
mydestination = $myhostname, abc.orz, mail.abc.orz
===== 每封信件的容量上限 =====
message_size_limit = xxxx
單位為 byte 5120000 = 5MB
===== relay =====
=== mynetworks_style ===
* subnet - 同子網域
* class - 同 class
* host - 只有 localhost
=== mynetworks ===
優先權大於 mynetworks_style
mynetworks = 1.2.3.4 5.6.7.8
mynetworks = 7.8.9.0/24
mynetworks = abc.orz # *.abc.orz
===== SASL 認證 =====
透過 dovecot 來認證使用者。
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
===== TLS 加密 =====
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
===== postqueue =====
查詢尚未寄出的郵件
postqueue -p
==== queue 重送間隔 ====
queue_run_delay = 1000s # 5m, 1h, 7d, etc (5 min, 1 hour, 7day)
====== 更改退信訊息 ======
取得 postfix 原始檔,修改其中 src/bounce/bounce_notify_util.c 檔,然後重新編譯
====== 備份 ======
/etc/postifx
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/var/spool/mail
====== Reference ======
Postfix 技術手冊:http://books.google.com/books?id=H9yrO841raoC
====== Amavisd - Anti-Spam / Anti-Virus ======
===== For FreeBSD =====
http://www.wretch.cc/blog/chuchiming/15421032
http://blog.weithenn.org/2009/06/freebsdpostfix-amavisd-new-uvscan.html
經由 Amavisd 橋接,過濾垃圾信及病毒信。
portinstall security/amavisd-new security/clamav p5-Mail-SpamAssassin
編輯 amavisd.conf 設定
$mydomain = 'domain.name.tw';
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 25; # triggers spam evasive actions (e.g. blocks mail)
三個數值可依照需要修改。
設定各種問題信件的命運:
# $final_virus_destiny = D_DISCARD;
# $final_banned_destiny = D_BOUNCE;
# $final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
取消 ClamAV 的註解,並註解掉其他用不到的防毒方式。
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
編輯 postfix/master.cf,加上
smtp-amavis unix - - n - 2 smtp
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
編輯 postfix/main.cf,加上
content_filter = smtp-amavis:[127.0.0.1]:10024
編輯 /etc/rc.conf,加上
amavisd_enable="YES"
編輯 /etc/group,將 amavis 加入 clamav 的群組中,也將 clamav 加入 amavis 群組中
重新啟動 postfix、amavisd、clameav。
==== 參考 ====
* http://www.ijs.si/software/amavisd/
* http://antbsd.twbbs.org/~ant/FNP/Old/amavisd-new.htm
* http://www.freebsddiary.org/virus-scanning.php
* http://www200.pair.com/mecham/spam/bypassing.html
* http://wiki.shsh.ylc.edu.tw/index.php/MailServer
===== Debian =====
http://www.debian.org.tw/index.php/Amavisd-new