bonjour à tous,
je suis sous etch et j ai un serveur mail tournant sous postifx,dspam,dovecot,roundcube,clamav,procmail,mysql
mes mails entrant sont scannes ,la aucun soucis mes j aimerais filtrer mes mails sortant…
mais je ne vois pas comment rajouter cette directive ds le master.cf
si qq un avait une idee en attendant je post mon main.cf et master.cf
myhostname = monserveur
mydomain = mondomaine
myorigin = $mydomain
mynetworks = 127.0.0.0/8, monippublique
2bounce_notice_recipient = admin
bounce_notice_recipient = admin
bounce_service_name = bounce
double_bounce_sender = double-bounce
error_notice_recipient = admin
show_user_unknown_table_name = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
#inet_interfaces = 127.0.0.1, monippublique
inet_interfaces = all
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
nested_header_checks =
mime_header_checks = regexp:/etc/postfix/mime_checks
smtpd_banner = Server $myhostname ESMTP
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
delay_warning_time = 1h
#bounce_template_file = /etc/postfix/bounce.cf
message_size_limit : email size allowed by Postfix (here, around 40 MB)
message_size_limit = 40971520
mailbox_size_limit only applies to local mailboxes.
we do NOT use local mailboxes but still set it just in case
mailbox_size_limit = 1048576000
The minimal amount of free space in bytes in the queue file system that is needed to receive mail (around 150 Mb here)
queue_minfree = 150000000
setgid_group = postdrop
mail_owner = postfix
notify_classes = resource,software
disable_vrfy_command = yes
smtpd_helo_required = yes
biff = no
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 5
smtpd_soft_error_limit = 2
default_process_limit = 50
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
ppend_dot_mydomain = no
Client restrictions : which clients postfix will accept in SMTP connections
Allowing LAN users, SASL authenticated users.
Else, RBL checks against the client. If client is listed, the SMTP connection is discarded and is not going to the next step (MAIL FROM).
smtpd_client_restrictions =
permit_mynetworks
# permit_sasl_authenticated required, without that, the remote client would be checked against the RBL
# If listed in the RBL, your trusted client would not be able to send using SMTP AUTH !
permit_sasl_authenticated
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org
Sender restrictions : what postfix will accept in MAIL FROM command
Reject non FQDN email address from senders (as required by the RFC)
smtpd_sender_restrictions =
reject_non_fqdn_sender
Recipient restrictions : what postfix will accept in the RCPT TO command
Relay : will allow users on the LAN, SASL authenticated users.
Will reject anything else unless “RCPT TO” matches relay_domains or Postfix is the final destination
smtpd_recipient_restrictions =
permit_mynetworks
# allow SMTP authenticated users
permit_sasl_authenticated
reject_unauth_destination
check_policy_service unix:private/policy
The following is needed for any setting that uses the proxy:mysql scheme
proxy_read_maps =
$virtual_alias_maps
$virtual_mailbox_maps
$virtual_mailbox_domains
$virtual_mailbox_limit_maps
MySQL + virtual mailboxes + quota
virtual_mailbox_base = /var/spool/maildirs
virtual_mailbox_maps = proxy:mysql:/etc/postfix/vmailsql/vmailbox
virtual_mailbox_domains = proxy:mysql:/etc/postfix/vmailsql/vdomain
virtual_alias_maps = proxy:mysql:/etc/postfix/vmailsql/valias
transport_maps used for autoreply/vacation system and DSPAM retrain
virtual_transport for regular virtual domains
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
IMPORTANT uid and gid 1001 = vmail
virtual_minimum_uid = 1001
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit is the very maximum quota the system should allow (here around 1 Gb)
virtual_mailbox_limit = 1048576000
virtual_mailbox_limit_maps will check the actual quota for the mailbox
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/vmailsql/quota
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "This account is over quota"
virtual_overquota_bounce = yes
SMTP AUTH
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
Postfix TLS
Always put “smtpd_tls_auth_only = yes” on smtps interface in master.cf
smtpd_tls_auth_only = no
smtp_use_tls = no : the server won’t establish a TLS connection with remote servers offering STARTTLS
smtp_use_tls = yes
smtpd_use_tls = no : doesn’t offer STARTTLS to remote servers
smtpd_use_tls = yes
smtp_tls_note_starttls_offer : if set to yes, will log the STARTTLS offer made to remote servers
smtp_tls_note_starttls_offer = no
smtpd_tls_cert_file = /etc/ssl/nmy.be/smtp/smtp-cert.pem
smtpd_tls_key_file = /etc/ssl/nmy.be/smtp/smtp-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
We do NOT deliver emails to local users in this set up, leave this blank
alias_database =
alias_maps =
mon master.cf
Postfix master process configuration file. For details on the format
of the file, see the master(5) manual page (command: “man 5 master”).
==========================================================================
service type private unpriv chroot wakeup maxproc command + args
(yes) (yes) (yes) (never) (100)
==========================================================================
Incoming interface : header_checks, DSPAM and ClamAssassin checks
smtp inet n - n - - smtpd
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
-o header_checks=regexp:/etc/postfix/header_checks
SMTPS only available for remote users using SMTP AUTH
smtps inet n - n - 10 smtpd
-o content_filter=signature
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5
DSPAM will reinject emails into Postfix using this interface, will then pipe the reinjected email into procmail check (clamassassin)
localhost:10026 inet n - n - - smtpd
-o content_filter=procmail
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Outgoing interface : not scanning the content but appending a signature/disclaimer
#smtp inet n - n - - smtpd
-o content_filter=signature
Procmail for virus scan
For flags meaning, see “man 8 pipe”
procmail unix - n n - 10 pipe
flags=Rq user=filter argv=/usr/bin/procmail -Y -m /etc/postfix/procmail/master.rc ${sender} – ${recipient}
Signature/Disclaimer
signature unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/signature/disclaimer.sh -f ${sender} – ${recipient}
DSPAM Retrain (do not forget to edit /etc/postfix/transport)
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop $sender $recipient
Autoreply
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} – ${recipient}
#smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
====================================================================
Interfaces to non-Postfix software. Be sure to examine the manual
pages of the non-Postfix software to find out what options it wants.
Many of the following services use the Postfix pipe(8) delivery
agent. See the pipe(8) man page for information about ${recipient}
and other message envelope options.
====================================================================
maildrop. See the Postfix MAILDROP_README file for details.
Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
See the Postfix UUCP_README file for configuration details.
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
Other external delivery methods.
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl