compatibility_level = 2
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5soft_bounce = no
smtputf8_enable = no
bounce_template_file = /etc/postfix/bounce.cf
delay_warning_time = 1h
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mx1.mydomain.ru
mydomain = mydomain.ru
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = localhost.$mydomain, localhost, $myhostname
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8,172.20.0.15,172.20.0.16,172.20.0.10,172.20.0.11
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtp_generic_maps = hash:/etc/postfix/maps/generic
smtpd_banner = Hi, the SMTP server $myhostname is ready.
sendmail_path = /usr/sbin/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
mysql:/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
smtpd_sender_login_maps = unionmap:{
mysql:/etc/postfix/mysql/sender_verify.cf,
pcre:/etc/postfix/maps/sender_verify.pcre}
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
policy-spf_time_limit = 3600s
reversehn_time_limit = 3600s
########### 1 START client_restrictions #############
smtpd_client_restrictions =
sleep 3,
reject_unauth_pipelining,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/maps/access_client,
check_client_access pcre:/etc/postfix/maps/access_client.pcre,
permit_mynetworks,
########### 1 END client_restrictions #############
########### 2 START helo_restrictions #############
smtpd_helo_restrictions =
permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/maps/access_helo,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_hostname,
reject_invalid_hostname,
########### END helo_restrictions #############
########### 4 START sender_restrictions #############
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/maps/access_sender,
reject_authenticated_sender_login_mismatch,
reject_non_fqdn_sender,
permit_sasl_authenticated,
reject_unknown_sender_domain,
########### END sender_restrictions #############
########### 5 START recipient_restrictions #############
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/maps/access_recipients,
check_sender_access hash:/etc/postfix/maps/access_sender,
check_sender_access regexp:/etc/postfix/maps/reject_sender.regexp,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit_sasl_authenticated,
check_policy_service unix:private/policy-spf,
warn_if_reject reject_unknown_reverse_client_hostname,
check_policy_service unix:private/reversehn,
check_policy_service inet:localhost:10023,
#### RBL списки
reject_rhsbl_client xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.dblack.mail.abusix.zone,
reject_rhsbl_helo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.dblack.mail.abusix.zone,
reject_rhsbl_sender xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.dblack.mail.abusix.zone,
Permit_dnswl_client xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.white.mail.abusix.zone
reject_rbl_client xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.combined.mail.abusix.zone,
permit
########### END recipient_restrictions #############
########### 6 START data_restrictions #############
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce
########### END data_restrictions #############
# Настройка сертификатов, SSL
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/certs/privkey.pem
smtpd_tls_cert_file = /etc/postfix/certs/fullchain.pem
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_ciphers = low
smtpd_tls_ciphers = low
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = low
smtp_tls_mandatory_ciphers = low
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_policy_maps = hash:/etc/postfix/maps/tls_policy_maps
smtp_tls_note_starttls_offer = yes
message_size_limit = 27000000
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 15
smtpd_error_sleep_time = 20
smtpd_client_event_limit_exceptions = 127.0.0.0/8
smtpd_client_connection_limit_exceptions = 127.0.0.0/8
bounce_queue_lifetime = 1d
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_tls_auth_only = no
virtual_mailbox_base = /var/mail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# MILTERS
smtpd_milters = inet:127.0.0.1:8891, local:opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 6
smtpd_sasl_authenticated_header = yes
queue_run_delay = 2m
minimal_backoff_time = 5m
maximal_backoff_time = 10m
maximal_queue_lifetime = 1d
anvil_rate_time_unit = 60s
spamassassin_destination_recipient_limit = 1
recipient_delimiter = +
Вариант для распечатки
