Read
Virtual postfix - http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1
Content inspection & redirect - http://www.postfix.org/header_checks.5.html
Postfix virtual hosting
Postfix Smarthost
Massmail handling
Postfix basic installation
I'm installing postfix2.4.3 from source over a server that has postfix-2.2 installed via rpm.tar zxvf postfix-2.4.3.tar.gz cd postfix-2.4.3 make -f Makefile.init makefiles make makefiles CC=/usr/bin/gcc make make install # All defaults answers are good.
With mysql and dovecot
make -f Makefile.init makefiles \ 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH \ -DDEF_SERVER_SASL_TYPE=\"dovecot\"' \ 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm'
Enabling SPF on postfix
Get add-on from http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.004.tar.gzInstall perl module Mail::SPF
perl -MCPAN -e 'install Module::Build' perl -MCPAN -e 'install Mail::SPF'
Install the add-on
tar zxvf postfix-policyd-spf-perl-2.004.tar.gz cd postfix-policyd-spf-perl-2.004 cp postfix-policyd-spf-perl /usr/libexec/postfix/policyd-spf-perl
Then append the following to the end of /etc/postfix/master.cf
policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
Then edit /etc/postfix/main.cf, change the line smtpd_recipient_restrictions to
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy
If you do not have smtp auth enabled, the line should just be
smtpd_recipient_restrictions = check_policy_service unix:private/policy
You should see this in your maillog:
www postfix/smtpd[3779]: connect from ug-out-1314.google.com[66.249.92.174] www postfix/policy-spf[3785]: handler sender_policy_framework: is decisive. www postfix/policy-spf[3785]: : Policy action=PREPEND Received-SPF: pass (gmail.com ... _spf.google.com: 66.249.92.174 is authorized to use 'sender@domain.com' in 'mfrom' identity (mechanism 'ip4:66.249.80.0/20' matched)) receiver=domain2.com; identity=mfrom; envelope-from="sender@domain.com"; helo=ug-out-1314.google.com; client-ip=66.249.92.174 www postfix/smtpd[3779]: A146A354A0C: client=ug-out-1314.google.com[66.249.92.174] www postfix/cleanup[3786]: A146A354A0C: message-id=<85e064830706270118x30df8ba4ua4f012c34821505f@mail.gmail.com> www postfix/qmgr[3365]: A146A354A0C: from=<sender@domain.com>, size=2287, nrcpt=1 (queue active) www postfix/local[3788]: A146A354A0C: to=<recipient@domain2.com>, relay=local, delay=1.1, delays=1.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) www postfix/qmgr[3365]: A146A354A0C: removed www postfix/smtpd[3779]: disconnect from ug-out-1314.google.com[66.249.92.174]
spamassassin and postfix
Create useruseradd -s /bin/false spamd
Edit master.cf
smtp inet n - - - - smtpd
-o content_filter=spamassin
spamassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Not working, check the followings:
- Your client need to deliver via network, not using sendmail.
- You have spamassass service started.
whitelist/blacklist
local.cf
# Whitelist important senders
whitelist_from *@gooddomain.tld
# Blacklist bad senders
blacklist_from *@baddomain.tld
whitelist_from *@gooddomain.tld
# Blacklist bad senders
blacklist_from *@baddomain.tld
More reading: http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
spamassin web admin
This tool will let you edit the preference file http://wiki.apache.org/spamassassin/WebUserInterfacesI point it to /var/spool/spamd/.spamassassin/user_prefs, which is the server-wide preference file used in this particular installation. Haven't figured out how to set up postfix+spamassin with user preference files.
Postfix and Dspam
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}Reducing spam
Set the following optionssmtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 smtpd_helo_restrictions = reject_invalid_hostname smtpd_sender_restrictions = check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient --- smtpd_delay_reject = yes smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rbl_client combined.njabl.org, reject_rbl_client dnsbl.sorbs.net
For the version I installed, mails will be accepted for delivery even if there is no SPF record. But I haven't tested the scenario where SPF records says mail is coming from the wrong domain. Maybe later.
Block senders
http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/SMTP routes or transport maps
Add the following to main.cf:transport_maps = hash:/etc/postfix/transport proxy_read_maps = $transport_maps
Then create /etc/postfix/transport in this format. line 2 says all sub domains should be routed there as well
domain.tld smtp:1.2.3.4 .domain.tld smtp:1.2.3.4
Run postmap /etc/postfix/transport to create the hash.
