Last active
August 29, 2015 14:17
-
-
Save phryneas/09d3d88f0a4bfdf4884d to your computer and use it in GitHub Desktop.
postfix configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# as by http://www.postfix.org/SMTPD_ACCESS_README.html | |
smtpd_delay_reject = yes | |
disable_vrfy_command = yes | |
smtpd_helo_required = yes | |
smtpd_client_restrictions = | |
permit_mynetworks | |
smtpd_helo_restrictions = | |
permit_mynetworks, | |
permit_sasl_authenticated, | |
reject_invalid_helo_hostname, | |
reject_non_fqdn_helo_hostname, | |
reject_unknown_helo_hostname | |
smtpd_sender_restrictions = | |
reject_unknown_sender_domain | |
smtpd_relay_restrictions = | |
permit_mynetworks, | |
permit_sasl_authenticated, | |
reject_unauth_destination | |
smtpd_recipient_restrictions = | |
# send everything originating from localhost | |
permit_mynetworks, | |
# send everything logged in | |
permit_sasl_authenticated, | |
# reject_unauth_destination is not needed here if the mail relay policy is specified under smtpd_relay_restrictions (available with Postfix 2.10 and later). | |
# highly trusworthy server, always allow | |
permit_dnswl_client list.dnswl.org=127.0.[0..255].[3], | |
# block everything where the sending ip is a known spammer | |
reject_rbl_client zen.spamhaus.org, | |
# block where the sending domain is a known spammer | |
reject_rhsbl_sender dbl.spamhaus.org, | |
# trustworthy server, allow if now blocked bs spamhaus | |
permit_dnswl_client list.dnswl.org=127.0.[0..255].[2], | |
# everything else goes through greylisting | |
check_policy_service inet:127.0.0.1:10023 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment