ist es möglich den namen localhost und localdomain in den FQDN mail.xxxxx.xx zu ändern ?
Code: Alles auswählen
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.xxxxx.xx (Postfix) with ESMTP id 0EC2940xxxx
Code: Alles auswählen
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.xxxxx.xx (Postfix) with ESMTP id 0EC2940xxxx
Code: Alles auswählen
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
myhostname = localhost.localdomain
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain = localdomain
Code: Alles auswählen
# SMTPd greeting banner: You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.
smtpd_banner = $myhostname
# Disable local biff service
biff = no
# Do not append the string $mydomain to -locally- submitted email.
append_dot_mydomain = no
# Readme directory
readme_directory = /usr/share/doc/postfix
# HTML directory
html_directory = /usr/share/doc/postfix/html
# Certificates
smtpd_tls_cert_file = /etc/ssl/mail.xxxx.eu.crt
smtpd_tls_key_file = /etc/ssl/mail.xxxxx.eu.key
smtpd_tls_CAfile = /etc/ssl/gd_bundle-g2-g1.crt
# Opportunistic TLS. TLS auth only.
smtpd_tls_security_level=may
smtpd_tls_auth_only=yes
# TLS session cache for SMTPd
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
# Log TLS handling
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
# Delay reject until RCPT TO
smtpd_delay_reject = yes
# Enable elliptic curve cryptography, "ultra" needs more cpu time
smtpd_tls_eecdh_grade = strong
# Sender, recipient, client and data restrictions
# !! non-FQDN HELOs are rejected on Port 25 only, see master.cf
# Auth. Benutzer dürfen auch innerhalb der "mynetworks" nur von den Adressen senden, die ihnen zugehörig sind.
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
# Erst jetzt werden "mynetworks" zugelassen
# Unauth. Benutzer wie der Cron-Dienst können so weiterhin Mails versenden, etwa
# als cron@fqdn
permit_mynetworks,
# Anderen unauth. Benutzern das Benutzen jeder Adresse verbieten.
reject_sender_login_mismatch,
# Alle auth. jetzt zulassen.
permit_sasl_authenticated,
# Nicht im System vorhandene Absender jetzt ablehnen
reject_unlisted_sender,
# Ablehnen, wenn die Sender-Domäne nicht existiert
reject_unknown_sender_domain
# Akzeptiere alle Empfänger, die ein authentifizierter Absender oder ein Absender aus "mynetworks" angibt
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
# Schnittstelle zu Dovecot, um die Quota live zu überprüfen (verhindert Bounces)
check_policy_service unix:private/quota-status,
# Ablehnen, wenn der HELO FQDN nicht aufzulösen ist
reject_unknown_helo_hostname,
# Ablehnen, wenn KEIN PTR zu dieser IP existiert
# Verhindert nicht, dass ein FALSCHER PTR abgelehnt wird!
# Hierfür würde "reject_unknown_client_hostname" verwendet.
reject_unknown_reverse_client_hostname,
# Kein offenes Relay
reject_unauth_destination
# Unauth. Benutzer dürfen ihre Befehle nicht "pipen"
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
# Eine Art Tabelle mit vorhanden Identitäten und ihren Zugehörigkeiten
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/postfix-mysql-virtual_alias_maps.cf
# Certificates
smtp_tls_cert_file = /etc/ssl/mail.xxxxx.eu.crt
smtp_tls_key_file = /etc/ssl/mail.xxxxx.eu.key
# Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_security_level=may
# TLS session cache for SMTP
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# A custom list with secure ciphers.
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
# Use the FQDN for the local hostname!
myhostname = mail.xxxxx.eu
# Alias maps and database for -local- delivery only
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to.
myorigin = mail.xxxxx.eu
# The list of domains that are delivered via the -local- mail delivery transport. No external domains like "domain.tld" belong here! "mail.xxxxx.eu" is fine.
mydestination = mail.xxxxx.eu, localhost
# We lookup MX records to send non-local mail, so this stays empty
relayhost =
# Trusted SMTP clients with more privileges. Trusted clients can relay mail.
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# The maximal size of any -local- individual mailbox
mailbox_size_limit = 0
# The maximal size of any -virtual- individual mailbox
virtual_mailbox_limit = 0
# Handle Postfix-style extensions
recipient_delimiter = +
# The network interface addresses that this mail system receives mail on.
inet_interfaces = all
# Specifies what protocols Postfix will use when it makes or accepts network connections, and also controls what DNS lookups Postfix will use when it makes network connections.
inet_protocols = ipv4
# VRFY command is not really needed anymore
disable_vrfy_command = yes
# Please say hello first...
smtpd_helo_required = yes
# The SASL plug-in type that the Postfix SMTP server should use for authentication.
smtpd_sasl_type=dovecot
# Where to passthrough our authentication information for the above plug-in
smtpd_sasl_path=private/auth_dovecot
# Enable SASL authentication in the Postfix SMTP server.
smtpd_sasl_auth_enable = yes
# Report the SASL authenticated user name in the smtpd Received message header.
smtpd_sasl_authenticated_header = yes
# Have Postfix advertise AUTH support in a non-standard way.
broken_sasl_auth_clients = yes
# The lookup tables that the proxymap server is allowed to access for the read-only service.
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
## Virtual transport configuration
# A prefix that the virtual delivery agent prepends to all pathname results from $virtual_mailbox_maps
virtual_mailbox_base = /
# THIS contains a list of domains we are the final destination for (unlike "mydestination").
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/postfix-mysql-virtual_domains_maps.cf
# Alias specific mail addresses or domains to other local or remote address.
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/postfix-mysql-virtual_alias_maps.cf
# Specify a left-hand side of "@domain.tld" to match any user in the specified domain
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/postfix-mysql-virtual_mailbox_maps.cf
# The minimum user ID value that the virtual delivery agent accepts
virtual_minimum_uid = 5000
# We use "vmail" user with UID/GID 5000 to lookup tables
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# The default mail delivery transport and next-hop destination for final delivery to domains listed with "virtual_mailbox_domains"
virtual_transport = lmtps:unix:private/dovecot-lmtp
transport_maps = mysql:/etc/postfix/mysql/postfix-mysql-virtual_transport_maps.cf
## Queue configuration
# Consider a message as undeliverable, when delivery fails with a temporary error, and the time in the queue has reached this limit.
maximal_queue_lifetime = 1d
# Consider a bounce message as undeliverable, when delivery fails with a temporary error, and the time in the queue has reached this limit.
bounce_queue_lifetime = 1d
# The time between deferred queue scans by the queue manager.
queue_run_delay = 300s
# The maximal/minimal time between attempts to deliver a deferred message.
maximal_backoff_time = 1800s
minimal_backoff_time = 300s
# Maximum mail size (500 MiB)
message_size_limit = 524288000
# This tarpits a client after 3 erroneous commands for 10s
smtpd_soft_error_limit = 3
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
postscreen_access_list = permit_mynetworks
# Drop connections from blacklisted servers with a 521 reply
postscreen_blacklist_action = drop
# Clean Postscreen cache after 24h
postscreen_cache_cleanup_interval = 24h
postscreen_dnsbl_ttl = 5m
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
b.barracudacentral.org=127.0.0.2*7
dnsbl.inps.de=127.0.0.2*7
bl.mailspike.net=127.0.0.2*5
bl.mailspike.net=127.0.0.[10;11;12]*4
dnsbl.sorbs.net=127.0.0.10*8
dnsbl.sorbs.net=127.0.0.5*6
dnsbl.sorbs.net=127.0.0.7*3
dnsbl.sorbs.net=127.0.0.8*2
dnsbl.sorbs.net=127.0.0.6*2
dnsbl.sorbs.net=127.0.0.9*2
zen.spamhaus.org=127.0.0.[10;11]*8
zen.spamhaus.org=127.0.0.[4..7]*6
zen.spamhaus.org=127.0.0.3*4
zen.spamhaus.org=127.0.0.2*3
hostkarma.junkemailfilter.com=127.0.0.2*3
hostkarma.junkemailfilter.com=127.0.0.4*1
hostkarma.junkemailfilter.com=127.0.1.2*1
wl.mailspike.net=127.0.0.[18;19;20]*-2
hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_greet_banner = $smtpd_banner
postscreen_greet_action = enforce
postscreen_greet_wait = 3s
postscreen_greet_ttl = 2d
postscreen_bare_newline_enable = no
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache