○ main.cf

・postfix-2.8.5で使っています
・完全コピーしないこと (エラーが出ることあり)

橙色文字 SASL認証 (DOVECOT) 追加分 (必要なければ削除)
青色文字 s25r+Starpit (必要なければ削除)
緑色文字 TLS (SSL) 接続を使う場合 (必要なければ削除)
赤色文字 postscreen を使う場合 (必要なければ削除)
・ヴァージョンUPにともない パラメータ値 に変更があります
・postfixドキュメント等で充分に確認してください
・dbファイルの情報は"# db_stat -d ファイル名"で確認できます
紫色文字 (変更追加分)

○/etc/postfix/main.cf

 
001 

 
002
003
004
005

 
006
007

 
008
009
010
011
012

 
013
014

 
015
016
017
018
019
020
021
022
023

 
024
025
026
027

 
028
029
030
031
032
033

034
035
036
037

038

039
040
041
042
043
044
045
046
047
048
049

050

 
051
052
053
054
055

 
056

 
057

 
058

 

 

 

 
059
060
061
062
063
064
065
066

 
067

 
068
069
070
071

 
 
072
073
074
075
076
077
078
079
080
081

 
082
083

 
084

 
085
086
087

 
088
089

 
090
091
092
093
094
095

096
097
098
099

100
101
102
103

 
104
105
106
107
108
109
110
111

112

113

 
114
115
116
117
118

 
119
120
121
122
123
124
125
# SOFT BOUNCE
#soft_bounce = no

# LOCAL PATHNAME INFORMATION
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix

# QUEUE AND PROCESS OWNERSHIP
mail_owner = postfix
#default_privs = nobody

# INTERNET HOST AND DOMAIN NAMES
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.528p.com
#mydomain = domain.tld
mydomain = 528p.com

# SENDING MAIL
#myorigin = $myhostname
myorigin = $mydomain

# RECEIVING MAIL
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain

# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
unknown_local_recipient_reject_code = 550

# TRUST AND RELAY CONTROL
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
mynetworks = 192.168.0.0/24, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

smtpd_sasl_auth_enable = yes
#broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_helo_required = yes

smtpd_client_restrictions = permit_mynetworks,
    check_client_access regexp:/etc/postfix/white-list.txt,
    check_client_access regexp:/etc/postfix/tarpit_client,
    reject_unknown_client_hostname
smtpd_helo_restrictions = permit_mynetworks,
    reject_invalid_helo_hostname,reject_unknown_helo_hostname
smtpd_sender_restrictions = permit_mynetworks,
    check_sender_access hash:/etc/postfix/access,
    reject_non_fqdn_sender,reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,reject_unauth_destination

#relay_domains = $mydestination

# INTERNET OR INTRANET
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

# REJECTING UNKNOWN RELAY USERS
#relay_recipient_maps = hash:/etc/postfix/relay_recipients

# INPUT RATE CONTROL
#in_flow_delay = 1s

# ADDRESS REWRITING
canonical_maps = hash:/etc/postfix/canonical

# ADDRESS REDIRECTION (VIRTUAL DOMAIN)

# "USER HAS MOVED" BOUNCE MESSAGES

# TRANSPORT MAP

# ALIAS DATABASE
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)
#recipient_delimiter = +

# DELIVERY TO MAILBOX
#home_mailbox = Mailbox
home_mailbox = Maildir/
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail

# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local

# JUNK MAIL CONTROLS
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks

# FAST ETRN SERVICE
#fast_flush_domains = $relay_domains

# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP

# PARALLEL DELIVERY TO THE SAME DESTINATION
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

# DEBUGGING CONTROL
debug_peer_level = 2
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

# debugger_command =
#    PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
#    echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
#    >$config_directory/$process_name.$process_id.log & sleep 5

# debugger_command =
#    PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
#    -dmS $process_name gdb $daemon_directory/$process_name
#    $process_id & sleep 1

# INSTALL-TIME CONFIGURATION INFORMATION
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no

disable_vrfy_command = yes

message_size_limit = 2097152

# TLS(openssl)
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail-server.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail-server.key
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

# postscreen
postscreen_access_list = permit_mynetworks,
    cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action= drop
postscreen_greet_action = enforce
postscreen_dnsbl_sites = all.rbl.jp=127.0.0.[2;4],
    zen.spamhaus.org=127.0.0.[2..7;10;11]
postscreen_dnsbl_action = enforce

○ Copyright(c) 528p.com All Rights Reserved.