arquivo de configuração do Postfix com restrições por cabeçalho, corpo, restrição de envio para usuários do próprio dominio, relay fechado, restrição por envio e recebimento de arquivos com extensões supeitas de virus, configuração para o amavis, tudo comentado por mim em portugues.
###############################################################################
###############################SOFT BOUNCE#####################################
###############################################################################
# Parametro utilizado quando se configura um antivirus para email.
soft_bounce = yes
#Localização de todos os comandos do Postix
command_directory = /usr/sbin
#Localização de todos deamons do Postfix (Definidos no master.cf)
daemon_directory = /usr/lib/postfix
# Usuário responsável pela queue Postfix e por grande parte dos deamons. Use um usuário exclusivo para essa definição.
default_privs = tiago
default_privs = tiago
#Nome dos servidores e nome da maquina que é servidor
#Nome da máquina que funciona como servidor de email
#myhostname = hostname
# Dominio ao qual a máquina pertence.
#mydomain = domainname
###############################################################################
################################SENDING MAIL###################################
###############################################################################
# Domínio que deve ser anexado aos cabeçalhos de emails que são recebidos e/ou enviados pelo MTA.
###############################################################################
################################RECEIVING MAIL#################################
###############################################################################
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
#Lista de domínios que o servidor é o responsável pelo destino final.
#mydestination = $myhostname, localhost.$mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
###############################################################################
#####################REJECTING MAIL FOR UNKNOWN LOCAL USERS####################
###############################################################################
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# Unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450
###############################################################################
########################TRUST AND RELAY CONTROL################################
###############################################################################
# Lista de endereços que tem permissões de enviar emails (relays) através do Postfix. Existem duas maneiras de definir isso, manualmente (através de mynetworks) ou automaticamente(mynetworks_style).
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Definição manual de endereços que tem permissões de enviar emails (relay)atraves do postfix.
mynetworks = 192.168.201.0/24, 192.168.202.0/24, 127.0.0.0/8,
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
#Quais destinos (dominios) serão aceitos para serem processados. Por padrão o Postfix tem relay para:
# – Clientes confiáveis (especificados por $mynetworks ou $mynetworks_style) para qualquer destino.
# – De qualquer origem, clientes não-confiáveis, para os destinos especificados por relay_domains. O valor padrão deste parametro é mydestination.
#
relay_domains = $mydestination, curimbaba.com.br
# Maquina padrão para ser enviada um email não local quando nenhuma entrada é encontrada na tabela opcional transport(5). Quando não definido, os emails localmente repassando isso para o servidor de email do ISP, por exemplo.
#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
#in_flow_delay = 1s
###############################################################################
############################ALIAS##############################################
###############################################################################
# Uma característica bastante importante do sistema de correio eletrônico está na possibilidade de criar aliases. Isso permite que o usuário tenha uma série de apelidos para a sua caixa postal.
#Alias_map especifica o arquivo responsável pela base de dados de alias usados pelo MTA para entregar os emails
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/postfix/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# Base de dados para a entrega feita por local(8), podendo ser atualizada através do comando “newaliases”. Isso é um parametro de configuração a parte, pois nem todas as tabelas especificadas em alias_map são arquivos locais.
#alias_database = dbm:/etc/aliases
alias_database = hash:/etc/postfix/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
###############################################################################
########################DELIVERY TO MAILBOX####################################
###############################################################################
# Parametro opcional que define o path do arquivo de mailboxes relativo ao home dir dos usuários. Implementa o estilo de mailbo chamado de Maildir
#home_mailbox = maildir/
mailbox_command = /usr/bin/procmail
#mailbox_command = /some/where/procmail -a “$EXTENSION”
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
###############################################################################
##############################FAST ETRN SERVICE################################
###############################################################################
# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
# Nível de debug
debug_peer_level = 2
# Parâmetros para o debug
#debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
# xxgdb $daemon_directory/$process_name $process_id & sleep 5
# Caminho do Sendmail
sendmail_path = /usr/sbin/sendmail
# Caminho do Newaliases
newaliases_path = /usr/bin/newaliases
# Caminho do Mailq
mailq_path = /usr/bin/mailq
# Grupo do Postfix
setgid_group = postdrop
# Diretório do Manual
manpage_directory = /usr/local/man
# Diretório de Exemplos
sample_directory = /etc/postfix/sample
readme_directory = no
#smtpd_sasl_auth_enable = yes
# Tamanho da caixa do usuário ( 50 Megas )
mailbox_size_limit = 51200000
# Tamanho máximo da mensagem (5/ 10 Megas ) 10=10240000
message_size_limit = 10240000
# Número máximo de destinatários no mesmo e-mail
smtpd_recipient_limit = 2500
# Respeita RFC 821 – MAIL FROM e RCPT TO
strict_rfc821_envelopes = yes
# Ativo checagem de helo
smtpd_helo_required = yes
# Desabilitada VRFY
disable_vrfy_command = yes
# Habilita requisição de HELO/EHLO
smtpd_helo_required = yes
###############################################################################
###############################Listas de RBL###################################
###############################################################################
#Obs.: Utilizar com cuidado as listas, pois algumas bloqueiam e-mails do Brasil. Mais informações em: http://www.dnsstuff.com
maps_rbl_domains = relays.ordb.org, list.dsbl.org, dun.dnsrbl.net, spam.dnsrbl.net
###############################################################################
######################RESTRIÇOES DE CLIENTES###################################
###############################################################################
# Restricão do cliente – Após o aceite da conexao SMTP
# Opção de restrição a nível de requisição de conexões de clientes SMTP. O padrão do Postfix é aceitar tudo.
smtpd_client_restrictions =
# Checa conteúdo do CLIENT_ACCESS
#check_client_access hash:/etc/postfix/client_access,
# Permite “mynetwork”
permit_mynetworks,
# Permite conteudo do ACCESS
#hash:/etc/postfix/access,
# Quando não há entrada PTR do IP
reject_unknown_client,
# Bloqueio de dominios inválidos
reject_unknown_sender_domain,
# Bloqueio comando para forçar entrega
#reject_unauth_pipelining,
# Bloqueia IP’s listados em RBL
reject_rbl_client maps_rbl_domains
###############################################################################
##########################RESTRIÇOES DE HELO###################################
###############################################################################
# Restricão durante comando HELO/EHLO
smtpd_helo_restrictions =
# Permite “mynetwork”
permit_mynetworks,
# # Quando não é informado o hostname
reject_invalid_hostname,
# # Quando não existe entrada DNS A ou MX
reject_unknown_hostname,
# # Quando o hostname não apresenta hostname válido
reject_non_fqdn_hostname,
# # Bloqueio comando para forçar entrega
reject_unauth_pipelining,
# # Bloqueia IP’s listados em RBL
reject_rbl_client maps_rbl_domains
###############################################################################
######################RESTRICAO DE ENVIO(SENDER)###############################
###############################################################################
# Restriçoes opcionais que o Postfix aplica no valor definido no comando mail from. O padrão é permitir tudo.
#smtpd_sender_restrictions =
# Permite “mynetwork”
# permit_mynetworks,
# Permite conteudo do ACCESS
# Procura por especificações feitas em uma base para o endereço,o dominio etc
# check_sender_access hash:/etc/postfix/access
# Bloqueio quando não existe entrada DNS A ou MX
# Rejeita a requisição quando o dominio especificado em MAIL FROM não tem um registro DNS A ou MX e o postfix
# não é o destino final para o remetente.
# reject_unknown_sender_domain,
# Quando o hostname não apresenta hostname válido
# Rejeita a requisição quando o dominio especificado em MAIL FROM não estiver em FQDN, conforme a RFC.
# reject_non_fqdn_sender,
# Bloqueio comando para forçar entrega.
# reject_unauth_pipelining
###############################################################################
########################RESTRIÇÃO DE ENVIO POR USUARIO#########################
###############################################################################
#smtpd_restriction_classes = dominios_restritos
#dominios_restritos = check_sender_access hash:/etc/postfix/dominios_restritos, reject
###############################################################################
###################RESTRIÇÃO APLICADA AO RCP TO################################
###############################################################################
# Restricão aplicada no RCPT TO
# Restrições opcionais do Postfix no que diz respeito a valores do campo RCPT_TO. Por padrão são definidos o
#smtpd_recipient_restrictions =
# Restricao de envio por usuario
# hash:/etc/postfix/usuarios_restritos
# Permite “mynetwork”
# permit_mynetworks
# Permite conteúdo do ACCESS
# permit network e reject_unauth_destination
# check_sender_access hash:/etc/postfix/access,
# Bloqueia quando não existe entrada DNS A ou MX
# reject_unknown_recipient_domain,
# Quando o hostname não apresenta hostname válido
# reject_non_fqdn_recipient,
# Bloqueio comando para forçar entrega
# reject_unauth_pipelining
###############################################################################
########################BLOQUEIO POR ASSUNTO E ANEXO###########################
###############################################################################
#Bloqueio por Assunto
header_checks = pcre:/etc/postfix/header_checks
#mime_header_checks = $header_checks
#nested_header_checks = $header_checks
###############################################################################
##########################Bloqueio por Conteúdo################################
###############################################################################
#body_checks = pcre:/etc/postfix/body_checks
#body_checks = hash:/etc/postfix/corpo
# Verifica os 50 K inicais
#body_checks_size_limit = 51200
## Outros comandos
# Todos os e-mails que chegam irão para e-mail abaixo
#always_bcc = email@meudominio.com.br
# Tamanho da mensagem de erro
# Tamanho máximo do HEADER aceito
# Entrega de e-mails para mesmo destino
smtp_destination_concurrency_limit = 20
#Tempo de reenvio de mensagem em fila
fast_flush_refresh_time = 12h
# Tempo de deleção de mensagem em fila
fast_flush_purge_time = 1d
# Tempo de mensagem em fila
maximal_queue_lifetime = 240m
###############################################################################
###############################VIRUS SCANNER###################################
###############################################################################
content_filter=smtp-amavis:[127.0.0.1]:10024
###############################################################################
##########################OPCOES DE TRANSPORTE#################################
###############################################################################
transport_maps = hash:/etc/postfix/transport
###############################################################################
###############RESTRIÇÃO DE ENVIO PARA ALGUNS USUARIOS#########################
###############################################################################
#Restrição de envio para usuários contidos em restricted_senders e libera apenas para dominios contidos em local_domain
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders,
permit_mynetworks,
check_relay_domains
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
http://www.vivaolinux.com.br/etc/main.cf-tiagodge/