postfix 7
--------@-- -----------
[root@mail ~]# useradd -m u1 -s /sbin/nologin
[root@mail ~]# passwd u1
useradd -m -p VCX97jg6iZebc -s /sbin/nologin accesstel
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u1
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin u2
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusalert
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin virusmails
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spamalert
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin spam.police
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin sys_admin
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin inmail
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin outmail
useradd -m -p 4w5yRzfvfQFAI -s /sbin/nologin junkmail
cd /etc/postfix
cp /etc/aliases /etc/postfix/aliases
touch body_checks
touch recipient_bcc
touch sender_bcc
touch block_attachments
cp main.cf main.cf.ORG
cp master.cf master.cf.ORG
cp aliases aliases.ORG
Block # LINE main.cf
116 #inet_interfaces = localhost
119 # inet_protocols = all
inet_protocols = ipv4
164 #mydestination = $myhostname, localhost.$mydomain, localhost
386 #alias_maps = hash:/etc/aliases
397 #alias_database = hash:/etc/aliases
inet_protocols = ipv4
[root@mail ~]# vi /etc/postfix/main.cf [SASL]
myhostname = mail.worldcm.net
mydomain = worldcm.net
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# mydestination = $myhostname, localhost.$mydomain, $mydomain,mail.$mydomain, www.$mydomain
mynetworks = 127.0.0.0/8, 10.0.0.0/24, [::1]/128
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP
message_size_limit = 10485760
mailbox_size_limit = 1073741824
# for SMTP-Auth
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
[root@mail ~]# systemctl restart postfix
[root@mail ~]# systemctl enable postfix
SASLAUTHD-----SASL
[root@mail ~]# systemctl start saslauthd
[root@mail ~]# systemctl enable saslauthd
Created symlink from /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.
[root@mail ~]# systemctl restart saslauthd
--------------**********************************************
strict_rfc821_envelopes = yes
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unverified_recipient_reject_code = 554
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
permit
---------------------------------------------------------------------------------------------------------
Details Configuration
# vi /etc/postfix/main.cf --------------Self certificate----SSL
#
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
transport_maps = hash:/etc/postfix/transport
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
#virtual_alias_domains = hash:/etc/postfix/virtual
#body_checks = regexp:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
#header_checks = pcre:/etc/postfix/whitelist.pcre
#sender_bcc_maps = hash:/etc/postfix/sender_bcc
#recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
myhostname = mail.worldcm.net
mydomain = worldcm.net
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.worldcm.net, worldcm.net, 192.168.80.82/32
mynetworks = 127.0.0.0/8, [::1]/128
inet_interfaces = all
home_mailbox = Maildir/
message_size_limit = 40000000
mailbox_size_limit = 7224000000
enable_original_recipient = no #[duplicate e-mails]
# masquerade_domains = worldcm.net
smtpd_banner = $myhostname ESMTP
#always_bcc = bkupmail
smtp_send_xforward_command = yes:wq
bounce_queue_lifetime = 1d
smtpd_helo_required = yes
disable_vrfy_command = yes
allow_mail_to_files = alias,forward,include
local_recipient_maps = unix:passwd.byname $alias_maps
# SASL
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# SSL/TLS
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/postfix.key
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
# vi /etc/postfix/main.cf -----Server World---------
-----
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
transport_maps = hash:/etc/postfix/transport
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
body_checks = regexp:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/block_attachments
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
#header_checks = pcre:/etc/postfix/whitelist.pcre
myhostname = mail.worldcm.net
mydomain = worldcm.net
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.worldcm.net, worldcm.net, 192.168.80.82/32
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 192.168.80.0/23, [::1]/128
inet_interfaces = all
home_mailbox = Maildir/
message_size_limit = 40000000
mailbox_size_limit = 7224000000
#masquerade_domains = worldcm.net
smtpd_banner = $myhostname ESMTP
#always_bcc = bkupmail
#smtp_send_xforward_command = yes:wq
bounce_queue_lifetime = 1d
smtpd_helo_required = yes
disable_vrfy_command = yes
#### Faruq
smtpd_delay_reject = yes
allow_mail_to_files = alias,forward,include
local_recipient_maps = unix:passwd.byname $alias_maps
#content_filter = smtp-amavis:127.0.0.1:10024
#receive_override_options = no_address_mappings
enable_original_recipient = no #[duplicate e-mails]
##SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
##SSL
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
#SMTPD CLIENT RESTRICTIONS
smtpd_client_restrictions =
permit_mynetworks,
# permit_sasl_authenticated,
check_client_access,
hash:/etc/postfix/access,
reject_unauth_pipelining,
permit_inet_interfaces
#SMTPD ETRN RESTRICTIONS
smtpd_etrn_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject
# SMTPD SENDER RESTRICTIONS
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauthenticated_sender_login_mismatch,
reject_sender_login_mismatch,
reject_unlisted_sender,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_unauth_destination
######Faruq
#smtpd_helo_restrictions = permit_mynetworks,
# permit_sasl_authenticated,
# reject_non_fqdn_hostname,
# reject_invalid_hostname,
# regexp: /etc/postfix/helo.regexp,
# permit
##### SMTPD RECIPIENT RESTRICTIONS ,
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
check_recipient_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/access,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
# reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_unlisted_recipient,
reject_multi_recipient_bounce,
reject_rbl_client dnsbl.inps.de,
reject_rhsbl_client rhsbl.sorbs.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rhsbl_client in.dnsbl.org,
reject_rhsbl_client ex.dnsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsbl-3.uceprotect.net
[root@mail ~]# systemctl restart postfix
[root@mail ~]# systemctl enable postfix
# touch /etc/postfix/helo.regexp
Create /etc/postfix/helo.regexp and set contents to:
/^subdomain\.host\.com$/ 550 Don't use my own hostname /^xxx\.yyy\.zzz\.xxx$/ 550 Don't use my own IP address /^\[xxx\.yyy\.zzz\.xxx\]$/ 550 Don't use my own IP address /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant /^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant
----------------------------------------------------------
# vi /etc/postfix/header_checks
/^Subject:/ WARN
/^User-Agent:/ IGNORE
/^From:.*<#.*@.*>/ REJECT
/^Return-Path:.*<#.*@.*>/ REJECT
/^Received: from 127.0.0.1/ IGNORE
SASL
# vi master.cf
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
________________________________________________________________________
Upload file size in webmail:
# vi /etc/php.ini
memory_limit = 512M; upload_max_filesize = 30M; post_max_size = 70M;
date.timezone = Asia/Dhaka
LOGO Change
cd /usr/share/squirrelmail/images
/usr/share/squirrelmail/config/conf.pl
Squirrelmail Index configure
#vi /etc/squirrelmail/config.php
$org_logo_width = '150';
$org_logo_height = '100';
------