Best

-------

systemctl enable --now postfix

systemctl restart postfix.service

#  dnf -y install mailx mutt postfix* nmap

# cd /etc/postfix

cp /etc/aliases /etc/postfix/aliases

touch body_checks

touch recipient_bcc

touch sender_bcc

touch block_attachments

cp /etc/postfix/main.cf /etc/postfix/main.cf.ORG

cp /etc/postfix/master.cf /etc/postfix/master.cf.ORG

# vi /etc/postfix/main.cf

135  # inet_interfaces = localhost

138  # inet_protocols = all

 inet_protocols = ipv4

183  # mydestination = $myhostname, localhost.$mydomain, localhost

405  #alias_maps = hash:/etc/aliases

416  #alias_database = hash:/etc/aliases

709 # smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem

715 # smtpd_tls_key_file = /etc/pki/tls/private/postfix.key

                             -----------------------------------

alias_database = hash:/etc/postfix/aliases

alias_maps = hash:/etc/postfix/aliases

transport_maps = hash:/etc/postfix/transport

virtual_maps = hash:/etc/postfix/virtual

virtual_alias_maps = hash:/etc/postfix/virtual

virtual_alias_domains = hash:/etc/postfix/virtual

header_checks = pcre:/etc/postfix/header_checks

mime_header_checks = pcre:/etc/postfix/block_attachments

body_checks = pcre:/etc/postfix/body_checks

sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

myhostname = mail.worldcm.tk

mydomain = worldcm.tk

myorigin = $mydomain

inet_interfaces = all

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydestination = $myhostname, localhost.$mydomain, $mydomain, worldcm.tk, mail.worldcm.tk, 192.168.80.7/32

mynetworks = 127.0.0.0/8, 192.168.80.0/23 

home_mailbox = Maildir/

message_size_limit = 50000000

smtpd_banner = $myhostname ESMTP

bounce_queue_lifetime = 1d

smtpd_helo_required = yes

disable_vrfy_command = yes

allow_mail_to_files = alias,forward,include

smtpd_delay_reject = yes

local_recipient_maps = unix:passwd.byname $alias_maps

### Amavis

#content_filter = amavisfeed:[127.0.0.1]:10024

#enable_original_recipient = no

masquerade_domains = worldcm.tk

#always_bcc = bkupmail

###SASL

smtpd_sasl_auth_enable = yes

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_authenticated_header = yes

###  SSL

smtpd_use_tls = yes

smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt

smtpd_tls_key_file = /etc/pki/tls/certs/server.key

smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

##SMTPD CLIENT RESTRICTIONS

smtpd_client_restrictions =

        permit_mynetworks,

        check_client_access,

        hash:/etc/postfix/access,

        reject_unauth_pipelining,

        permit_inet_interfaces

## SMTPD ETRN RESTRICTIONS

smtpd_etrn_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject

# SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        check_sender_access hash:/etc/postfix/access,

        reject_non_fqdn_sender,

        reject_unknown_sender_domain,

        reject_unauthenticated_sender_login_mismatch,

        reject_sender_login_mismatch,  

        reject_unlisted_sender,

        reject_unauth_pipelining,

        reject_non_fqdn_hostname,

        reject_unauth_destination

## SMTPD RECIPIENT RESTRICTIONS , 

smtpd_recipient_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        reject_invalid_hostname,

        check_recipient_access hash:/etc/postfix/access,

        check_client_access hash:/etc/postfix/access,

        check_sender_access hash:/etc/postfix/access,

        reject_unauth_pipelining,

        reject_non_fqdn_sender,

        reject_unknown_recipient_domain,

        reject_non_fqdn_recipient,

        reject_unknown_sender_domain,

        reject_unlisted_recipient,

        reject_multi_recipient_bounce,

reject_non_fqdn_hostname, 

        reject_rbl_client bl.spamcop.net,

        reject_rhsbl_client rhsbl.sorbs.net,

        reject_rbl_client cbl.abuseat.org,

        reject_rbl_client dnsbl.sorbs.net,

        reject_rhsbl_client in.dnsbl.org,

        reject_rhsbl_client ex.dnsbl.org,

       reject_rbl_client zen.spamhaus.org,

reject_rbl_client sbl-xbl.spamhaus.org,

reject_rbl_client dsn.rfc-ignorant.org,

       reject_rbl_client b.barracudacentral.org

# vi /etc/postfix/header_checks

/^Subject:/     WARN

/^User-Agent:/    IGNORE

/^From:.*<#.*@.*>/ REJECT

/^Return-Path:.*<#.*@.*>/ REJECT

/^Received: from 127.0.0.1/  IGNORE

--------