main.cf

--

# vi /etc/postfix/main.cf

alias_database = hash:/etc/postfix/aliasesalias_maps = hash:/etc/postfix/aliasestransport_maps = hash:/etc/postfix/transportvirtual_maps = hash:/etc/postfix/virtualvirtual_alias_maps = hash:/etc/postfix/virtualvirtual_alias_domains = hash:/etc/postfix/virtualheader_checks = pcre:/etc/postfix/header_checks# header_checks = regexp:/etc/postfix/header_checksmime_header_checks = pcre:/etc/postfix/block_attachments# mime_header_checks = regexp:/etc/postfix/block_attachmentsbody_checks = pcre:/etc/postfix/body_checks# body_checks = regexp:/etc/postfix/body_checkssender_bcc_maps = hash:/etc/postfix/sender_bccrecipient_bcc_maps = hash:/etc/postfix/recipient_bcc
myhostname = mail.worldcm.netmydomain = worldcm.netmyorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain# mydestination = $myhostname, localhost.$mydomain, $mydomain, worldcm.net, mail.worldcm.net, 101.291.161.141/32#mynetworks = 127.0.0.0/8, 192.168.0.0/16, [::1]/128mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128
inet_interfaces = allhome_mailbox = Maildir/message_size_limit = 50000000mailbox_size_limit = 7224000000
#masquerade_domains = worldcm.netsmtpd_banner = $myhostname ESMTP#always_bcc = bkupmail
bounce_queue_lifetime = 1dsmtpd_helo_required = yesdisable_vrfy_command = yesallow_mail_to_files = alias,forward,includelocal_recipient_maps = unix:passwd.byname $alias_maps
#content_filter = smtp-amavis:127.0.0.1:10024#receive_override_options = no_address_mappings           enable_original_recipient = no
##3SASLsmtpd_sasl_auth_enable = yessmtpd_sasl_type = dovecotsmtpd_sasl_path = private/authsmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_sasl_authenticated_header = yes
##SSLsmtpd_use_tls = yessmtpd_tls_cert_file = /etc/pki/tls/certs/server.crtsmtpd_tls_key_file = /etc/pki/tls/certs/server.keysmtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
####-SSL#smtpd_tls_security_level = may#smtpd_tls_auth_only = yes#smtpd_tls_key_file = /etc/postfix/ssl/postfix.key#smtpd_tls_cert_file = /etc/postfix/ssl/postfix.crt#smtpd_tls_loglevel = 0#smtpd_tls_received_header = yes#smtpd_tls_session_cache_timeout = 3600s#tls_random_source = dev:/dev/urandom

###-----Group Email restricted###----SENDING OUT RESTRICTIONSsmtpd_restriction_classes = insiders_only, local_onlyinsiders_only = check_sender_access hash:/etc/postfix/allowed-users, rejectlocal_only = check_recipient_access hash:/etc/postfix/local_domains, reject

###SMTPD CLIENT RESTRICTIONSsmtpd_client_restrictions =        permit_mynetworks,        check_client_access hash:/etc/postfix/access,        reject_unauth_pipelining,        permit_inet_interfaces

###SMTPD ETRN RESTRICTIONSsmtpd_etrn_restrictions =        permit_mynetworks,        permit_sasl_authenticated,        reject

######Faruqsmtpd_helo_restrictions = permit_mynetworks,     permit_sasl_authenticated,     reject_non_fqdn_hostname,     reject_invalid_hostname,     permit

### SMTPD SENDER RESTRICTIONSsmtpd_sender_restrictions =        check_sender_access hash:/etc/postfix/restricted_senders,        permit_mynetworks,        permit_sasl_authenticated,        check_sender_access hash:/etc/postfix/access,        reject_unauthenticated_sender_login_mismatch,        reject_sender_login_mismatch,          reject_non_fqdn_sender,        reject_unknown_sender_domain,        reject_unlisted_sender,        reject_unauth_pipelining,        reject_non_fqdn_hostname,        reject_unauth_destination

##### SMTPD RECIPIENT RESTRICTIONS smtpd_recipient_restrictions =        check_recipient_access hash:/etc/postfix/restricted-mail-groups,        check_sender_access hash:/etc/postfix/restricted_senders,        permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,        reject_invalid_hostname,        check_recipient_access hash:/etc/postfix/access,        check_client_access hash:/etc/postfix/access,        check_sender_access hash:/etc/postfix/access,        reject_unauth_pipelining,        reject_non_fqdn_sender,        reject_unknown_recipient_domain,        reject_non_fqdn_recipient,        reject_unknown_sender_domain,        reject_unlisted_recipient,        reject_multi_recipient_bounce,        reject_rbl_client list.dsbl.org,        reject_rbl_client bl.spamcop.net,        reject_rhsbl_client rhsbl.sorbs.net,        reject_rbl_client dnsbl.sorbs.net,                     # reject_rbl_client sbl-xbl.spamhaus.org,        reject_rbl_client dsn.rfc-ignorant.org,        reject_rbl_client b.barracudacentral.org,        reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],        reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],        reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99]

smtpd_recipient_restrictions =

...

reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99], warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]

Where:

- rhs stands for right-hand side, i.e, the domain name.
- reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted.
- reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is blacklisted, reject the email.
- reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted.
- reject_rbl_client: This is an IP-based blacklist. When the client IP address is blacklisted, reject the email.

#############################################################################################

-- -------- karnaF------RBL BEST------------
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access hash:/etc/postfix/restricted-mail-groups, check_sender_access hash:/etc/postfix/restricted_senders, reject_unauth_destination, reject_invalid_hostname, check_recipient_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unlisted_recipient, reject_multi_recipient_bounce, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dsn.rfc-ignorant.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net

OLD
reject_rbl_client list.dsbl.org,

reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dsn.rfc-ignorant.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net

#############################

systemctl enable postfix

systemctl restart postfix

-------------------------------------------

# vi /etc/postfix/header_checks

/^Subject:/ WARN

/^User-Agent:/ IGNORE/^X-Mailer:/ IGNORE/^X-Originating-IP:/ IGNORE
# Sample For Dropping Headers: #/^Header: IfContains/ IGNORE/^Received:/ IGNORE/^Message-ID:/ IGNORE/^X-MimeOLE:/ IGNORE/^X-MSMail-Priority:/ IGNORE
/^Received:.*with ESMTPSA/ IGNORE/^From:.*<#.*@.*>/ REJECT/^Return-Path:.*<#.*@.*>/ REJECT/^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ IGNORE/mc.net/ REDIRECT junkmail@worldcm.net

/^User-Agent:/ IGNORE/^From:.*<#.*@.*>/ REJECT/^Return-Path:.*<#.*@.*>/ REJECT

/^Received:/ IGNORE

/^X-Originating-IP:/ IGNORE

/^x-cr-[a-z]*:/ IGNORE

/^Thread-Index:/ IGNORE

Headers check

- /etc/postfix/header_checks

cat /etc/postfix/header_checks

/^Received:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE/^X-Originating-IP:/ IGNORE /^x-cr-[a-z]*:/ IGNORE /^Thread-Index:/ IGNORE

/Payment status/ REDIRECT junk.mail@worldcm.net

# vi /etc/postfix/body_checks

### allow pflogsumm reports through postfix (body_checks file) ###

/^ {6,11}[[:digit:]]{1,6}[ km]/ OK# Requires PCRE version 3.~^[[:alnum:]+/]{60,}$~ OK/^[A-Za-z0-9+\/=]{4,76}$/ OK/^ {4}blocked using/ OK

# vi /etc/postfix/aliases

all: :include:/etc/postfix/all

sales: sales,babul,mosharraf,apon

# vi /etc/postfix/virtual

kalam@worldcm.net kalam@gsuite.worldcm.net

# vi /etc/postfix/access

####------ -Cloud--------------####

gmail.com OKgoogle.com OKhotmail.com OKyahoo.com OKaol.com OKoutlook.com OKlive.com OKmicrosoft.com OKaccesstel.net OK178.238.235.73 OK173.249.38.32 OK5.189.129.215 OK

--