main.cf
--
# vi /etc/postfix/main.cf
alias_database = hash:/etc/postfix/aliasesalias_maps = hash:/etc/postfix/aliasestransport_maps = hash:/etc/postfix/transportvirtual_maps = hash:/etc/postfix/virtualvirtual_alias_maps = hash:/etc/postfix/virtualvirtual_alias_domains = hash:/etc/postfix/virtualheader_checks = pcre:/etc/postfix/header_checks# header_checks = regexp:/etc/postfix/header_checksmime_header_checks = pcre:/etc/postfix/block_attachments# mime_header_checks = regexp:/etc/postfix/block_attachmentsbody_checks = pcre:/etc/postfix/body_checks# body_checks = regexp:/etc/postfix/body_checkssender_bcc_maps = hash:/etc/postfix/sender_bccrecipient_bcc_maps = hash:/etc/postfix/recipient_bccmyhostname = mail.worldcm.netmydomain = worldcm.netmyorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain# mydestination = $myhostname, localhost.$mydomain, $mydomain, worldcm.net, mail.worldcm.net, 101.291.161.141/32#mynetworks = 127.0.0.0/8, 192.168.0.0/16, [::1]/128mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128
inet_interfaces = allhome_mailbox = Maildir/message_size_limit = 50000000mailbox_size_limit = 7224000000
#masquerade_domains = worldcm.netsmtpd_banner = $myhostname ESMTP#always_bcc = bkupmail
bounce_queue_lifetime = 1dsmtpd_helo_required = yesdisable_vrfy_command = yesallow_mail_to_files = alias,forward,includelocal_recipient_maps = unix:passwd.byname $alias_maps
#content_filter = smtp-amavis:127.0.0.1:10024#receive_override_options = no_address_mappings enable_original_recipient = no
##3SASLsmtpd_sasl_auth_enable = yessmtpd_sasl_type = dovecotsmtpd_sasl_path = private/authsmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_sasl_authenticated_header = yes
##SSLsmtpd_use_tls = yessmtpd_tls_cert_file = /etc/pki/tls/certs/server.crtsmtpd_tls_key_file = /etc/pki/tls/certs/server.keysmtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
####-SSL#smtpd_tls_security_level = may#smtpd_tls_auth_only = yes#smtpd_tls_key_file = /etc/postfix/ssl/postfix.key#smtpd_tls_cert_file = /etc/postfix/ssl/postfix.crt#smtpd_tls_loglevel = 0#smtpd_tls_received_header = yes#smtpd_tls_session_cache_timeout = 3600s#tls_random_source = dev:/dev/urandom
###-----Group Email restricted###----SENDING OUT RESTRICTIONSsmtpd_restriction_classes = insiders_only, local_onlyinsiders_only = check_sender_access hash:/etc/postfix/allowed-users, rejectlocal_only = check_recipient_access hash:/etc/postfix/local_domains, reject
###SMTPD CLIENT RESTRICTIONSsmtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_unauth_pipelining, permit_inet_interfaces
###SMTPD ETRN RESTRICTIONSsmtpd_etrn_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
######Faruqsmtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, permit
### SMTPD SENDER RESTRICTIONSsmtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/access, reject_unauthenticated_sender_login_mismatch, reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, reject_unauth_pipelining, reject_non_fqdn_hostname, reject_unauth_destination
##### SMTPD RECIPIENT RESTRICTIONS smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/restricted-mail-groups, check_sender_access hash:/etc/postfix/restricted_senders, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, check_recipient_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unlisted_recipient, reject_multi_recipient_bounce, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, # reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client b.barracudacentral.org, reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99]
smtpd_recipient_restrictions =
...
reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99], reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99], warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]
Where:
rhs stands for right-hand side, i.e, the domain name.
reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted.
reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is blacklisted, reject the email.
reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted.
reject_rbl_client: This is an IP-based blacklist. When the client IP address is blacklisted, reject the email.
#############################################################################################
-- -------- karnaF------RBL BEST------------smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access hash:/etc/postfix/restricted-mail-groups, check_sender_access hash:/etc/postfix/restricted_senders, reject_unauth_destination, reject_invalid_hostname, check_recipient_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unlisted_recipient, reject_multi_recipient_bounce, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dsn.rfc-ignorant.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net
OLD
reject_rbl_client list.dsbl.org,
#############################
systemctl enable postfix
systemctl restart postfix
-------------------------------------------
# vi /etc/postfix/header_checks
/^Subject:/ WARN
/^User-Agent:/ IGNORE/^X-Mailer:/ IGNORE/^X-Originating-IP:/ IGNORE
# Sample For Dropping Headers: #/^Header: IfContains/ IGNORE/^Received:/ IGNORE/^Message-ID:/ IGNORE/^X-MimeOLE:/ IGNORE/^X-MSMail-Priority:/ IGNORE
/^Received:.*with ESMTPSA/ IGNORE/^From:.*<#.*@.*>/ REJECT/^Return-Path:.*<#.*@.*>/ REJECT/^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ IGNORE/mc.net/ REDIRECT junkmail@worldcm.net
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^x-cr-[a-z]*:/ IGNORE
/^Thread-Index:/ IGNORE
Headers check
/etc/postfix/header_checks
cat /etc/postfix/header_checks
/^Received:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE/^X-Originating-IP:/ IGNORE /^x-cr-[a-z]*:/ IGNORE /^Thread-Index:/ IGNORE/Payment status/ REDIRECT junk.mail@worldcm.net
# vi /etc/postfix/body_checks
### allow pflogsumm reports through postfix (body_checks file) ###
/^ {6,11}[[:digit:]]{1,6}[ km]/ OK# Requires PCRE version 3.~^[[:alnum:]+/]{60,}$~ OK/^[A-Za-z0-9+\/=]{4,76}$/ OK/^ {4}blocked using/ OK# vi /etc/postfix/aliases
all: :include:/etc/postfix/all
sales: sales,babul,mosharraf,apon
# vi /etc/postfix/virtual
kalam@worldcm.net kalam@gsuite.worldcm.net
# vi /etc/postfix/access
####------ -Cloud--------------####
gmail.com OKgoogle.com OKhotmail.com OKyahoo.com OKaol.com OKoutlook.com OKlive.com OKmicrosoft.com OKaccesstel.net OK178.238.235.73 OK173.249.38.32 OK5.189.129.215 OK--