Block LINE

116  #inet_interfaces = localhost

164  #mydestination = $myhostname, localhost.$mydomain, localhost

386  #alias_maps = hash:/etc/aliases

397  #alias_database = hash:/etc/aliases

readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme

alias_database = hash:/etc/postfix/aliases

alias_maps = hash:/etc/postfix/aliases

transport_maps = hash:/etc/postfix/transport

virtual_maps = hash:/etc/postfix/virtual

virtual_alias_maps = hash:/etc/postfix/virtual

virtual_alias_domains = hash:/etc/postfix/virtual

body_checks = regexp:/etc/postfix/body_checks

header_checks = regexp:/etc/postfix/header_checks

#header_checks = pcre:/etc/postfix/header_checks.pcre

#body_checks = pcre:/etc/postfix/body_checks.pcre

                       OR

#header_checks = pcre:/etc/postfix/whitelist.pcre                    [whitelist.pcre]

sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

myhostname = mail.worldcm.net

mydomain = worldcm.net

myorigin = $mydomain

mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.worldcm.net,  worldcm.net, 103.182.196.218/32, 103.182.196.24/30

mynetworks = 127.0.0.0/8, 192.168.21.0/24,192.168.80.0/24,  275.29.177.8/29, 203.76.247.264/30, 275.29.177.0/30

inet_interfaces = all

home_mailbox = Maildir/

message_size_limit = 40000000

mailbox_size_limit = 2048000000

masquerade_domains = worldcm.net

#always_bcc = bkupmail

smtpd_banner = $myhostname ESMTP

smtp_send_xforward_command = yes

bounce_queue_lifetime = 1d

smtpd_helo_required = yes

disable_vrfy_command = yes

allow_mail_to_files = alias,forward,include

local_recipient_maps = unix:passwd.byname $alias_maps

#content_filter = smtp-amavis:127.0.0.1:10024

#receive_override_options = no_address_mappings           

#enable_original_recipient = no                                          

##shakil

smtpd_recipient_limit = 200

default_process_limit = 500

default_destination_concurrency_limit = 500

default_destination_recipient_limit = 100

maximal_queue_lifetime = 1d

queue_run_delay = 120s

maximal_backoff_time = 300s

minimal_backoff_time = 100s

#SASL

#smtpd_sasl_auth_enable = yes

#smtpd_sasl_type = dovecot

#smtpd_sasl_path = private/auth

#smtpd_sasl_security_options = noanonymous

#broken_sasl_auth_clients = yes

#smtpd_sasl_authenticated_header = yes

#SSL

#smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem

#smtpd_tls_key_file = /etc/ssl/private/postfix.pem

#BLOCK OUT_going MAIL

# SMTPD CLIENT RESTRICTIONS

smtpd_client_restrictions =

        permit_mynetworks,

#       permit_sasl_authenticated,

        check_client_access,

        hash:/etc/postfix/access,

        reject_unauth_pipelining,

        permit_inet_interfaces

#SMTPD ETRN RESTRICTIONS

smtpd_etrn_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject

# SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        check_sender_access hash:/etc/postfix/access,

        reject_non_fqdn_sender,

        reject_unknown_sender_domain,

         reject_unauthenticated_sender_login_mismatch,

         reject_sender_login_mismatch,

        reject_unlisted_sender,

        reject_unauth_pipelining,

        reject_non_fqdn_hostname,

        reject_unauth_destination

##### SMTPD RECIPIENT RESTRICTIONS , 

smtpd_recipient_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        reject_invalid_hostname,

        check_recipient_access hash:/etc/postfix/access,

        check_client_access hash:/etc/postfix/access,

        check_sender_access hash:/etc/postfix/access,

        reject_unauth_pipelining,

        reject_non_fqdn_sender,

        reject_unknown_recipient_domain,

        reject_non_fqdn_recipient,

        reject_unknown_sender_domain,

        reject_unlisted_recipient,

        reject_multi_recipient_bounce,

        reject_rbl_client bl.spamcop.net,

        reject_rhsbl_client rhsbl.sorbs.net,

        reject_rbl_client cbl.abuseat.org,

        reject_rhsbl_client in.dnsbl.org,

        reject_rhsbl_client ex.dnsbl.org,

       reject_rbl_client zen.spamhaus.org,

       reject_rbl_client b.barracudacentral.org,

       reject_rbl_client dnsbl.sorbs.net,

reject_rbl_client list.dsbl.org,

        reject_rbl_client sbl-xbl.spamhaus.org,

       reject_rbl_client dnsbl-1.uceprotect.net,

       reject_rbl_client dnsbl-3.uceprotect.net

#check_sender_access hash:/etc/postfix/check_backscatterer,

##14 May 11

mailbox_delivery_lock = flock, dotlock

mbox_read_locks = flock dotlock

mbox_write_locks = flock dotlock

data_directory = /var/lib/postfix

---------------------------------------------------------------------------

#SMTP restriction 

smtpd_client_message_rate_limit = 1000

smtpd_client_recipient_rate_limit = 1000

smtpd_client_connection_rate_limit = 1000

smtpd_junk_command_limit = 50

smtpd_policy_service_max_idle = 3600s

smtpd_policy_service_max_ttl = 3600s

--------------------------------------------------------------------

postfix  custom Adding Line

#receive_override_options = no_address_mappings            [ if duplicate mail come ]

#enable_original_recipient = no                                          [ if duplicate mail come ]

--------------------------------------------------------------------------------

default_destination_recipient_limit = 100

bounce_queue_lifetime = 1d

maximal_queue_lifetime = 1d

maximal_backoff_time = 300s

minimal_backoff_time = 100s

----------------------------------------------------------------------------------

##shakil

smtpd_recipient_limit = 200

default_process_limit = 500

default_destination_concurrency_limit = 500

default_destination_recipient_limit = 100

maximal_queue_lifetime = 1d

queue_run_delay = 120s

maximal_backoff_time = 300s

minimal_backoff_time = 100s

########################################################################

Configure Postfix To Listen Port 25 and Port 26/456 TCP Port

# vi /etc/postfix/master.cf

Line no: remove #

      15   #tlsproxy  unix  -       -       n       -       0       tlsproxy

     16   submission inet n       -       n       -       -       smtpd

     17   #  -o syslog_name=postfix/submission

     18   #  -o smtpd_tls_security_level=encrypt

     19      -o smtpd_sasl_auth_enable=yes

     20      -o smtpd_reject_unlisted_recipient=no

     21   #  -o smtpd_client_restrictions=$mua_client_restrictions

     22   #  -o smtpd_helo_restrictions=$mua_helo_restrictions

     23      -o smtpd_sender_restrictions=$mua_sender_restrictions

     24      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

     25   #  -o milter_macro_daemon_name=ORIGINATING

     26   smtps     inet  n       -       n       -       -       smtpd

     27   #  -o syslog_name=postfix/smtps

     28   #  -o smtpd_tls_wrappermode=yes

     29      -o smtpd_sasl_auth_enable=yes

     30      -o smtpd_reject_unlisted_recipient=no

     31   #  -o smtpd_client_restrictions=$mua_client_restrictions

     32   #  -o smtpd_helo_restrictions=$mua_helo_restrictions

     33   #  -o smtpd_sender_restrictions=$mua_sender_restrictions

     34      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

     35   #  -o milter_macro_daemon_name=ORIGINATING

     36   #628       inet  n       -       n       -       -       qmqpd

                                  -----------OR------

### add this line below under ###

smtp            inet  n          -        n       -        -       smtpd                            [ line 11 ] 

465       inet  n       -       n       -       -       smtpd

#postfix reload

#postmap master.cf

#postmap main.cf

#service postfix restart

------------------------------------------------------------

Tuning the number of Postfix processes

/etc/postfix/master.cf:     # ====================================================================     # service type  private unpriv  chroot  wakeup  maxproc command + args     #               (yes)   (yes)   (yes)   (never) (100)     # ====================================================================     . . .     smtp      inet  n       -       -       -       10      smtpd

--------------------------------------------------------------

smtpd_recipient_limit = 300

default_process_limit = 300

default_destination_concurrency_limit = 200

---------------------------------------------------------------------------------------------

Comments from Brad Knowles

default_destination_concurrency_limit=50  default_destination_recipient_limit=50  default_process_limit=200  smtp_mx_session_limit=100  smtpd_client_connection_count_limit=100  smtp_destination_concurrency_limit=100  maximal_backoff_time = 1000s  minimal_backoff_time = 300s

#######################################################################

                                         # yum -y install cyrus-sasl

SASL Conf Dovicote

# vi /etc/dovecot/conf.d/10-master.conf

     75   service auth {

     76   # auth_socket_path points to this userdb socket by default. It's typically

     77   # used by dovecot-lda, doveadm, possibly imap process, etc. Its default

     78   # permissions make it readable only by root, but you may need to relax these

     79   # permissions. Users that have access to this socket are able to get a list

     80   # of all usernames and get results of everyone's userdb lookups.

     81   unix_listener auth-userdb {

     82     #mode = 0600

     83     #user =

     84     #group =

     85   }

     86 

     87   # Postfix smtp-auth

     88     unix_listener /var/spool/postfix/private/auth {

     89     mode = 0666

     90     user = postfix

     91     group = postfix

     92   }

     93