User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:configure-postfix [2025/03/05 19:30] willyemail:configure-postfix [2025/03/13 13:30] (current) – [Configuration: postfix] willy
Line 1: Line 1:
-====== Configuration: postfix ======+====== F) Configuration: postfix ======
  
 Postfix is the Mail Transfer Agent, the tool that actually **moves** your email messages from a the sender to the destination (recipient). It speak the Simple Mail Transport Protocol (SMTP) and it has some serious responsibilities which are: Postfix is the Mail Transfer Agent, the tool that actually **moves** your email messages from a the sender to the destination (recipient). It speak the Simple Mail Transport Protocol (SMTP) and it has some serious responsibilities which are:
Line 163: Line 163:
 smtpd_reject_unlisted_sender = yes smtpd_reject_unlisted_sender = yes
  
-# Client connection +# Client connection (do not put "reject" here or nobody will be able to send you emails) 
-smtpd_client_restrictions = permit_sasl_authenticated, reject+smtpd_client_restrictions = permit_sasl_authenticated
 # HELO / EHLO filtering # HELO / EHLO filtering
 smtpd_helo_restrictions = permit_sasl_authenticated, reject_unknown_helo_hostname smtpd_helo_restrictions = permit_sasl_authenticated, reject_unknown_helo_hostname
Line 173: Line 173:
 # DATA # DATA
 smtpd_data_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining
-RCPT TO: (after relay) add here spam checks (blacklists etc) +R *   smtpd_milters         = unix:/run/opendkim/opendkim.sock 
-smtpd_recipient_restrictions = permit_sasl_authenticated+   non_smtpd_milters = unix:/run/opendkim/opendkim.sockCPT TO: (after relay) add here spam checks (blacklists etc) 
 +smtpd_recipient_restrictions = permit_sasl_authenticated check_policy_service unix:private/policy-spf 
 + 
 +# OpenDKIM & OpenDMARC setup 
 +smtpd_milters     = unix:/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock 
 +non_smtpd_milters = unix:/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock 
 +milter_default_action = accept 
 </file> </file>
 +
  
  
Line 182: Line 190:
 The master.cf contains a list of the services (and ports) managed by Postfix on startup: The master.cf contains a list of the services (and ports) managed by Postfix on startup:
 <file - master.cf> <file - master.cf>
 +
 +# Port 25 listener
 smtp      inet  n                               smtpd smtp      inet  n                               smtpd
  
 +# Port 587 listener (STARTTLS)
 smtps      inet  n                               smtpd smtps      inet  n                               smtpd
    -o smtpd_tls_wrappermode=yes    -o smtpd_tls_wrappermode=yes
  
 +# Port 465 listener (pure TLS)
 submission inet n                               smtpd submission inet n                               smtpd
 +
 +# SPF inbound check filter
 +policy-spf  unix  -                               spawn
 +     user=nobody argv=/usr/bin/policyd-spf      
 +     
 pickup    fifo  n                   60      1       pickup pickup    fifo  n                   60      1       pickup
 cleanup   unix  n                               cleanup cleanup   unix  n                               cleanup