- config file:
/etc/postfix/main.cf
# mail hostname, should be unique and not the same as other parameter
myhostname = mx01.liamlamth.com
# accepted domain which treat this server as final destination
# priority: 4
mydestination = $myhostname, localhost.$mydomain, localhost, hash:/etc/postfix/relay_domains
liamlamth.com ok
liam.com ok
# denied smart host relay
mynetworks_style = host
# all email will transport to the host (lower priority than transport_map
# priority: 5
#relayhost = 192.168.0.100
header_checks = regexp:/etc/postfix/header_checks
# display subject in maillog, please note that some email is using encoded subject
# tamper/redirect mail
/^Subject:/ WARN
/.*From:.*[email protected].*/ REDIRECT [email protected]
# harden security
disable_vrfy_command=yes
smtpd_helo_required=yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
# mail size restriction (50mb)
message_size_limit = 56320000
mailbox_size_limit = 112640000
# reject email address/domains
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
[email protected] reject
attacker.com reject
# remap recipient address without modifying the recipient address header
# priority: 1
virtual_alias_maps = hash:/etc/postfix/virtual
[email protected] [email protected]
# accepted domain, email that recipients doesn’t matched the specified domain will be rejected with error: relay access denied
# priority: 2
relay_domains = hash:/etc/postfix/relay_domains
liamlamth.com ok
liam.com ok
# only accept email with recipients that matched the relay_recipient_maps
# priority: 2
relay_recipient_maps = hash:/etc/postfix/virtual
[email protected] [email protected]
# transfer mail to specified smtp server by specified recipient domain
# priority: 3
transport_maps = hash:/etc/postfix/transport
goldpartners.com.cn smtp:192.168.0.1
# bcc to all mail
#always_bcc = [email protected]
# add bcc to some mail
#sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps
[email protected] [email protected]
[email protected] [email protected]
# tls for recieving email
smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
# in /etc/postfix/tls
$ openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650 -newkey rsa:2048
Country Name (2 letter code) [XX]:HK
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Hong Kong
Organization Name (eg, company) [Default Company Ltd]:GPCH
Organizational Unit Name (eg, section) []:Organization
Common Name (eg, your name or your server's hostname) []:gpch.myvnc.com
Email Address []: