aDBTSuGu

· 6 years ago · Sep 24, 2019, 07:48 AM
1# Introduction
2## Configuration files
3On Debian (and probably on derivatives like Ubuntu Server), postfix configuration files are spread across several files :
4* transport
5* master.cf
6* transport.cf
7* main.cf
8
9# Configuration
10## main.cf
11### TLS parameters
12You want TLS activated so that communication between your MTA and other TLS-activated MTA's on the Internet are encrypted.
13
14smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
15smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
16smtpd_use_tls=yes
17smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
18smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
19
20### Rate limiting
21If you are sending large amount of mails at once (f.i. with a mailing list server), you may want to rate-limit your outgoing mails.
22I suggest to use three settings : standard, polite and turtle. Monitor your logs to know whether recipient mail servers complaint about mails having too recipients or being sent too fast (error codes 418 or 452).
23
24smtp_initial_destination_concurrency = 10
25smtp_destination_concurrency_limit = 10
26smtp_destination_rate_delay = 0
27smtp_extra_recipient_limit = 10
28
29polite_initial_destination_concurrency = 2
30polite_destination_concurrency_limit = 2
31polite_destination_rate_delay = 0
32polite_destination_recipient_limit = 5
33
34turtle_initial_destination_concurrency = 1
35turtle_destination_concurrency_limit = 1
36turtle_destination_rate_delay = 3s
37turtle_destination_recipient_limit = 2
38
39Tune according to your needs. YMMV
40
41In master.cf, you configure the three mailers (smtp, polite and turtle) :
42
43smtp       unix  -       -       y       -       -       smtp
44    -o smtp_bind_address=192.168.11.2
45polite     unix  -       -       y       -       -       smtp
46    -o smtp_bind_address=192.168.11.2
47turtle     unix  -       -       y       -       -       smtp
48    -o smtp_bind_address=192.168.11.2
49
50If your mail server only has one interface, you don't need the smtp_bind_address.
51
52Finaly, select which transport will be used by each destination email address (the list below is for a mailing list server with mostly belgian subscribers).
53Create a file called "transport" if it does not exit yet.
54fulladsl.be     turtle:
55worldonline.be  turtle:
56scarlet.be      turtle:
57brutele.be      turtle:
58tvcablenet.be   turtle:
59yahoo.fr        turtle:
60yahoo.com       turtle:
61gmail.com       polite:
62
63### DKIM
64If you want to enable DKIM, you need to add a new "milter" (a mail filter in postfix's jargon). I recommend you use OpenDKIM.
65On debian/ubuntu, you install it using apt-get install opendkim opendkim-tools
66
67Activate milter support in your main.cf and add the OpenDKIM milter.
68# Enable milter filters
69milter_protocol = 2
70milter_default_action = accept
71
72# Filter trough OpenDKIM to sign messages
73smtpd_milters = inet:localhost:12301
74non_smtpd_milters = inet:localhost:12301
75compatibility_level = 2