control config on safety + multiple domain question
Hi,
I've a falko like postfix, mysql courier-imap-ssel config and I would like to have one domain (domain1.ext) as external fully independent domain. I mean by an external domain: a server config for that particular domain which is capable of sending mails all over the world or to the outside world.
The other domain (domain2.ext) should only be used for internal use in the company except for a very limited number of addresses which should do both internal and external communication.
Also domain2.ext should have a disclaimer implemented if possible and not domain1.ext.
Thanks in advance,
Falcon5
Bellow is my config.
Could anyone look at it and tell me if it's safe as it is now?
main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
alias_maps = hash:/etc/aliases
mydestination = mail.domain2.ext, localhost, localhost.localdomain
mynetworks = 212.68.*.*, 193.190.*.*, 127.0.0.0/8, 192.168.*.*/24, 192.168.*.*/24, 192.168.2.0/24
relayhost = smtp.ISP.com
myhostname = server.domain2.ext
virtual_alias_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /share/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
#maildrop_destination_recipient_limit = 1
virtual_uid_maps = static:5000
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/maps/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
#smtpd_recipient_restrictions =
# permit_mynetworks,
# permit_sasl_authenticated,
# reject_unauth_destination,
# reject_unauth_pipelining,
# reject_non_fqdn_hostname,
# reject_non_fqdn_sender,
# reject_non_fqdn_recipient,
# reject_invalid_hostname,
# reject_unknown_sender_domain,
# reject_unknown_recipient_domain,
# reject_rbl_client bl.spamcop.net,
# reject_rbl_client sbl.spamhaus.org,
# reject_rbl_client t1.dnsbl.net.au,
# reject_rbl_client dnsbl.njabl.org,
# reject_rbl_client blackholes.mail-abuse.org,
# permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
disable_vrfy_command = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname,
warn_if_reject
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_sender_restrictions=
permit_mynetworks,
reject_unknown_address,
reject_unauth_pipelining
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain2.ext.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.domain2.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
transport_maps = hash:/etc/postfix/transport
vacation_destination_recipient_limit = 1
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
|
English | 
Deutsch
Threaded Mode
Recent comments
1 day 13 hours ago
1 day 15 hours ago
2 days 3 hours ago
2 days 6 hours ago
2 days 10 hours ago
2 days 16 hours ago
3 days 1 hour ago
3 days 3 hours ago
3 days 11 hours ago
3 days 13 hours ago