Commit 40d041e2 authored by Bob Tanner's avatar Bob Tanner

Templates for postscreeen configuration curtesy of @drechsau

parent cbca0bc8
This diff is collapsed.
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o smtpd_enforce_tls=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o smtpd_client_restrictions=
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o smtpd_client_restrictions=
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
######
# monkey rides alone
######
clamsmtpd unix - - n - 32 smtp
-o smtp_send_xforward_command=yes
localhost:10027 inet n - n - 32 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o myhostname=after-clamsmtpd.geeks.org
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# my file, and I'll do what I want!
### Intranet
10.0.0.0/8 permit
192.168.0.0/16 permit
172.16.0.0/12 permit
# BELG-L from l-soft
212.247.25.0/25 permit
# district16 email sucks with Novell GroupWise
204.169.235.251/32 permit
####
# zorch
####
# sol.net
206.55.64.0/20 permit
# bungi
192.83.249.0/24 permit
# nether.puck.net
[2001:418:3f4::5] permit
# nanog
[2001:48a8:6880:68::116:162] permit
50.31.151.68 permit
# cisco-nsp
204.42.254.5 permit
### Facebook
69.63.179.25 permit
69.63.178.128/25 permit
69.63.184.0/25 permit
66.220.144.128/25 permit
66.220.155.0/24 permit
69.171.232.128/25 permit
66.220.157.0/25 permit
69.171.244.0/24 permit
# facebook - mike gathered
66.220.144.0/20 permit
69.171.224.0/19 permit
# testing
66.220.155.141 permit
# user mail
66.220.157.64/26 permit
# user automatic forwarding
66.220.157.16/29 permit
# user mail
66.220.157.48/28 dunno
# bounces
66.220.157.24/29 dunno
# notifications
66.220.144.128/27 permit
66.220.157.128/27 permit
# campaigns
66.220.144.160/29 dunno
66.220.157.160/29 dunno
# applications
66.220.144.168/29 dunno
66.220.157.168/29 dunno
### Google
216.239.32.0/19 permit
64.233.160.0/19 permit
66.249.80.0/20 permit
72.14.192.0/18 permit
209.85.128.0/17 permit
66.102.0.0/20 permit
74.125.0.0/16 permit
64.18.0.0/20 permit
207.126.144.0/20 permit
173.194.0.0/16 permit
2001:4860:4000::/36 permit
2404:6800:4000::/36 permit
2607:f8b0:4000::/36 permit
2800:3f0:4000::/36 permit
2a00:1450:4000::/36 permit
2c0f:fb50:4000::/36 permit
### PayPal
216.113.188.96/27 permit
66.211.168.230/31 permit
173.0.84.224/28 permit
208.201.241.163 permit
67.72.99.26 permit
206.165.246.80/29 permit
64.127.115.252 permit
194.64.234.129 permit
65.110.161.77 permit
204.13.11.48/29 permit
63.80.14.0/23 permit
208.64.132.0/22 permit
81.223.46.0/27 permit
216.136.168.81 permit
216.136.168.80/28 permit
129.41.77.70 permit
208.85.50.137 permit
157.151.208.65 permit
208.40.232.70 permit
12.130.86.238 permit
198.178.234.57 permit
67.221.168.65 permit
216.136.162.120/29 permit
216.136.162.65 permit
74.112.67.243 permit
# icloud things
17.158.236.0/24 permit
17.172.204.0/24 permit
#############################
# Reported by SQLgrey users #
#############################
# Free.fr uses a separate pool for retries
# the "first try" servers are smtp?-g19.free.fr, all servers are in the same
# class C network which is used for free/proxad servers
212.27.42.0/24 permit
# Reference : http://www.greylisting.org
# southwest airlines
12.5.136.141 permit
12.5.136.142 permit
# moveon.org
64.124.204.39 permit
# eBay
66.135.209.0/24 permit
66.135.197.0/24 permit
# security focus
205.206.231.0/24 permit
# amazon
207.171.168.0/24 permit
207.171.180.0/24 permit
207.171.187.0/24 permit
207.171.188.0/24 permit
207.171.190.0/24 permit
54.240.0.0/18 permit
# yahoo groups servers - mike collected
66.218.66.0/24 permit
66.218.67.0/24 permit
66.218.69.0/24 permit
######################
### Linkedin
216.52.242.0/24 permit
69.28.147.128/26 permit
8.18.31.21 permit
8.18.31.22 permit
69.28.149.0/24 permit
64.74.98.16/29 permit
199.101.160.0/25 permit
199.101.162.0/25 permit
216.136.162.65 permit
### AOL
64.12.90.0/24 permit
205.188.0.0/16 permit
64.12.137.0/24 permit
### Yahoo
216.136.232.0/22 permit
216.136.224.0/22 permit
216.136.172.0/22 permit
216.136.128.0/22 permit
216.109.94.0/23 permit
209.225.40.0/24 permit
64.58.76.0/22 permit
216.136.203.0/24 permit
209.131.32.0/19 permit
216.155.192.0/20 permit
216.136.204.0/24 permit
64.41.224.0/23 permit
66.163.160.0/19 permit
204.71.200.0/22 permit
64.157.4.0/24 permit
64.156.215.0/24 permit
209.247.158.0/24 permit
2001:49A8::/32 permit
216.252.96.0/19 permit
208.67.64.0/21 permit
69.147.64.0/18 permit
184.165.0.0/16 permit
68.180.128.0/17 permit
208.71.40.0/21 permit
76.13.0.0/16 permit
98.136.0.0/14 permit
67.195.0.0/16 permit
8.12.144.0/24 permit
50.85.0.0/16 permit
# mailchimp
205.201.128.0/20 permit
# Aileen stuff
# davidsongroup thing
65.74.132.64/28 permit
# stupid visi shit for boychoir.org
208.42.184.0/24 permit
# twitter
199.16.156.0/22 permit
199.59.148.0/22 permit
199.96.63.0/24 permit
# crashplan emails
50.93.246.0/24 permit
# namecheaphosting.com
104.219.249.0/24 permit
### Microsoft et al
111.221.111.196 permit
111.221.112.0/21 permit
111.221.116.0/24 permit
111.221.127.112/28 permit
111.221.16.0/21 permit
111.221.23.128/25 permit
111.221.24.0/21 permit
111.221.26.8 permit
111.221.66.0/25 permit
111.221.69.128/25 permit
111.221.70.0/25 permit
111.221.71.0/25 permit
131.107.1.101 permit
131.107.1.102 permit
131.107.1.17 permit
131.107.1.18 permit
131.107.1.19 permit
131.107.1.20 permit
131.107.1.27 permit
131.107.1.37 permit
131.107.1.44 permit
131.107.1.48 permit
131.107.1.56 permit
131.107.65.131 permit
131.107.65.22 permit
132.245.0.0/16 permit
157.55.0.192/26 permit
157.55.1.128/26 permit
157.55.11.0/25 permit
157.55.130.0/25 permit
157.55.145.0/25 permit
157.55.155.0/25 permit
157.55.157.128/25 permit
157.55.185.100 permit
157.55.194.46 permit
157.55.2.0/25 permit
157.55.224.128/25 permit
157.55.225.0/25 permit
157.55.227.192/26 permit
157.55.47.0/24 permit
157.55.49.0/24 permit
157.55.59.128/25 permit
157.55.61.0/24 permit
157.55.9.128/25 permit
157.56.0.0/16 permit
157.56.151.0/25 permit
157.56.200.0/23 permit
157.56.23.32/27 permit
157.56.236.0/22 permit
157.56.53.128/25 permit
157.56.55.0/25 permit
157.56.58.0/25 permit
202.177.148.100 permit
202.177.148.110 permit
203.122.32.250 permit
203.32.4.25 permit
207.46.116.135 permit
207.46.117.0/24 permit
207.46.132.129 permit
207.46.150.128/25 permit
207.46.163.0/24 permit
207.46.198.0/25 permit
207.46.200.0 permit
207.46.203.128/26 permit
207.46.206.0/23 permit
207.46.216.54 permit
207.46.22.101 permit
207.46.22.35 permit
207.46.22.98 permit
207.46.222.193 permit
207.46.4.128/25 permit
207.46.50.216 permit
207.46.50.224 permit
207.46.50.72 permit
207.46.50.82 permit
207.46.51.64/26 permit
207.46.52.71 permit
207.46.52.79 permit
207.46.57.128/25 permit
207.46.58.128/25 permit
207.46.70.0/24 permit
207.46.73.250 permit
207.68.169.173 permit
207.68.176.1 permit
207.68.176.97 permit
213.199.128.139 permit
213.199.128.145 permit
213.199.138.181 permit
213.199.138.191 permit
213.199.148.0/23 permit
213.199.154.0/24 permit
213.199.161.129 permit
213.199.174.0/25 permit
213.199.177.0/26 permit
213.199.180.128/26 permit
213.199.182.128/25 permit
216.32.180.0/24 permit
216.32.181.0/24 permit
216.99.5.67 permit
216.99.5.68 permit
217.77.141.52 permit
217.77.141.59 permit
65.52.148.27 permit
65.52.184.75 permit
65.52.196.64 permit
65.52.208.73 permit
65.52.240.233 permit
65.54.121.123 permit
65.54.165.0/25 permit
65.54.190.0/24 permit
65.54.241.0/24 permit
65.54.51.64/26 permit
65.54.54.32/27 permit
65.54.55.201 permit
65.54.61.64/26 permit
65.54.62.0/25 permit
65.54.74.0/23 permit
65.54.80.0/20 permit
65.54.82.0/24 permit
65.55.111.0/24 permit
65.55.113.64/26 permit
65.55.116.0/25 permit
65.55.126.0/25 permit
65.55.174.0/25 permit
65.55.178.129 permit
65.55.181.128/25 permit
65.55.233.0/27 permit
65.55.234.192 permit
65.55.238.129 permit
65.55.239.168 permit
65.55.33.70 permit
65.55.34.0/24 permit
65.55.39.128/25 permit
65.55.52.224 permit
65.55.78.128/25 permit
65.55.81.53 permit
65.55.86.0/23 permit
65.55.88.0/24 permit
65.55.90.0/24 permit
65.55.94.0/25 permit
70.37.128.0/23 permit
70.37.142.0/23 permit
70.37.151.128/25 permit
70.37.159.0/24 permit
70.37.97.234 permit
86.61.88.25 permit
94.245.108.85 permit
94.245.112.10 permit
94.245.112.16 permit
94.245.117.128/25 permit
94.245.117.53 permit
94.245.120.64/26 permit
94.245.68.0/22 permit
94.245.82.0/23 permit
94.245.84.0/24 permit
94.245.86.0/24 permit
# We will be rejecting much mail which is listed in multiple DNSBLs.
# We're not proud of some of the lists we are using, thus have given
# them lower scores in postscreen_dnsbl_sites listing. So this checks
# the DNSBL name postscreen(8) gets from dnsblog(8), and if it's not
# one of our Tier 1 DNSBL sites, it changes what the sender will see:
#/^b\.barracudacentral\.org$/ b.barracudacentral.org
#/^bl\.spameatingmonkey\.net$/ bl.spameatingmonkey.net
!/^zen\.spamhaus\.org$/ multiple DNS-based blocklists MULTIRBL
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment