/etc/postfix/main.cf

/ Unix/Linux/MacOS / 글쓴이
Print Friendly, PDF & Email
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = smtp.esvali.com
mydomain = esvali.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
# mydestination에 도메인 명시 금지!!
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.1/32, 10.10.10.0/24 211.196.252.86/32 211.196.252.87/32
relay_domains =
home_mailbox = Maildir/
debug_peer_level = 1
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

################################################################
#
# DNS를 검사하지 않는다.
#
################################################################
disable_dns_lookups = no

################################################################
#
# KISA 스팸 필터링 적용
# https://spam.kisa.or.kr/rbl/sub1.do
#
################################################################
#smtpd_sender_restrictions = reject_rbl_client spamlist.or.kr

################################################################
#
# alias_maps
# 맵정보 반영: postmap /etc/postfix/virtual
#              systemctl restart postfix
#
################################################################
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_domains = esvali.com
virtual_alias_maps = hash:/etc/postfix/virtual

################################################################
#
# 최대 이메일 크기
#
################################################################
message_size_limit = 52428800
mailbox_size_limit = 524288000

################################################################
#
# 메일큐 설정
#
################################################################
maximal_queue_lifetime=1h
queue_run_delay=300s

################################################################
#
# opendkim 셋팅
#
################################################################
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

################################################################
#
# SASL 인증 설정
#
################################################################
broken_sasl_auth_clients = yes
smtp_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous

################################################################
#
# TLS 셋팅
#
################################################################
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/esvali.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/esvali.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

################################################################
#
# 보안 설정
#
################################################################
# 인가된 네트워크에서만 접속을 허용.
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client

# Relay 제한 설정 (메일 발송 시 여기를 통과한 메일은 smtpd_sender_restrictions 옵션의 검증을 한번 더 거친다)
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

# 보내는 사람 제한 설정
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit

# 받는사람 제한 설정
smtpd_recipient_restrictions = permit_mynetworks
        #permit_mynetworks,
        #permit_sasl_authenticated,
        #  reject_unauth_destination is not needed here if the mail
        #  relay policy is specified under smtpd_relay_restrictions
        #  (available with Postfix 2.10 and later).
        #reject_unauth_destination
        #reject_rbl_client zen.spamhaus.org,
        #reject_rhsbl_reverse_client dbl.spamhaus.org,
        #reject_rhsbl_helo dbl.spamhaus.org,
        #reject_rhsbl_sender dbl.spamhaus.org

# pipelining 명령을 못 알아드는 엉성한 클라이언트들은 차단
smtpd_data_restrictions = reject_unauth_pipelining

# relay_domains_reject_code 변수는 SMTP 서버가 메일 전달 지침을 무시하려는 클라이언트들에게 어떻게 응답할 것인지를 지정함.
# 이것의 변수는 RFC 821를 따름. 기본값은 554: Transaction failed.
# 550: no access
relay_domains_reject_code = 550

# SMTP 클라이언트들은 SMTP 세션을 시작하기 전에 먼저 자신의 정체를 밝히도록 함.
# "Helo command rejected: Host not found" 오류를 방지하기 위해 no로 설정한다.
#smtpd_helo_required = yes
smtpd_helo_required = no

# 메일 전달 목적지가 Postfix에 의해 인가된 곳이더라도, 인가되지 않은 곳으로부터의 어떠한 메일 전달도 허용하지 않도록 함.
# 기본적으로 설정되어 있는 값이지만, 추가해 놓는다고 해가 될 것은 없다.
allow_untrusted_routing = no
위로 스크롤