postfix main.cf 參數研究、記錄
[分享]postfix main.cf 參數研究、記錄
--------------------------------------------------------------------------------
觀看預設值
$ postconf -d
# The default_destination_concurrency_limit parameter specifies a
# default limit on the number of parallel deliveries to the same
# destination. This is the default limit for delivery via SMTP, via
# the local delivery agent and via the pipe mailer.
#
default_destination_concurrency_limit = 100
# The default_destination_recipient_limit parameter specifies a
# default limit on the number of recipients per message delivery.
# This is the default limit for delivery via SMTP, via the local
# delivery agent and via the pipe mailer.
#
default_destination_recipient_limit = 6000
## 對於無法寄出的信件,重新嘗試再寄信的間隔時間
# The maximal_backoff_time parameter specifies the maximal time
# between attempts to deliver a deferred message.
#
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
# The default time unit is s (seconds).
#
##maximal_backoff_time = 4000s
maximal_backoff_time = 2000s
## 一封無法寄出的信件在 Mail Server 中 queue 的最長時間
## 如無法送出則退回給寄件者
# The maximal_queue_lifetime parameter specifies the maximal time
# a message is queued before it is sent back as undeliverable.
#
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
# The default time unit is d (days).
#
##maximal_queue_lifetime = 5d
maximal_queue_lifetime = 1d
## 郵件表頭的大小限制
# The header_size_limit parameter limits the amount of memory in
# bytes used for processing a message header. If a header is larger,
# the remainder of the entire message is treated as message body.
#
header_size_limit = 1024000
# The line_length_limit parameter limits the amount of memory in
# bytes used for handling input lines. Longer lines are chopped up
# into pieces and reconstructed upon delivery.
#
line_length_limit = 2048
## 限制每一封單一郵件的大小
# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information.
#
# 20MB
message_size_limit = 20480000
## 限制 mailbox 大小或 maildir 中單一檔案的大小
## 事實上就是限制寫到本地磁碟的檔案大小
## 這個設定值必需大於 message_size_limit 的設定
## 所以換而言之,如果是使用 maildir 的話,那麼 message_size_limit 就取代了這個參數的功用
# The mailbox_size_limit parameter controls the maximal size of a
# mailbox or maildir file (in fact, it limits the size of any file
# that is written to upon local delivery) The default is 50 MBytes.
# This limit must not be set smaller than the message size limit.
#
# 500MB
mailbox_size_limit = 512000000
## 限制一封信同時寄往本機同一個用戶時,此用戶收到同一封信的數量上限
## 但是在 postfix 的 queue manager 的設計上,已經限制同一封信在 local 端轉送時
## 用戶只能收到一封信,所以這個參數目前已經沒有效用了
## 這個參數的預設值 local_destination_recipient_limit = 1
## 你可以試著同時寄給自己正本 me@aaa.bbb 及複本 me@aaa.bbb,你只會收到一封信
# The local_destination_recipient_limit parameter limits the number
# of recipients per local message delivery. The default limit is
# taken from the default_destination_recipient_limit parameter.
#
# However, the queue manager by design limits the number of recipients
# per local delivery request to exactly 1, so this parameter has no
# effect.
#
local_destination_recipient_limit = 1000
## 限制一封郵件可同時寄送給幾位收件者
## aliases 或 aliases 的 mail group (例如...用 include 方式) 內延伸的使用者數量,不受此限
# smtpd_recipient_limit (default: 1000)
# The maximal number of recipients that the Postfix SMTP server accepts per message delivery request.
# 一次只能寄給十個收件者
smtpd_recipient_limit = 10
# The default_destination_recipient_limit parameter specifies a
# default limit on the number of recipients per message delivery.
# This is the default limit for delivery via SMTP, via the local
# delivery agent and via the pipe mailer.
#
default_destination_recipient_limit = 6000
##Mail Server 寄信時,先將信送到 relayhost,再由 relayhost 主機把信寄出去
## 這個參數可以套用在具有內部 Mail Gateway 的內部 Mail Server 主機
# relayhost (default: empty)
# The default host to send non-local mail to when no entry is matched in the optional transport(5)
# table. When no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your internal DNS uses no MX
# records, specify the name of the intranet gateway host instead.
# In the case of SMTP, specify a domain name, hostname, hostname:port, [hostname]:port,
# [hostaddress] or [hostaddress]:port. The form [hostname] turns off MX lookups.
# If you're connected via UUCP, see the UUCP_README file for useful information.
# Examples:
# relayhost = $mydomain
# relayhost = [gateway.my.domain]
# relayhost = uucphost
# relayhost = [an.ip.add.ress]
relayhost = 192.168.0.100
## 郵件位置 (@ 後面的 domain),如果查不到 DNS A 或 MX 記錄,就拒絕收信
## 預設伺服器回的錯誤碼為 450
# Reject the request when the sender mail address has no DNS A or MX record.
# The unknown_address_reject_code parameter specifies the response code for rejected
# requests (default: 450). The response is always 450 in case of a temporary DNS error.
smtpd_sender_restrictions = reject_unknown_sender_domain
## 可利用下面的參來決定 reject_unknown_sender_domain 的錯誤碼
unknown_address_reject_code = 530
代碼:
Mar 26 09:27:37 backup postfix/smtpd[91653]: reject: RCPT from edwardr.it.wsu.edu[134.121.0.128]: 530: Sender address rejected: Domain not found; from= to=
reject 原因:因 ms44.hinet.net 查不到 A 或 MX 記錄,回覆指定錯誤碼 530
## 來源的伺服器 ip 反查,如果查不到 domain,就拒絕收信
## 但很多人在設定 DNS 時都忽略了反解的設定存,因此這個參數常常會導致許多
## 寄給我們的信件會被拒收,因此目前這個參數的實用性不大
## 預設伺服器回的錯誤碼為 450
# Reject the request when the client address to name lookup failed.
# The unknown_client_reject_code parameter specifies the response code to rejected requests (default: 450).
smtpd_sender_restrictions = reject_unknown_client
## 可利用下面的參來決定 reject_unknown_client 的錯誤碼
unknown_client_reject_code = 540
代碼:
Mar 25 18:39:30 backup postfix/smtpd[73754]: reject: RCPT from unknown[219.91.105.100]: 540 Client host rejected: cannot find your hostname, [219.91.105.100]; from= to=
reject 原因:219.91.105.100 反查不到 domain,回覆指定錯誤碼 540
## OPEN RELAY 的主機資料庫,當來源 IP 已被收錄在 ORDB 黑名單中,就拒絕收信
## 預設伺服器回的錯誤碼為 554
# Reject the request when the client network address is listed under any of the domains listed in $maps_rbl_domains.
# The maps_rbl_reject_code parameter specifies the response code for rejected requests (default: 554).
smtpd_sender_restrictions = reject_maps_rbl
## 必需搭配參數 maps_rbl_domains 的設定來使用
maps_rbl_domains = relays.ordb.org, opm.blitzed.org
代碼:
Jun 23 00:36:02 backup postfix/smtpd[83746]: reject: RCPT from cpc4-cmbg3-5-0-cust143.cmbg.cable.ntl.com[81.106.163.143]: 554 Service unavailable; [81.106.163.143] blocked using opm.blitzed.org, reason: open proxy - see http://opm.blitzed.org/?ip=81.106.163.143; from= to=
reject 原因:該 ip 在 opm.blitzed.org 的黑名單中,回覆預設錯誤碼 554
代碼:
Jun 23 17:33:12 backup postfix/smtpd[28866]: reject: RCPT from unknown[218.66.102.85]: 554 Service unavailable; [218.66.102.85] blocked using relays.ordb.org, reason: This mail was handled by an open relay - please visit; from= to=
reject 原因:該 ip 在 ORDB 的黑名單中,回覆預設錯誤碼 554
## 限制 postfix 同時執行的 process 數
default_process_limit (default: 100)
The default maximal number of Postfix child processes that providea given service. This limit can be overruled for specific servicesin the master.cf file.
例如:
default_process_limit=6
就會看到最多六個 process,這可以讓系統不那麼忙碌,而且可以保護頻寬不會全部被 Mail Server 吃光.....
代碼:
postfix smtp 22849 12 udp4 *:2085 *:*
postfix smtp 22848 11 tcp4 192.192.192.221:1411 203.74.250.33:25
postfix smtp 22847 12 udp4 *:2094 *:*
postfix smtp 22846 11 tcp4 192.192.192.221:4827 203.74.250.33:25
postfix smtp 22845 11 tcp4 192.192.192.221:3734 211.72.254.200:25
postfix smtp 22844 12 udp4 *:3422 *:*
##優先使用 /etc/hosts 中的設定
##這在自行架設 Mail Server 測試時,非常好用...
##只要用 /etc/hosts 的設定,就可以不管 dns 了
#smtp_host_lookup (default: dns)
#What mechanisms when the SMTP client uses to look up a host's IP address.
#This parameter is ignored when DNS lookups are disabled.
#
#Specify one of the following:
#
#dns
#Hosts can be found in the DNS (preferred).
#native
#Use the native naming service only (nsswitch.conf, or equivalent mechanism).
#dns, native
#Use the native service for hosts not found in the DNS.
#This feature is available in Postfix 2.1 and later.
#
#預設值為 smtp_host_lookup = dns #僅使用 dns 查詢 (即 /etc/resolv.conf 的設定)
#
smtp_host_lookup = native,dns
相關連結:
http://www.tmtm.org/postfix/parameters.html
http://www.hsc.fr/ressources/cours/postfix/doc/uce.html
http://210.240.39.44/svset/postfix/postfix-install.txt
http://www.postfix.org/postconf.5.html#smtp_host_lookup
--------------------------------------------------------------------------------
觀看預設值
$ postconf -d
# The default_destination_concurrency_limit parameter specifies a
# default limit on the number of parallel deliveries to the same
# destination. This is the default limit for delivery via SMTP, via
# the local delivery agent and via the pipe mailer.
#
default_destination_concurrency_limit = 100
# The default_destination_recipient_limit parameter specifies a
# default limit on the number of recipients per message delivery.
# This is the default limit for delivery via SMTP, via the local
# delivery agent and via the pipe mailer.
#
default_destination_recipient_limit = 6000
## 對於無法寄出的信件,重新嘗試再寄信的間隔時間
# The maximal_backoff_time parameter specifies the maximal time
# between attempts to deliver a deferred message.
#
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
# The default time unit is s (seconds).
#
##maximal_backoff_time = 4000s
maximal_backoff_time = 2000s
## 一封無法寄出的信件在 Mail Server 中 queue 的最長時間
## 如無法送出則退回給寄件者
# The maximal_queue_lifetime parameter specifies the maximal time
# a message is queued before it is sent back as undeliverable.
#
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
# The default time unit is d (days).
#
##maximal_queue_lifetime = 5d
maximal_queue_lifetime = 1d
## 郵件表頭的大小限制
# The header_size_limit parameter limits the amount of memory in
# bytes used for processing a message header. If a header is larger,
# the remainder of the entire message is treated as message body.
#
header_size_limit = 1024000
# The line_length_limit parameter limits the amount of memory in
# bytes used for handling input lines. Longer lines are chopped up
# into pieces and reconstructed upon delivery.
#
line_length_limit = 2048
## 限制每一封單一郵件的大小
# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information.
#
# 20MB
message_size_limit = 20480000
## 限制 mailbox 大小或 maildir 中單一檔案的大小
## 事實上就是限制寫到本地磁碟的檔案大小
## 這個設定值必需大於 message_size_limit 的設定
## 所以換而言之,如果是使用 maildir 的話,那麼 message_size_limit 就取代了這個參數的功用
# The mailbox_size_limit parameter controls the maximal size of a
# mailbox or maildir file (in fact, it limits the size of any file
# that is written to upon local delivery) The default is 50 MBytes.
# This limit must not be set smaller than the message size limit.
#
# 500MB
mailbox_size_limit = 512000000
## 限制一封信同時寄往本機同一個用戶時,此用戶收到同一封信的數量上限
## 但是在 postfix 的 queue manager 的設計上,已經限制同一封信在 local 端轉送時
## 用戶只能收到一封信,所以這個參數目前已經沒有效用了
## 這個參數的預設值 local_destination_recipient_limit = 1
## 你可以試著同時寄給自己正本 me@aaa.bbb 及複本 me@aaa.bbb,你只會收到一封信
# The local_destination_recipient_limit parameter limits the number
# of recipients per local message delivery. The default limit is
# taken from the default_destination_recipient_limit parameter.
#
# However, the queue manager by design limits the number of recipients
# per local delivery request to exactly 1, so this parameter has no
# effect.
#
local_destination_recipient_limit = 1000
## 限制一封郵件可同時寄送給幾位收件者
## aliases 或 aliases 的 mail group (例如...用 include 方式) 內延伸的使用者數量,不受此限
# smtpd_recipient_limit (default: 1000)
# The maximal number of recipients that the Postfix SMTP server accepts per message delivery request.
# 一次只能寄給十個收件者
smtpd_recipient_limit = 10
# The default_destination_recipient_limit parameter specifies a
# default limit on the number of recipients per message delivery.
# This is the default limit for delivery via SMTP, via the local
# delivery agent and via the pipe mailer.
#
default_destination_recipient_limit = 6000
##Mail Server 寄信時,先將信送到 relayhost,再由 relayhost 主機把信寄出去
## 這個參數可以套用在具有內部 Mail Gateway 的內部 Mail Server 主機
# relayhost (default: empty)
# The default host to send non-local mail to when no entry is matched in the optional transport(5)
# table. When no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your internal DNS uses no MX
# records, specify the name of the intranet gateway host instead.
# In the case of SMTP, specify a domain name, hostname, hostname:port, [hostname]:port,
# [hostaddress] or [hostaddress]:port. The form [hostname] turns off MX lookups.
# If you're connected via UUCP, see the UUCP_README file for useful information.
# Examples:
# relayhost = $mydomain
# relayhost = [gateway.my.domain]
# relayhost = uucphost
# relayhost = [an.ip.add.ress]
relayhost = 192.168.0.100
## 郵件位置 (@ 後面的 domain),如果查不到 DNS A 或 MX 記錄,就拒絕收信
## 預設伺服器回的錯誤碼為 450
# Reject the request when the sender mail address has no DNS A or MX record.
# The unknown_address_reject_code parameter specifies the response code for rejected
# requests (default: 450). The response is always 450 in case of a temporary DNS error.
smtpd_sender_restrictions = reject_unknown_sender_domain
## 可利用下面的參來決定 reject_unknown_sender_domain 的錯誤碼
unknown_address_reject_code = 530
代碼:
Mar 26 09:27:37 backup postfix/smtpd[91653]: reject: RCPT from edwardr.it.wsu.edu[134.121.0.128]: 530
reject 原因:因 ms44.hinet.net 查不到 A 或 MX 記錄,回覆指定錯誤碼 530
## 來源的伺服器 ip 反查,如果查不到 domain,就拒絕收信
## 但很多人在設定 DNS 時都忽略了反解的設定存,因此這個參數常常會導致許多
## 寄給我們的信件會被拒收,因此目前這個參數的實用性不大
## 預設伺服器回的錯誤碼為 450
# Reject the request when the client address to name lookup failed.
# The unknown_client_reject_code parameter specifies the response code to rejected requests (default: 450).
smtpd_sender_restrictions = reject_unknown_client
## 可利用下面的參來決定 reject_unknown_client 的錯誤碼
unknown_client_reject_code = 540
代碼:
Mar 25 18:39:30 backup postfix/smtpd[73754]: reject: RCPT from unknown[219.91.105.100]: 540 Client host rejected: cannot find your hostname, [219.91.105.100]; from=
reject 原因:219.91.105.100 反查不到 domain,回覆指定錯誤碼 540
## OPEN RELAY 的主機資料庫,當來源 IP 已被收錄在 ORDB 黑名單中,就拒絕收信
## 預設伺服器回的錯誤碼為 554
# Reject the request when the client network address is listed under any of the domains listed in $maps_rbl_domains.
# The maps_rbl_reject_code parameter specifies the response code for rejected requests (default: 554).
smtpd_sender_restrictions = reject_maps_rbl
## 必需搭配參數 maps_rbl_domains 的設定來使用
maps_rbl_domains = relays.ordb.org, opm.blitzed.org
代碼:
Jun 23 00:36:02 backup postfix/smtpd[83746]: reject: RCPT from cpc4-cmbg3-5-0-cust143.cmbg.cable.ntl.com[81.106.163.143]: 554 Service unavailable; [81.106.163.143] blocked using opm.blitzed.org, reason: open proxy - see http://opm.blitzed.org/?ip=81.106.163.143; from=
reject 原因:該 ip 在 opm.blitzed.org 的黑名單中,回覆預設錯誤碼 554
代碼:
Jun 23 17:33:12 backup postfix/smtpd[28866]: reject: RCPT from unknown[218.66.102.85]: 554 Service unavailable; [218.66.102.85] blocked using relays.ordb.org, reason: This mail was handled by an open relay - please visit
reject 原因:該 ip 在 ORDB 的黑名單中,回覆預設錯誤碼 554
## 限制 postfix 同時執行的 process 數
default_process_limit (default: 100)
The default maximal number of Postfix child processes that providea given service. This limit can be overruled for specific servicesin the master.cf file.
例如:
default_process_limit=6
就會看到最多六個 process,這可以讓系統不那麼忙碌,而且可以保護頻寬不會全部被 Mail Server 吃光.....
代碼:
postfix smtp 22849 12 udp4 *:2085 *:*
postfix smtp 22848 11 tcp4 192.192.192.221:1411 203.74.250.33:25
postfix smtp 22847 12 udp4 *:2094 *:*
postfix smtp 22846 11 tcp4 192.192.192.221:4827 203.74.250.33:25
postfix smtp 22845 11 tcp4 192.192.192.221:3734 211.72.254.200:25
postfix smtp 22844 12 udp4 *:3422 *:*
##優先使用 /etc/hosts 中的設定
##這在自行架設 Mail Server 測試時,非常好用...
##只要用 /etc/hosts 的設定,就可以不管 dns 了
#smtp_host_lookup (default: dns)
#What mechanisms when the SMTP client uses to look up a host's IP address.
#This parameter is ignored when DNS lookups are disabled.
#
#Specify one of the following:
#
#dns
#Hosts can be found in the DNS (preferred).
#native
#Use the native naming service only (nsswitch.conf, or equivalent mechanism).
#dns, native
#Use the native service for hosts not found in the DNS.
#This feature is available in Postfix 2.1 and later.
#
#預設值為 smtp_host_lookup = dns #僅使用 dns 查詢 (即 /etc/resolv.conf 的設定)
#
smtp_host_lookup = native,dns
相關連結:
http://www.tmtm.org/postfix/parameters.html
http://www.hsc.fr/ressources/cours/postfix/doc/uce.html
http://210.240.39.44/svset/postfix/postfix-install.txt
http://www.postfix.org/postconf.5.html#smtp_host_lookup
留言