Soubor main.cf

setgid_group = postdrop
mydestination = localhost, $myhostname, firma.cz, jina-firma.cz, pokus.cz
relay_domains = $mydestination, hash:/etc/postfix/maps/relay-domains

mailbox_command = procmail -a "$EXTENSION"

# Antispam
local_recipient_maps = $alias_maps unix:passwd.byname
disable_vrfy_command = yes
allow_untrusted_routing = no

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_invalid_hostname,
    reject_unknown_hostname
    reject_non_fqdn_hostname


smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    check_recipient_access hash:/etc/postfic/maps/norbl,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client dnsbl.ahbl.org,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client list.dnsbl.org,
    ⋮
    reject_rbl_client multihop.dnsbl.org,
    reject_rbl_client dynablock.easynet.nl,
    reject_unknown_client

smtpd_delay_reject = yes

smtpd_sender_restrictions =
    reject_unknown_sender_domain,
    reject_non_fqdn_sender,
    …

strict_rfc821_envelopes = yes


### SASL suppoert
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

### TLS
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/CA/mail.firma.cz-server-cert.pem
smtpd_tls_key_file = /etc/CA/mail.firma.cz-server.key.pem
smtpd_starttls_timeout = 300s

smtpd.conf:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sun.firma.cz ESMTP Postfix
EHLO localhost
250-sun.firma.cz
250-PIPELINING
250-SIZE 50000000
250-VRFY
250-ETRN
250-XVERP
250 8BITMIME
QUIT
221 Bye
Connection closed by foreign host.

FIXME:prozkoumat: awstats. Jedná se o obecný analyzér. S Postfixem se moc nekamarádí, je nutno překonvertovat vstupní data.

FIXME:SARG, analyzér ke squidu. Nepočítá z Postfixem.