CentOS 5 Postfix

by labmin on December 4, 2010

Here is my sample setup for postfix running on CentOS 5

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody

myhostname = zlabx.com
mydomain = zlabx.com
myorigin = $mydomain

inet_interfaces = all
unknown_local_recipient_reject_code = 550
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no

# RECEIVING MAIL
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
show_user_unknown_table_name=no

#  RELAY CONTROL
mynetworks = 127.0.0.1, /etc/postfix/relay_allow_list

##  SMTPD

#  Simple SPAM restrictions
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   check_policy_service unix:private/policy-spf,
   check_sender_access hash:/etc/postfix/black_list,
   check_sender_access hash:/etc/postfix/white_list,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net,
   permit

smtpd_helo_required = yes

smtpd_client_restrictions =
   permit_mynetworks,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   permit

# Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 60
smtpd_hard_error_limit = 10

#Prevent email address harvesting attacks
disable_vrfy_command = yes

#Change reject codes to permanent
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases

#Used to send outgoing mail through godaddy.
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
relayhost = [smtpout.secureserver.net]:80
smtp_sasl_password_maps = hash:/etc/postfix/godaddy_login
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_cname_overrides_servername = no
smtp_sasl_security_options =

The line

check_policy_service unix:private/policy-spf,

Is not needed unless you have installed the postfix-policyd-spf-perl package from openspf.org. For more information on setting up spf see this howtoforge

I use godaddy for relaying my mail. Here is how to setup postfix to send your emails through an external provider, such as GoDaddy.

File: godaddy_login

[Your-Email-Server.com]:80	username@yourdomain.com:<your-password>

Don’t forget to run postmap on the godaddy_login file!

 [zlabx]$  postmap /etc/postfix/godadddy_login

One comment

I set my postfix on Godaddy as you said, but the report ” SASL authentication failed; server smtpout.asia.secureserver.net[182.50.145.3] said: 501 Authentication failed.”

what can I do?

by James.ZH on March 1, 2011 at 7:16 am. Reply #

Leave your comment

Required.

Required. Not published.

If you have one.