Need Sanity Check Please

Flash Love flashl at cox.net
Mon Sep 19 11:17:23 EDT 2005


After four grueling weeks, I believe that I may have a stable 
postfix+cyrus+sasl+webcyr system. Please provide me a sanity check.

My configuration is:

A firewalled postfix environment with:
(1) intranet domain = home.lan
(2) three FQDNs = example.com example2.com example3.com

If I need to provide more information, let me know. Below is the output from 
postfinger:

postfinger - postfix configuration on Mon Sep 19 10:00:23 CDT 2005
version: 1.29

Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public.  If this is the case it is your responsibility to modify
the output to hide this private information.  [Remove this warning with
the --nowarn option.]

--System Parameters--
mail_version = 2.2.2
hostname = kirk.home.lan
uname = Linux kirk.home.lan 2.6.12-1.1398_FC4 #1 Fri Jul 15 00:52:32 EDT 2005 
i686 i686 i386 GN
U/Linux

--Packaging information--
looks like this postfix comes from RPM package: 
postfix-2.2.2-2.mysql.sasl2.fc4

--main.cf non-default parameters--
alias_database = hash:/etc/postfix/maps/aliases
alias_maps = hash:/etc/postfix/maps/aliases
body_checks = regexp:/etc/postfix/maps/body_checks
broken_sasl_auth_clients = yes
content_filter = spamfilter:
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/maps/header_checks
html_directory = /usr/share/doc/postfix-2.2.2-documentation/html
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
mail_spool_directory = /var/spool/mail
manpage_directory = /usr/share/man
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
mydestination = $myhostname, localhost.$mydomain, localhost, 
mysql:/etc/postfix/mysql-destinati
on.cf, hash:/etc/postfix/maps/hosted_domains
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8, hash:/etc/postfix/maps/network_table
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.2.2-documentation/readme
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_client_restrictions = permit_mynetworks
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_unauth_dest
ination, reject_invalid_hostname, check_client_access 
hash:/etc/postfix/maps/access_client, che
ck_client_access hash:/etc/postfix/maps/exceptions_clients, check_helo_access 
hash:/etc/postfix
/maps/access_helo, check_helo_access hash:/etc/postfix/maps/verify_helo, 
check_sender_access ha
sh:/etc/postfix/maps/access_sender, check_sender_access 
hash:/etc/postfix/maps/verify_sender, c
heck_sender_access hash:/etc/postfix/maps/verify_domain, 
check_recipient_access hash:/etc/postf
ix/maps/access_recipient, reject_unauth_pipelining, reject_non_fqdn_sender, 
reject_unknown_send
er_domain, reject_unverified_sender, reject_multi_recipient_bounce, 
reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unlisted_recipient, 
check_sender_access hash:/etc/postf
ix/maps/no_verify_sender, reject_unverified_sender, check_recipient_access 
hash:/etc/postfix/ma
ps/no_verify_recipient, reject_unverified_recipient, permit
smtpd_restriction_classes = verify_domain_client,       verify_domain_helo,     
verify_domain_s
ender,  verify_exceptions_recipients,   verify_sender
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.example.key-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/mail.example.key-cert.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/maps/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/maps/transport
virtual_alias_domains = hash:/etc/postfix/maps/hosted_domains
virtual_alias_maps = hash:/etc/postfix/maps/virtual, 
mysql:/etc/postfix/mysql-virtual.cf

--master.cf--
smtp      inet  n       -       n       -       20      smtpd
        -o smtpd_proxy_filter=127.0.0.1:10025
        -o smtpd_client_connection_count_limit=10
smtps    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
        -o smtp_generic_maps=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
cyrus     unix  -       n       n       -       -       pipe -v
  user=cyrus argv=//usr/lib/cyrus-imapd/deliver -e -r ${sender} -m 
${extension} ${user}
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
127.0.0.1:10025 inet n - n - 100 smtpd
 -o content_filter=
 -o smtpd_proxy_filter=
 -o myhostname=injector.example.com
 -o mynetworks=127.0.0.0/8
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_restriction_classes=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o header_checks=
 -o body_checks=
 -o receive_override_options=no_address_mappings
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
127.0.0.1:10026 inet n  -       n       -        -      smtpd
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_data_restrictions=
 -o mynetworks=127.0.0.0/8
 -o receive_override_options=no_unknown_recipient_checks
127.0.0.1:10027 inet n - n - 100 smtpd
 -o content_filter=
 -o myhostname=reinject.example.com
 -o mynetworks=127.0.0.0/8
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o header_checks=
 -o body_checks=
spamfilter unix - n n - - pipe flags=Rq user=spam 
argv=/usr/local/bin/spamfilter.sh ${sender} $
{recipient}
spamdelivery unix - n n - - pipe flags=R user=spam argv=/usr/bin/procmail -t 
-m /etc/procmailrc
-spam -d spam

-- end of postfinger output --

thanks for help,
flash




More information about the Info-cyrus mailing list