Postfix:main.cf
From Hackepedia
This is a sample main.cf, not including the default variables. You can find the official options here. If you like and understand the following, add it to the bottom of your main.cf file and run
# postfix reload
main.cf:
strict_rfc821_envelopes = yes smtpd_helo_required = yes smtpd_etrn_restrictions = reject smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname reject_non_fqdn_hostname permit smtpd_sender_restrictions = permit_mynetworks reject_unknown_sender_domain reject_non_fqdn_sender permit_sasl_authenticated permit_tls_clientcerts warn_if_reject reject_unverified_sender # Incoming email maximum size of one meg: message_size_limit = 1024000 # This file needs to exist if you're going to use it. header_checks = regexp:/usr/local/etc/postfix/header_checks # If you don't have the following file, comment this out. mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks html_directory = no syslog_facility = mail syslog_name = postfix disable_vrfy_command = yes smtpd_banner = NO UCE ESMTP # SASL smtpd_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes # This will only allow authentication of users once TLS has been # started and information being transferred is encrypted. smtpd_tls_auth_only = yes # TLS smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_recipient_restrictions = permit_mynetworks reject_invalid_hostname reject_unauth_pipelining reject_unknown_recipient_domain reject_unknown_sender_domain reject_non_fqdn_hostname reject_non_fqdn_recipient reject_non_fqdn_sender permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination reject_rbl_client relays.ordb.org reject_rbl_client list.dsbl.org reject_rbl_client sbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client proxies.relays.monkeys.com reject_rbl_client opm.blitzed.org reject_rbl_client blackholes.wirehub.net
Also note these example header_checks