Postfix Configuration Parameters, Feb 8 2008
Note: with Postfix versions before 2.0, these rules inspect all content after the primary message headers.
The match attribute is most useful when multiple domains are supported by common server, the policy entries for additional domains specify matching rules for the primary domain certificate. While transport table overrides routing the secondary domains to the primary nexthop also allow secure verification, they risk delivery to the wrong destination when domains change hands or are re-assigned to new gateways. With the "match" attribute approach, routing is not perturbed, and mail is deferred if verification of a new MX host fails.
Postfix Configuration Parameters, Feb 8 2008
Note: with Postfix versions before 2.0, these rules inspect all content after the primary message headers.
The match attribute is most useful when multiple domains are supported by common server, the policy entries for additional domains specify matching rules for the primary domain certificate. While transport table overrides routing the secondary domains to the primary nexthop also allow secure verification, they risk delivery to the wrong destination when domains change hands or are re-assigned to new gateways. With the "match" attribute approach, routing is not perturbed, and mail is deferred if verification of a new MX host fails.
SecurityPortal - Postfix - The Sendmail replacement part II, Feb 8 2008
And then add rules to your header-checks file; the target can be REJECT, OK or a custom error.
See man regexp_table(5) for more information. You can also use PCRE by simply specifying pcre: instead of regexp: in your main.cf. The rules are basically the same, except that the syntax used for pattern matching is a bit more advanced.
Postfix Backscatter Howto, Feb 8 2008
The two "Message-ID:.* <!&!" rules are workarounds for some versions of Outlook express, as described in the caveats section below.
If you have such clients then you can to exclude their Message-ID strings with the two "Message-ID:.* <!&!" patterns that are shown in the previous section. Otherwise you will not be able to use the two backscatter rules to stop forged Message ID strings. Of course this workaround may break the next time Outlook is changed.
Postfix Built-in Content Inspection, Feb 8 2008
Other solutions involve additional body_checks rules that make exceptions for daily mail status reports, but this is not recommended.
Such rules slow down all mail and complicate Postfix maintenance.
Postfix Configuration Parameters, Feb 8 2008
Note: with Postfix versions before 2.0, these rules inspect all content after the primary message headers.
The match attribute is most useful when multiple domains are supported by common server, the policy entries for additional domains specify matching rules for the primary domain certificate. While transport table overrides routing the secondary domains to the primary nexthop also allow secure verification, they risk delivery to the wrong destination when domains change hands or are re-assigned to new gateways. With the "match" attribute approach, routing is not perturbed, and mail is deferred if verification of a new MX host fails.
Postfix Stress-Dependent Configuration, Feb 8 2008
Disable remote SMTP client hostname lookups, so that all SMTP client hostnames become "unknown" (line 5 below). This feature was introduced with Postfix 2.3. Unfortunately, this measure is more problematic than the other ones proposed sofar. First, this will result in loss of mail when you use hostname-based access rules that reject mail from "unknown" SMTP clients (examples: reject_unknown_client_hostname, reject_unknown_reverse_client_hostname).
1 /etc/postfix/main.cf: 2 smtpd_timeout = 10 3 smtpd_hard_error_limit = 1 4 # Caution: line 5 may trigger REJECTs by hostname-based access rules 5 smtpd_peername_lookup = no
Postfix XCLIENT Howto, Feb 8 2008
Access control tests. SMTP server access rules are difficult to verify when decisions can be triggered only by remote clients. In order to facilitate access rule testing, an authorized SMTP client test program needs the ability to override the SMTP server's idea of the SMTP client hostname, network address, and other client information, for the entire duration of an SMTP session.
Client software that downloads mail from an up-stream mail server and injects it into a local MTA via SMTP. In order to take advantage of the local MTA's SMTP server access rules, the client software needs the ability to override the SMTP server's idea of the remote client name, client address and other information. Such information can typically be extracted from the up-stream mail server's Received: message header.
Postfix Address Rewriting, Feb 8 2008
Each Postfix delivery agent tries to deliver the mail to its destination, while encapsulating the sender, recipients, and message content according to the rules of the SMTP, LMTP, etc. protocol.
Postfix Address Rewriting, Feb 8 2008
Each Postfix delivery agent tries to deliver the mail to its destination, while encapsulating the sender, recipients, and message content according to the rules of the SMTP, LMTP, etc. protocol.
Postfix + Maildrop Howto, Feb 8 2008
The mail is delivered to ${user}@${nexthop} (match key for maildrop userdb lookup). The ${extension} and the other address components are available to maildrop rules as $1, $2, $3, ... and can be omitted from master.cf or ignored by maildrop when not needed.
Postfix TLS Support, Feb 8 2008
The "match" attribute is especially useful to verify TLS certificates for domains that are hosted on a shared server. In that case, specify "match" rules for the shared server's name.
Postfix Address Rewriting, Feb 8 2008
Each Postfix delivery agent tries to deliver the mail to its destination, while encapsulating the sender, recipients, and message content according to the rules of the SMTP, LMTP, etc. protocol.