> On Sun, 2004-02-22 at 14:54, WA9ALS - John wrote: [snip] > No offense, but this needs to be incremental and PLANNED. [/snip] hello jwp, so i understand you well, as i learned it the same way as you, but began without community and ended up on a realtime-blackhole-list-server with about 25 entries...it took me weeks, get my domain from the list...save this thime. Here is a proposal, what i insered at the end of my main.cf, just for some security reasons. You find a lot of explanations for this at http://www.postfix.org # # Security smtpd_helo_restrictions = reject_unauth_pipelining #smtpd_sasl_auth_enable = yes #smtpd_sasl_security_options = noanonymous #broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit_mynetworks, # needed, if you do pop-before-smtp and some rbl-checkups: check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client relays.ordb.org, proxies.relays.monkeys.com, reject_rbl_client sbl.spamhaus.org, permit also, make sure, that you have clean entries in your main.cf for $mydomain and $myhostname. Make sure, that your do not let relay something outside your private ip-range with the mynetworks-parameter: myhostname = host.domain.net mydomain = domain.net mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.0.0.0/8 Also think about installing something like Amavis or equivalent to do virus- and spamchecking whilst your smtp-server (postfix) is receving mail. you can check your mailserver for being a open relay or not on the following url's: http://www.relaycheck.com/test.asp http://www.antispam-ufrj.pads.ufrj.br make also sure, that if you have a proxy installed, it is hidden behind your firewall, because otherwise, a spammer could also use your server with this. For your thing with the mailboxes: you will find in /etc/xinetd.d a file called imap and imaps and pop and pop3s (or so...) edit them and change the line disabled from yes to no. save the files and restart xinetd with '/sbin/service xinetd restart'. This should already make working your imap-server. You can check this doing a 'telnet localhost imap'. This should give you a list of some capabilities of your imap-server. You can quit with 'a01 logout'. Local delivery is done already in postfix, so mails will get delivered in the home-directories of the users. remember, that your e-mail-adresses are the same like your usernames. If this is not the wish, do 'man aliases', this makes you more flexible. i know this is a lot of info, perhaps you already have this. Also my entries about security are not the last of wisedom...it's a ongoing process... HTH Roger
