V
V
VA2016-12-08 09:19:53
Domain Name System
VA, 2016-12-08 09:19:53

How to configure DNS for Postfix, etc.?

Hi all!
In general, I set up Postfix + Dovecot + Spamassassin + Clamav + Posftixadmin, on a dedicated server CentOS 6.8
General config main.cf

spoiler
soft_bounce = no  
queue_directory = /var/spool/postfix  
daemon_directory = /usr/libexec/postfix  
mail_owner = postfix  
default_privs = nobody  
inet_interfaces = all  
myhostname = mail.site-1.ru  
mydomain = site-1.ru  
myorigin = $mydomain  
mydestination = $myhostname,localhost.$myhostname,localhost  
local_recipient_maps = proxy:unix:passwd.byname $alias_maps  
unknown_local_recipient_reject_code = 550  
#mynetworks = 127.0.0.0/8  
 
relay_domains =  
alias_maps = hash:/etc/aliases  
alias_database = hash:/etc/aliases  
mail_spool_directory = /var/mail  
smtpd_banner = $myhostname ESMTP  
debug_peer_level = 2  
debug_peer_list = yandex.ru, mail.ru pochta.ru 10.10.10.23/32 10.10.10.0/24 gmail.com  
debugger_command =   
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin  
    xxgdb $daemon_directory/$process_name $process_id & sleep 5   
sendmail_path = /usr/sbin/sendmail  
mailq_path = /usr/bin/mailq  
setgid_group = postdrop  
html_directory = no  
manpage_directory = /usr/local/man  
config_directory = /etc/postfix

#базы и прочее
virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf  
virtual_mailbox_base = /var/vmail  
virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf  
virtual_alias_maps = mysql:$config_directory/sql/valias.cf  
virtual_minimum_uid = 1150  
virtual_uid_maps = static:1150  
virtual_gid_maps = static:12  
virtual_transport = dovecot  
dovecot_destination_recipient_limit = 1  

smtpd_sasl_auth_enable = yes  
smtpd_sasl_exceptions_networks = $mynetworks  
smtpd_sasl_security_options = noanonymous  
broken_sasl_auth_clients = yes  
smtpd_sasl_type = dovecot  
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth

#прочее
smtpd_recipient_restrictions = permit_mynetworks,  
    permit_sasl_authenticated,  
    reject_unauth_destination,  
    reject_non_fqdn_recipient,  
    reject_invalid_hostname,  
    reject_unknown_recipient_domain,  
    reject_unknown_client,  
    reject_unlisted_recipient,  
    reject_unverified_recipient,  
    reject_unauth_pipelining,  
    reject_rbl_client cbl.abuseat.org,  
    reject_rbl_client dialups.mail-abuse.org,  
    reject_rbl_client bl.spamcop.net,  
    reject_rbl_client zen.spamhaus.org,  
    reject_rbl_client sbl-xbl.spamhaus.org,  
    permit


smtpd_client_restrictions =
    reject_unauth_pipelining,
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unknown_client_hostname,
    permit

smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    permit

smtpd_sender_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_non_fqdn_sender,
    reject_authenticated_sender_login_mismatch,
    reject_unauthenticated_sender_login_mismatch,
    reject_unknown_sender_domain,
    permit_sasl_authenticated,
    reject_sender_login_mismatch
    permit

content_filter = scan:127.0.0.1:10025  
receive_override_options = no_address_mappings


Postfix master.cf
spoiler
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
  -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
dovecot    unix    -    n    n    -    -    pipe  
             flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d $(recipient)
smtp        inet   n           -           n          -             -              smtpd -o content_filter=spamassassin  
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes
127.0.0.1:10026 inet n - n - 16 smtpd  
             -o content_filter=  
             -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks  
             -o smtpd_helo_restrictions=  
             -o smtpd_client_restrictions=  
             -o smtpd_sender_restrictions=  
             -o smtpd_recipient_restrictions=permit_mynetworks,reject  
             -o mynetworks_style=host  
             -o smtpd_authorized_xforward_hosts=127.0.0.0/8


Installed bind, and now I can't figure out how to set up DNS to resolve the server name. Two mail domains on one this server are planned.
Who faced such a task, as I understand it, you need to create a config separately for each name?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
G
Godless, 2016-12-08
@Godless

will your bind be the main NS for domains? What is the actual problem?
dimain1.com :
A mail.domain1.com
MX mail.domain1.com 10
dimain2.com :
A mail.domain2.com
MX mail.domain2.com 10
don't forget about SPF and DKIM
these were all symbolic records meaning that For mail to work for a domain, you need to have an MX record in its zone that points to some server. It can be an A record or just an IP, I prefer the A record. And actually the A record itself points to your server (its external IP address).
example
DKIM example
zone config piece in bind

@             IN  MX  10 mail.domain1.com.
mail.domain1.com.    IN  A      1.1.1.1
@             IN TXT "v=spf1 +mx -all"
_domainkey.domain1.com. IN TXT "o=~; [email protected]"
SELECTOR._domainkey.domain1.com. IN TXT "v=DKIM1; p=YOURKEYHERE;"

Wiki DKIM
Wiki SPF
+ similarly with the second domain, you can specify the same IP

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question