{"id":635,"date":"2019-10-24T17:05:16","date_gmt":"2019-10-24T15:05:16","guid":{"rendered":"https:\/\/www.tiraquelibras.com\/blog\/?p=635"},"modified":"2021-02-02T11:10:06","modified_gmt":"2021-02-02T10:10:06","slug":"servidor-de-correo-configuracion-postfix-y-postfixsrs-parte-6-15","status":"publish","type":"post","link":"https:\/\/blog.tiraquelibras.com\/?p=635","title":{"rendered":"Servidor de correo &#8211; Configuraci\u00f3n Postfix y PostfixSRS (parte 6)"},"content":{"rendered":"<p>Esta es una entrada dentro de la serie para la instalaci\u00f3n de un servidor de correo completo. \u00cdndice completo de contenidos pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=601\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/p>\n<hr \/>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Tabla de contenidos<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a0e7bd673c76\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a0e7bd673c76\"  aria-label=\"Alternar\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#Postfix\"  rel=\"nofollow\" target=\"_blank\">Postfix<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#maincf\"  rel=\"nofollow\" target=\"_blank\">main.cf<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#bouncecf\"  rel=\"nofollow\" target=\"_blank\">bounce.cf<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#mastercf\"  rel=\"nofollow\" target=\"_blank\">master.cf<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#Archivos_MySQL\"  rel=\"nofollow\" target=\"_blank\">Archivos MySQL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#Confirmar_buzon\"  rel=\"nofollow\" target=\"_blank\">Confirmar buz\u00f3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#Archivos_varios\"  rel=\"nofollow\" target=\"_blank\">Archivos varios<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#helo_access\"  rel=\"nofollow\" target=\"_blank\">helo_access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#lista_blanca\"  rel=\"nofollow\" target=\"_blank\">lista_blanca<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#lista_negra\"  rel=\"nofollow\" target=\"_blank\">lista_negra<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#header_checks\"  rel=\"nofollow\" target=\"_blank\">header_checks<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#mastercf-2\"  rel=\"nofollow\" target=\"_blank\">master.cf<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-13 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\/#PostfixSRS\"  rel=\"nofollow\" target=\"_blank\">PostfixSRS<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"Postfix\"><\/span>Postfix<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>En esta entrada procederemos a la configuraci\u00f3n del servicio de Postfix.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"maincf\"><\/span>main.cf<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Copiamos el archivo <strong><em>main.cf<\/em><\/strong> original:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">cp \/etc\/postfix\/main.cf \/etc\/postfix\/main.cf.orig<\/pre>\n<p>El contenido del archivo ya modificado <em><strong>\/etc\/postfix\/main.cf<\/strong>. <\/em>No entraremos en detalle de lo que significa cada apartado para no extender la entrada, aunque se detalla alguna explicaci\u00f3n en las mismas l\u00edneas de configuraci\u00f3n:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\"># See \/usr\/share\/postfix\/main.cf.dist for a commented, more complete version\r\n\r\n# Debian specific:  Specifying a file name will cause the first\r\n# line of that file to be used as the name.  The Debian default\r\n# is \/etc\/mailname.\r\n#myorigin = \/etc\/mailname\r\n\r\nsmtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)\r\nbiff = no\r\n\r\n# appending .domain is the MUA's job.\r\nappend_dot_mydomain = no\r\n\r\n# Uncomment the next line to generate \"delayed mail\" warnings\r\n#delay_warning_time = 4h\r\n\r\nreadme_directory = no\r\n\r\n# TLS parameters\r\nsmtpd_tls_cert_file=\/etc\/letsencrypt\/live\/email.tiraquelibras.com\/fullchain.pem\r\nsmtpd_tls_key_file=\/etc\/letsencrypt\/live\/email.tiraquelibras.com\/privkey.pem\r\nsmtpd_use_tls=yes\r\nsmtpd_tls_auth_only = yes\r\nsmtp_tls_security_level = may\r\nsmtpd_tls_security_level = may\r\nsmtpd_sasl_security_options = noanonymous, noplaintext\r\nsmtpd_sasl_tls_security_options = noanonymous\r\nsmtpd_tls_protocols=!SSLv2,!SSLv3\r\nsmtpd_tls_mandatory_protocols=!SSLv2,!SSLv3\r\n\r\n# Authentication\r\nsmtpd_sasl_type = dovecot\r\nsmtpd_sasl_path = private\/auth\r\nsmtpd_sasl_auth_enable = yes\r\n\r\n# See \/usr\/share\/doc\/postfix\/TLS_README.gz in the postfix-doc package for\r\n# information on enabling SSL in the smtp client.\r\n\r\n# Restrictions\r\nsmtpd_helo_restrictions =\r\n        permit_mynetworks,\r\n        permit_sasl_authenticated,\r\n        check_helo_access hash:\/etc\/postfix\/helo_access,\r\n        reject_invalid_helo_hostname,\r\n        reject_non_fqdn_helo_hostname\r\nsmtpd_recipient_restrictions =\r\n        permit_mynetworks,\r\n        permit_sasl_authenticated,\r\n        check_sender_access hash:\/etc\/postfix\/lista_blanca,\r\n        check_sender_access hash:\/etc\/postfix\/lista_negra,\r\n        reject_non_fqdn_recipient,\r\n        reject_unknown_recipient_domain,\r\n        reject_unlisted_recipient,\r\n        reject_unauth_destination,\r\n        reject_rbl_client dul.dnsbl.sorbs.net,\r\n        reject_rbl_client sbl-xbl.spamhaus.org,\r\n        reject_rbl_client bl.spamcop.net\r\nsmtpd_sender_restrictions =\r\n        permit_mynetworks,\r\n        permit_sasl_authenticated,\r\n        reject_non_fqdn_sender,\r\n        reject_unknown_sender_domain\r\nsmtpd_relay_restrictions =\r\n        permit_mynetworks,\r\n        permit_sasl_authenticated,\r\n        defer_unauth_destination\r\n\r\n# See \/usr\/share\/doc\/postfix\/TLS_README.gz in the postfix-doc package for\r\n# information on enabling SSL in the smtp client.\r\n\r\nmyhostname = email.tiraquelibras.com\r\nalias_maps = hash:\/etc\/aliases\r\nalias_database = hash:\/etc\/aliases\r\nmydomain = email.tiraquelibras.com\r\nmyorigin = $mydomain\r\nmydestination = localhost\r\nrelayhost =\r\nmynetworks = 127.0.0.0\/8 [::ffff:127.0.0.0]\/104 [::1]\/128\r\nmailbox_size_limit = 0\r\nrecipient_delimiter = +\r\ninet_interfaces = all\r\ninet_protocols = all\r\n\r\n# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail\r\nvirtual_transport = lmtp:unix:private\/dovecot-lmtp\r\n\r\n# Virtual domains, users, and aliases\r\nvirtual_mailbox_domains = mysql:\/etc\/postfix\/mysql-virtual-mailbox-domains.cf\r\nvirtual_mailbox_maps = mysql:\/etc\/postfix\/mysql-virtual-mailbox-maps.cf\r\nvirtual_alias_maps = mysql:\/etc\/postfix\/mysql-virtual-alias-maps.cf,\r\n        mysql:\/etc\/postfix\/mysql-virtual-email2email.cf\r\n\r\n# Even more Restrictions and MTA params\r\ndisable_vrfy_command = yes\r\nstrict_rfc821_envelopes = yes\r\n#smtpd_etrn_restrictions = reject\r\n#smtpd_reject_unlisted_sender = yes\r\n#smtpd_reject_unlisted_recipient = yes\r\nsmtpd_delay_reject = yes\r\nsmtpd_helo_required = yes\r\nsmtp_always_send_ehlo = yes\r\n#smtpd_hard_error_limit = 1\r\nsmtpd_timeout = 30s\r\nsmtp_helo_timeout = 15s\r\nsmtp_rcpt_timeout = 15s\r\nsmtpd_recipient_limit = 20\r\nminimal_backoff_time = 180s\r\nmaximal_backoff_time = 3h\r\n\r\n# Reply Rejection Codes\r\ninvalid_hostname_reject_code = 550\r\nnon_fqdn_reject_code = 550\r\nunknown_address_reject_code = 550\r\nunknown_client_reject_code = 550\r\nunknown_hostname_reject_code = 550\r\nunverified_recipient_reject_code = 550\r\nunverified_sender_reject_code = 550\r\n\r\n# More parameters by Sergio\r\nunknown_local_recipient_reject_code = 450\r\nbounce_queue_lifetime = 3d\r\n# Bounce templates\r\nbounce_template_file = \/etc\/postfix\/bounce.cf\r\nmaximal_queue_lifetime = 4d\r\nheader_checks = regexp:\/etc\/postfix\/header_checks\r\nsmtpd_soft_error_limit = 3\r\nsmtpd_hard_error_limit = 12\r\nmessage_size_limit = 20480000\r\n<\/pre>\n<p>En esta configuraci\u00f3n se requiere autenticaci\u00f3n v\u00e1lida con usuario y contrase\u00f1a, se publican listas blancas y negras, IPs permitidas para el uso sin autenticaci\u00f3n, rechazo por <strong>RBL<\/strong>, entre otras cosas.<\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"bouncecf\"><\/span>bounce.cf<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ahora creamos el archivo con los mensajes de respuesta o rebote personalizados <strong><em>\/etc\/postfix\/bounce.cf<\/em><\/strong>:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">failure_template = &lt;&lt;EOF\r\nCharset: UTF-8\r\nFrom: MAILER-DAEMON (Mail Delivery System)\r\nSubject: Servidor de correo: Mensaje no entregado\r\nPostmaster-Subject: Postmaster: Mensaje no entregado\r\n\r\nPOR FAVOR, LEA DETENIDAMENTE ESTE MENSAJE.\r\n\r\n\u00c9ste es un mensaje de correo enviado autom\u00e1ticamente por su servidor de correo.\r\n\r\nNo ha sido posible entregar su mensaje a uno o m\u00e1s destinatarios. El\r\nmensaje que caus\u00f3 el error est\u00e1 adjunto a este mensaje.\r\n\r\nEOF\r\n\r\ndelay_template = &lt;&lt;EOF\r\nCharset: UTF-8\r\nFrom: MAILER-DAEMON (Mail Delivery System)\r\nSubject: Servidor de correo: Mensaje postpuesto\r\nPostmaster-Subject: Postmaster: Mensaje postpuesto\r\n\r\nPOR FAVOR, LEA DETENIDAMENTE ESTE MENSAJE.\r\n\r\nEste es un mensaje de correo enviado autom\u00e1ticamente por el servidor de correo.\r\n.\r\n\r\n##############################################\r\n# \u00c9STE ES S\u00d3LO UN MENSAJE DE AVISO           #\r\n# NO ES NECESARIO QUE REENV\u00cdE EL MENSAJE.    #\r\n##############################################\r\n\r\nSu mensaje no pudo ser entregado al destinatario despu\u00e9s de intentarlo durante\r\n$delay_warning_time_hours hora(s).\r\nSe seguir\u00e1 intentando enviar el mensaje hasta que pasen $maximal_queue_lifetime_days d\u00edas.\r\n\r\nEOF\r\n\r\nsuccess_template = &lt;&lt;EOF\r\nCharset: UTF-8\r\nFrom: MAILER-DAEMON (Mail Delivery System)\r\nSubject: Servidor de correo: Informe de entrega correcta de mensaje\r\n\r\nPOR FAVOR, LEA DETENIDAMENTE ESTE MENSAJE.\r\n\r\nEste es un mensaje de correo enviado autom\u00e1ticamente por su servidor de correo.\r\n\r\nSu mensaje fue entregado correctamente al\/a los destinatario\/s indicados a\r\ncontinuaci\u00f3n. Si el mensaje fue entregado directamente a los destinatarios,\r\nno recibir\u00e1 m\u00e1s notificaciones; en caso contrario, si el mensaje tuviera que\r\npasar por m\u00e1s servidores de correo, es posible que reciba m\u00e1s notificaciones\r\nde estos servidores.\r\n\r\nEOF\r\n\r\nverify_template = &lt;&lt;EOF\r\nCharset: UTF-8\r\nFrom: MAILER-DAEMON (Mail Delivery System)\r\nSubject: Servidor de correo: Informe de estado de entrega de mensaje\r\n\r\nPOR FAVOR, LEA DETENIDAMENTE ESTE MENSAJE.\r\n\r\nEste es un mensaje de correo enviado autom\u00e1ticamente por su servidor de correo.\r\n\r\nAdjunto a este mensaje se encuentra el informe de entrega solicitado.\r\n\r\nEOF\r\n<\/pre>\n<p>&nbsp;<\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"mastercf\"><\/span>master.cf<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Copiamos el archivo original:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">cp \/etc\/postfix\/master.cf \/etc\/postfix\/master.cf.orig<\/pre>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Archivos_MySQL\"><\/span>Archivos MySQL<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Creamos el archivo para que Postfix chequee si existen los dominios <strong><em>\/etc\/postfix\/mysql-virtual-mailbox-domains.cf<\/em><\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">user = mailuser\r\npassword = supersecretpassword\r\nhosts = 127.0.0.1\t\r\ndbname = mailserver\r\nquery = SELECT 1 FROM virtual_domains WHERE name='%s' and active='1'\r\n<\/pre>\n<p>Ahora el archivo para que Postfix chequee si existen los buzones <strong><em>\/etc\/postfix\/mysql-virtual-mailbox-maps.cf<\/em><\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">user = mailuser\r\npassword = supersecretpassword\r\nhosts = 127.0.0.1\r\ndbname = mailserver\r\nquery = SELECT 1 FROM virtual_users WHERE email='%s' and active='1'\r\n<\/pre>\n<p>Y por \u00faltimo lo mismo para los alias <strong><em>\/etc\/postfix\/mysql-virtual-alias-maps.cf<\/em><\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">user = mailuser\r\npassword = supersecretpassword\r\nhosts = 127.0.0.1\r\ndbname = mailserver\r\nquery = SELECT destination FROM virtual_aliases WHERE source='%s' and active='1'\r\n<\/pre>\n<p>Para finalizar creamos el siguiente archivo que tambi\u00e9n chequea el chequeo de Postfix para los alias <strong><em>\/etc\/postfix\/mysql-virtual-email2email.cf<\/em><\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">user = mailuser\r\npassword = supersecretpassword\r\nhosts = 127.0.0.1\r\ndbname = mailserver\r\nquery = SELECT email FROM virtual_users WHERE email='%s' and active='1'\r\n<\/pre>\n<p>Reiniciamos Postfix<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl restart postfix<\/pre>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Confirmar_buzon\"><\/span>Confirmar buz\u00f3n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Confirmamos la existencia del buz\u00f3n creado en la entrada anterior, accede a esta pinchando <a href=\"https:\/\/blog.tiraquelibras.com\/?p=626\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\"># postmap -q sbrodriguez@tiraquelibras.com mysql:\/etc\/postfix\/mysql-virtual-mailbox-maps.cf\r\n1\r\n<\/pre>\n<p>Si el comando es correcto la respuesta ser\u00e1 un 1, de lo contrario no devolver\u00e1 nada.<\/p>\n<p>Podr\u00edamos comprobar tambi\u00e9n los alias consultando el archivo <em><strong>mysql:\/etc\/postfix\/mysql-virtual-alias-maps.cf<\/strong><\/em><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Archivos_varios\"><\/span>Archivos varios<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ejemplo del contenido de archivos varios usados en los chequeos de Postfix anteriormente indicados:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"helo_access\"><\/span><strong><u>helo_access<\/u><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">#yeloquehay.com\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 REJECT\u00a0 Get lost - you're lying about who you are\r\n\r\n#correu.yeloquehay.com\u00a0\u00a0 REJECT\u00a0 Get lost - you're lying about who you are\r\n\r\n#raspberrypi\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OK<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"lista_blanca\"><\/span>lista_blanca<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">pi@raspberrypi.com OK\r\n192.168.0.17 OK\r\n<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"lista_negra\"><\/span>lista_negra<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">address.to.reject@spam.com REJECT Sorry, you cannot write to this address.<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"header_checks\"><\/span>header_checks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Aqu\u00ed indicaremos que se escriban en el log todos los asuntos de los mensajes entrantes y salientes.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">#\/^(Subject: ***** SPAM )(.+)$\/ DISCARD\r\n#\/^From: .*postmaster\\@yeloquehay.com\/  OK\r\n#\/^Subject: \\*\\*\\*\\*\\* SPAM\/ REJECT SPAM confirmed, contact to postmaster@yeloquehay.com\r\n\/^subject:\/ WARN\r\n#\/^to:\/ WARN\r\n#\/^from:\/ WARN\r\n#\/^Subject:\/ WARN\r\n#\/^To:\/ WARN\r\n#\/^From:\/ WARN\r\n<\/pre>\n<p>A todos estos archivos no son consultados por Postifx cirectamente, sino que tendremos que crear el archivo .db correspondiente para que Postfix los interprete, con el comando:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">postmap nom_archivo<\/pre>\n<p>Y reiniciamos Postfix:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl reload postfix<\/pre>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"mastercf-2\"><\/span>master.cf<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ahora editamos el archivo <strong>master.cf<\/strong>, en donde empieza y monitoriza todos los procesos de Postfix. Esta configuraci\u00f3n lista todos los programas e informaci\u00f3n sobre como deber\u00edan de iniciarse.<\/p>\n<p>Primero hacemos una copia del archivo:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">cp \/etc\/postfix\/master.cf \/etc\/postfix\/master.cf.orig<\/pre>\n<p>Modificamos las siguientes l\u00edneas, dejando el resto como est\u00e1:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">#\r\n# Postfix master process configuration file.  For details on the format\r\n# of the file, see the master(5) manual page (command: \"man 5 master\" or\r\n# on-line: http:\/\/www.postfix.org\/master.5.html).\r\n#\r\n# Do not forget to execute \"postfix reload\" after editing this file.\r\n#\r\n# ==========================================================================\r\n# service type  private unpriv  chroot  wakeup  maxproc command + args\r\n#               (yes)   (yes)   (no)    (never) (100)\r\n# ==========================================================================\r\nsmtp      inet  n       -       y       -       -       smtpd\r\n#smtp      inet  n       -       y       -       1       postscreen\r\n#smtpd     pass  -       -       y       -       -       smtpd\r\n#dnsblog   unix  -       -       y       -       0       dnsblog\r\n#tlsproxy  unix  -       -       y       -       0       tlsproxy\r\nsubmission inet n       -       y       -       -       smtpd\r\n  -o syslog_name=postfix\/submission\r\n  -o smtpd_tls_security_level=encrypt\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o smtpd_sasl_type=dovecot\r\n  -o smtpd_sasl_path=private\/auth\r\n  -o smtpd_reject_unlisted_recipient=no\r\n#  -o smtpd_client_restrictions=$mua_client_restrictions\r\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\r\n#  -o smtpd_helo_restrictions=$mua_helo_restrictions\r\n#  -o smtpd_sender_restrictions=$mua_sender_restrictions\r\n#  -o smtpd_recipient_restrictions=\r\n#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\r\n  -o milter_macro_daemon_name=ORIGINATING\r\nsmtps     inet  n       -       y       -       -       smtpd\r\n  -o syslog_name=postfix\/smtps\r\n  -o smtpd_tls_wrappermode=yes\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o smtpd_sasl_type=dovecot\r\n  -o smtpd_sasl_path=private\/auth\r\n#  -o smtpd_reject_unlisted_recipient=no\r\n#  -o smtpd_client_restrictions=$mua_client_restrictions\r\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\r\n#  -o smtpd_helo_restrictions=$mua_helo_restrictions\r\n#  -o smtpd_sender_restrictions=$mua_sender_restrictions\r\n#  -o smtpd_recipient_restrictions=\r\n#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\r\n  -o milter_macro_daemon_name=ORIGINATING\r\n<\/pre>\n<p>Ahora cambiamos los permisos al directorio <strong><em>\/etc\/postfix<\/em><\/strong> con el comando:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">sudo chmod -R o-rwx \/etc\/postfix<\/pre>\n<p>Reiniciamos Postfix:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl restart postfix<\/pre>\n<hr \/>\n<h1><span class=\"ez-toc-section\" id=\"PostfixSRS\"><\/span>PostfixSRS<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Instalamos el paquete:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">apt-get install postsrsd<\/pre>\n<p>Configuramos Postfix editando el archivo <strong><em>\/etc\/postfix\/main.cf<\/em><\/strong> con las siguientes l\u00edneas:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\"># PostSRSd settings.\r\nsender_canonical_maps = tcp:localhost:10001\r\nsender_canonical_classes = envelope_sender\r\nrecipient_canonical_maps = tcp:localhost:10002\r\nrecipient_canonical_classes= envelope_recipient,header_recipient \r\n<\/pre>\n<p>Habilitamos SRS con<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl enable postsrsd<\/pre>\n<p>Reiniciamos Postfix con el comando<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl postfix reload<\/pre>\n<p>Ahora cuando se realice un reenv\u00edo o <em><strong>forward<\/strong><\/em> se escribir\u00e1 una cabecera similar a la siguiente:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">Sep  2 17:07:44 h2847530 postfix\/qmgr[4620]: C82BFD20376: from=<\/pre>\n<p><strong>&lt;SRS0=nKtb=W5=yeloquehay.com=sbrodriguez@correu2.yeloquehay.com&gt;<\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">, size=2703, nrcpt=1 (queue active)<\/pre>\n<p>Vemos como SRS modifica la direcci\u00f3n del From:<\/p>\n<blockquote><p><strong>&lt;SRS0=nKtb=W5=yeloquehay.com=sbrodriguez@correu2.yeloquehay.com&gt;<\/strong><\/p><\/blockquote>\n<p>Mirando las cabeceras del mensaje podemos ver el <em><strong>from<\/strong><\/em> real y la IP del servidor original que realiza el env\u00edo, y no el que realiza el reenv\u00edo o <em><strong>forward:<\/strong><\/em><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-637\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2019\/10\/headers.png\" alt=\"\" width=\"567\" height=\"208\" \/><\/p>\n<hr \/>\n<p>\u00cdndice general pincha <a href=\"https:\/\/blog.tiraquelibras.com\/?p=601\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">aqu\u00ed<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Esta es una entrada dentro de la serie para la instalaci\u00f3n de un servidor de correo completo. \u00cdndice completo de contenidos pincha aqu\u00ed. Postfix En<span class=\"read-more-link\"><a class=\"read-more\" href=\"https:\/\/blog.tiraquelibras.com\/?p=635\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":607,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,22],"tags":[67,66,68],"class_list":["post-635","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sistemas","category-ti","tag-forward","tag-postfix","tag-srs"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=635"}],"version-history":[{"count":0,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/635\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/media\/607"}],"wp:attachment":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}