Configure the mail server settings.
warden --task=mailserver:mailserver
Option |
Value | Default | Description |
|---|---|---|---|
--smtpd_helo_required |
<yes|no> | yes | Require that a remote SMTP client introduces itself with the HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. This is required when using smtpd_helo_restrictions otherwise clients would be able to bypass those restrictions. |
--smtpd_client_restrictions |
<string1,string2> | permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname | Restrictions that the Postfix SMTP server applies in the context of a client connection request. Mail rejected by these restrictions can be found under Logs -> Reject Log -> Client host rejected. |
--smtpd_helo_restrictions |
<string1,string2> | permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname | Restrictions that the Postfix SMTP server applies in the context of a client HELO/EHLO command. Mail rejected by these restrictions can be found under Logs -> Reject Log -> Helo command rejected. |
--smtpd_sender_restrictions |
<string1,string2> | check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_unknown_sender_domain | Restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. Mail rejected by these restrictions can be found under Logs -> Reject Log -> Sender address rejected. |
--smtpd_recipient_restrictions |
<string1,string2> | permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain | Restrictions that the Postfix SMTP server applies in the context of a client RCPT TO command, after smtpd_relay_restrictions. Mail rejected by these restrictions can be found under Logs -> Reject Log -> Recipient address rejected. |
--smtpd_data_restrictions |
<string1,string2> | permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining | Restrictions that the Postfix SMTP server applies in the context of the SMTP DATA command. Mail rejected by these restrictions can be found under Logs -> Reject Log -> Data command rejected. |
--unknown_client_reject_code |
<digit> | 550 | The numerical SMTP server response code when a client without valid address <=> name mapping is rejected by the reject_unknown_client restriction. The SMTP server always replies with 450 when the mapping failed due to a temporary error condition. |
--unknown_address_reject_code |
<digit> | 550 | The numerical SMTP server response code when a sender or recipient address is rejected by the reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. |
--dnsbl |
<1|0> | 0 | Enable or disable the spam protection based on DNS blackhole lists. |
--dnsbl_sites |
<string1,string2> | A list of DNS block lists to use for spam protection. | |
--postscreen |
<1|0> | 0 | Enable or disable the Postscreen spambot protection service. Remember that mail clients will not be permitted to send though port 25 when Postscreen is enabled so make sure that all of your mail clients are sending using the submission port 587 before enabling it. |
--postscreen_dnsbl_sites |
<string1,string2> | A list of DNS white/blacklist domains, filters and weight factors. When the list is non-empty, the dnsblog daemon will query these domains with the IP addresses of remote SMTP clients, and postscreen will update an SMTP clients DNSBL score with each non-error reply. Caution: when postscreen rejects mail, it replies with the DNSBL domain name. Use the postscreen_dnsbl_reply_map feature to hide API key information in DNSBL domain names. | |
--postscreen_dnsbl_reply_map |
<string> | A mapping from an actual DNSBL domain name which includes a secret password or API key, to the DNSBL domain name that postscreen will reply with when it rejects mail. When no mapping is found, the actual DNSBL domain will be used. For maximal stability it is best to use a file that is read into memory such as pcre:, regexp: or texthash: | |
--postscreen_access_list |
<string> | permit_mynetworks | A permanent allow/denylist for remote SMTP client IP addresses. |
--postscreen_greet_action |
<enforce|drop|ignore> | enforce | The action that postscreen takes when an SMTP client speaks before its turn within the time specified. |
--postscreen_dnsbl_action |
<enforce|drop|ignore> | enforce | The action that postscreen takes when an SMTP clients combined DNSBL score is equal to or greater than a threshold. |
--postscreen_blacklist_action |
<enforce|drop|ignore> | enforce | The action that postscreen takes when an SMTP client is permanently denied with the Postcreen access list. |
--postscreen_dnsbl_threshold |
<int> | 1 | The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score as defined with the postscreen_dnsbl_sites parameter. |
--postscreen_dnsbl_whitelist_threshold |
<int> | 0 | Allow a remote SMTP client to skip "before" and "after 220 greeting" protocol tests, based on its combined DNSBL score as defined with the postscreen_dnsbl_sites parameter. Specify a negative value to enable this feature. When a client passes the postscreen_dnsbl_allowlist_threshold without having failed other tests, all pending or disabled tests are flagged as completed with an expiration time based on the DNS reply TTL. When a test was already completed, its expiration time is updated if it was less than the value based on the DNS reply TTL. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--reload |
<yes> | Reload the service after saving settings. |
// enable Postscreen and set the Postscreen DNSBLs
warden --task=mailserver:mailserver --postscreen=1 --postscreen_dnsbl_sites='b.barracudacentral.org,psbl.surriel.com' --reload=yes
// turn off Postscreen
warden --task=mailserver:mailserver --postscreen=0 --reload=yes
// reset all settings to defaults
warden --task=mailserver:mailserver -default=yes --reload=yes