We are covering the next points:
- Change Max connections settings
- Secure and avoid spamming
- Customize error and bounce messages
- Change the SSL certificate
Changing max connections to allow several computers from a same office IP address:
Find next vars and edit them, these values are pretty nice for a quad core server with 8GB RAM and 10-25 domains and 5 email accounts per domain.
MAXDAEMONS = 120
MAXPERIP = 40
To edit Postfix config and secure the server:
#The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. The time un it is specified with the anvil_rate_time_unit configuration parameter.
smtpd_client_message_rate_limit = 40
# The maximum number of recipient addresses that an SMTP client may specify in the time interval specified with anvil_rate_time_unit (default: 60s).
smtpd_client_recipient_rate_limit = 30
# The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. (default:1000).
smtpd_recipient_limit = 30
# Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages.
smtpd_reject_unlisted_recipient = yes
# Request that the Postfix SMTP server rejects mail from unknown sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. This can slow down an explosion of forged mail from worms or viruses.
smtpd_reject_unlisted_sender = yes
#Edit default error message for email clients
smtpd_reject_footer = For assistance, contact us at support@YOURDOMAIN.com.
Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name).
Customise postfix Delivery error messages:
Copy this template http://pastebin.com/rhvwnFxT into for example /etc/postfix/bounce.custom.cf
Finally just set the var
bounce_template_file = /etc/postfix/bounce.custom.cf
To Change the SSL certificate:
It is a good idea since a signed certificate can be found nowadays from 5-10$ a year.
Create your pem file and copy it to the following routes: (to create a PEM file, just paste yuor CSR, CRT, CA and CA2 in a file with .pem extension)
service postfix restart