Bonjour,
certains des mails que j’envoie à partir de mon serveur sont considérés comme spam.
Fait étrange, la dernière fois que j’ai écrit sur une adresse gmail : aucun souci. Aujourd’hui, un autre mail a été classé en spam.
Voici les configs de postfix et dovecot :
[code]## Dovecot configuration file
listen =*
If you’re in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
“doveconf -n” command gives a clean output of the changed settings. Use it
instead of copy&pasting files when posting to the Dovecot mailing list.
‘#’ character and everything after it is treated as comments. Extra spaces
and tabs are ignored. If you want to use either of these explicitly, put the
value inside quotes, eg.: key = "# char and trailing whitespace "
Default values are shown for each setting, it’s not required to uncomment
those. These are exceptions to this though: No sections (e.g. namespace {})
or plugin settings are added by default, they’re listed only as examples.
Paths are also just examples with the real defaults being based on configure
options. The paths listed here are for configure --prefix=/usr
–sysconfdir=/etc --localstatedir=/var
Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
A comma separated list of IPs or hosts where to listen in for connections.
“*” listens in all IPv4 interfaces, “::” listens in all IPv6 interfaces.
If you want to specify non-default ports or anything more complex,
edit conf.d/master.conf.
#listen = *, ::
Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
Name of this instance. In multi-instance setup doveadm and other commands
can use -i <instance_name> to select which instance is used (an alternative
to -c <config_path>). The instance name is also added to Dovecot processes
in ps output.
#instance_name = dovecot
Greeting message for clients.
#login_greeting = Dovecot ready.
Space separated list of trusted network ranges. Connections from these
IPs are allowed to override their IP addresses and ports (for logging and
for authentication checks). disable_plaintext_auth is also ignored for
these networks. Typically you’d specify your IMAP proxy servers here.
#login_trusted_networks =
Sepace separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
With proxy_maybe=yes if proxy destination matches any of these IPs, don’t do
proxying. This isn’t necessary normally, but may be useful if the destination
IP is e.g. a load balancer’s IP.
#auth_proxy_self =
Show more verbose process titles (in ps). Currently shows user name and
IP address. Useful for seeing who are actually using the IMAP processes
(eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
Should all processes be killed when Dovecot master process shuts down.
Setting this to “no” means that Dovecot can be upgraded without
forcing existing client connections to close (although that could also be
a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
If non-zero, run mail commands via this many connections to doveadm server,
instead of running them directly in the same process.
#doveadm_worker_count = 0
UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
Space separated list of environment variables that are preserved on Dovecot
startup and passed down to all of its child processes. You can also give
key=value pairs to always set specific settings.
#import_environment = TZ
Dictionary server settings
Dictionary can be used to store key=value lists. This is used by several
plugins. The dictionary can be accessed either directly or though a
dictionary server. The following dict block maps dictionary names to URIs
when the server is used. These can then be referenced using URIs in format
“proxy::”.
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
Most of the actual configuration gets included below. The filenames are
first sorted by their ASCII value and parsed in that order. The 00-prefixes
in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
A config file can also tried to be included without giving an error if
it’s not found:
!include_try local.conf
mail_location = maildir:~/Maildir
protocols = imap
disable_plaintext_auth = yes
ssl = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
}
[/code]
[code]# See /usr/share/postfix/main.cf.dist for a commented, more complete version
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
#myorigin = /det/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
appending .domain is the MUA’s job.
append_dot_mydomain = no
Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
readme_directory = no
TLS parameters
smtp_use_tls=yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
myhostname = yeuxdelibad.net
mydomain = yeuxdelibad.net
myorigin = /etc/mailname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost, localhost.$myhostname
relayhost =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#inet_protocols = all
inet_protocols = ipv4
smtpd_sasl_auth_enable = yes
Utiliser le service d’identification de Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Noter dans les en-tête des messages l’identifiant de l’utilisateur.
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = yeuxdelibad.net
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
home_mailbox = Maildir/
ANTISPAM
Règles pour accepter ou refuser une connexion :
- on attend une seconde (pour piéger les zombies) ;
- on interdit la parallélisation là où il n’est pas sensé y en avoir.
smtpd_client_restrictions =
permit_mynetworks, permit_sasl_authenticated,
sleep 1, reject_unauth_pipelining
Règles pour accepter ou refuser un message, dès lors qu’on connaît l’adresse
de l’expéditeur :
- s’il vient d’un expéditeur inexistant de notre domaine, on le rejette ;
- si le domaine de l’expéditeur n’a pas d’IP ou de MX, on le refuse ;
- s’il vient d’un client sûr ou d’un client authentifié, on l’accepte ;
- si l’adresse de l’expéditeur n’est pas sous forme canonique, on le refuse.
smtpd_sender_restrictions =
reject_unlisted_sender, reject_unknown_sender_domain,
permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_sender
Règles pour accepter ou refuser un message, dès lors qu’on connaît le
destinataire (par la commande RCPT TO) :
- s’il est destiné à un expéditeur forgé chez nous, on le rejette ;
- s’il est destiné à un domaine forgé, on le rejette ;
- s’il vient d’un hôte sûr ou d’un client authentifié, on l’accepte ;
- si l’adresse de destination n’est pas sous forme canonique, on le refuse ;
- finalement, s’il n’est pas destiné à un domaine que l’on gère ou pour
lequel on relaie, on le refuse.
smtpd_recipient_restrictions =
reject_unlisted_recipient, reject_unknown_recipient_domain,
permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
permit
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
mynetworks = 127.0.0.0/8 192.168.1.0/24
[/code]