As mail is critical (and complicated) I propose to not make an easyhack out of this
Anyways, here's my docs:
main.cf:
REMOVE: check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023,
smtpd_tls_received_header = yes
postscreen_access_list = permit_mynetworks
postscreen_blacklist_action = drop
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*1, b.barracudacentral.org*1, bl.mailspike.net*1
postscreen_dnsbl_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_action = enforce
postscreen_bare_newline_enable = no
#postscreen_bare_newline_action = enforce
postscreen_bare_newline_action = ignore
postscreen_pipelining_enable = no
#postscreen_pipelining_action = enforce
postscreen_pipelining_action = ignore
postscreen_non_smtp_command_enable = no
#postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_action = ignore
master.cf:
might also be doable via - untested - sed 's,^smtp .*smtpd$,#&,;/\(smtpd .*pass\|postscreen\|dnsblog\|tlsproxy\)/s/^#//' /etc/postfix/master.cf
Comment out the "smtp inet ... smtpd" service in master.cf, including any "-o parameter=value" entries that follow.
/etc/postfix/master.cf:
#smtp inet n - n - - smtpd
# -o parameter=value ...
Uncomment the new "smtpd pass ... smtpd" service in master.cf, and duplicate any "-o parameter=value" entries from the smtpd service that was commented out in the previous step.
/etc/postfix/master.cf:
smtpd pass - - n - - smtpd
-o parameter=value ...
Uncomment the new "smtp inet ... postscreen" service in master.cf.
/etc/postfix/master.cf:
smtp inet n - n - 1 postscreen
Uncomment the new "tlsproxy unix ... tlsproxy" service in master.cf. This service implements STARTTLS support for postscreen(8).
/etc/postfix/master.cf:
tlsproxy unix - - n - 0 tlsproxy
Uncomment the new "dnsblog unix ... dnsblog" service in master.cf. This service does DNSBL lookups for postscreen(8) and logs results.
/etc/postfix/master.cf:
dnsblog unix - - n - 0 dnsblog