[CentOS] postfix and spam, I am impressed

Bob Hoffman bob at bobhoffman.com
Mon Mar 12 17:12:13 EDT 2012


I have had the same email address since 1997 (when microsoft stole 
bob.com from me thanks to network solutions...)

In the early days I of course was free with my email and used it everwhere.
Fast forward to 2012, some 15 years later.

woof..the amount of spam sent to me has always just kept getting worse 
and worse.

On my centos 5 server I just used sendmail with spamassassin and it 
killed a lot. Still, 100s, sometimes more made it through. Then 
thunderbird would weed out more, learned as it went...
Still, had an inbox with a lot of junk.

Now I have set up a centos 6 box using postfix. Today I decided to try 
to add smtpd restrictions. After a lot of reading and testing I 'seem' 
to be doing incredible.
I wanted to share my current working postfix smtpd restrictions area so 
that others who are interested can start with it.

I just added the helo and sender restrictions and have noticed no 
problems yet.
There were many things some sites said to add, but they killed some very 
legitimate mail.

So...yesterday a few hundred mails in my box as usual. Plus I set up 
procmail to not delete spam so I could test. That gave me hundreds more....

30 minutes since putting this up I went from 1 every few seconds to 1 in 
30 minutes. And that was tagged by spamassassin as spam. 1.

Not sure if this setup is perfect, but it is working quite well. Yes, 
the mail takes a few seconds longer and there is probably more I could 
do, but this ROCKS!!!

smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_client_restrictions = permit_mynetworks,permit

smtpd_helo_restrictions =
     permit_mynetworks,
     reject_non_fqdn_helo_hostname,
     reject_invalid_helo_hostname,
     permit

smtpd_sender_restrictions =
     permit_mynetworks,
     reject_non_fqdn_sender,
     reject_unknown_sender_domain,
     permit

smtpd_recipient_restrictions =
     reject_non_fqdn_recipient,
     reject_unknown_recipient_domain,
     permit_mynetworks,
     permit_sasl_authenticated,
     reject_unauth_destination,
     reject_invalid_hostname,
     reject_unauth_pipelining,
     reject_rbl_client zen.spamhaus.org,
     reject_rbl_client truncate.gbudb.net,
     reject_rbl_client dnsbl.njabl.org
     reject_rbl_client cbl.abuseat.org
     reject_rbl_client bl.spamcop.net,
     reject_rbl_client dnsbl.sorbs.net,
     sleep 1,
      permit

smtpd_data_restrictions =
      permit_mynetworks,
      reject_multi_recipient_bounce,
     permit



More information about the CentOS mailing list