Re: [CentOS] postfix and spam, I am impressed

On 12-03-12 22:12, Bob Hoffman wrote: [snip]

Not sure if this setup is perfect, but it is working quite well. Yes, the mail takes a few seconds longer and there is probably more I could do, but this ROCKS!!!

Totally agree. I'm definitely not a postfix expert but below I have listed some rules I have in my config.

smtpd_delay_reject = yes smtpd_helo_required = yes

I also have: disable_vrfy_command = yes strict_rfc821_envelopes = yes

smtpd_client_restrictions = permit_mynetworks,permit

In smtpd_client_restrictions I have:

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, check_client_access pcre:/etc/postfix/dynamic_ip_client_block, reject_rbl_client bl.spameatingmonkey.net, reject_rhsbl_sender uribl.spameatingmonkey.net, reject_rhsbl_client uribl.spameatingmonkey.net, reject_rhsbl_sender urired.spameatingmonkey.net, reject_rhsbl_client urired.spameatingmonkey.net, reject_rbl_client zen.spamhaus.org

The dynamic IP client list is quite effective. You can get the file: wget -v http://www.hardwarefreak.com/fqrdns.pcre

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit

In smtpd_sender_restrictions I also use

reject_rhsbl_sender fresh15.spameatingmonkey.net

smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client dnsbl.njabl.org reject_rbl_client cbl.abuseat.org reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, sleep 1, permit

smtpd_data_restrictions = permit_mynetworks, reject_multi_recipient_bounce, permit

Not sure if these rules are correct. I only have

smtpd_data_restrictions = reject_unauth_pipelining

On my CentOS 5 box I don't user "permit" at all.

Regards, Patrick