[CentOS] Q's about switching from sendmail to postfix

Sun Mar 5 14:01:20 UTC 2006
Patrick <centos at puzzled.xs4all.nl>

On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote:
> 	Anyway, I want to try swapping out sendmail for postfix to see if that
> makes any kind of difference.  Now, I promise to hit the HOW-TO's and
> FAQ's and google/A9 myself blue in the face, but if someone has already
> done this could you kindly post a quick message with any "gotchas" you
> found or any config issues you ran into it would be greatly appreciated.

Did this a while back. I used the basic sendmail+spamassassin setup that
comes with FC4 and decided to move to Postfix because I wanted more
powerful tools to fight spam. First thing I did was buy "the definitive
guide" postfix book from Kyle Dent. There is now also another book
called "the book of postfix" by Hildebrandt and Koetter. Dunno which is
better. I enjoyed reading Kyle's book and it was very helpful.

Next, I googled for "postfix amavis clamav pyzor razor dcc" and found
two links that were very useful (not at home right now and couldn't find
the links. They were aimed at FC4 iirc). I grabbed a box not doing any
mail stuff to setup the postifx-amavis-clamav-pyzor-razor-dcc combo and
worked from there. Once I had the setup I wanted I moved it over to the
mailserver. Don't throw away your sendmail setup. If things go wrong you
want the ability to move back and continue to receive mail while you
figure out how to fix the postfix problem.

I found that postfix is very powerful when it comes to fighting spam.
Very useful was how to block spammers from Korea and China (see
http://www.fadden.com/techmisc/asian-spam.htm). And I'm adding more
rogue networks like rima-tde.net, RoadRunner, Verizon, Comcast,
Shawcable, etc. I also block broadband networks in Eastern Europe the
moment they hit me with spam and South America (Brasil and Mexico) are
growing on my blocklist too.

Something like this works quite good (in /etc/postfix/main.cf):

smtpd_client_restrictions =
        permit_mynetworks,
        check_client_access cidr:/etc/postfix/sinokorea.cidr,
        check_client_access cidr:/etc/postfix/bans.cidr,
        check_client_access cidr:/etc/postfix/comcast.cidr,
        check_client_access cidr:/etc/postfix/shawcable.cidr,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client virbl.dnsbl.bit.nl,
        reject_rbl_client dnsbl.njabl.org,
        reject_rhsbl_sender dsn.rfc-ignorant.org

My spam is down about 75%. The remaining 25% is caused by an upstream
ISP relay that does not filter as aggressive as I would like to. Soon
this will change as I will take out the relay and be primary MX for that
part too. Hopefully this will drop spam to < 1%.

Good luck!

Regards,
Patrick