[CentOS] postfix and spam, I am impressed
Patrick Lists
centos-list at puzzled.xs4all.nl
Mon Mar 12 22:15:45 UTC 2012
On 12-03-12 22:12, Bob Hoffman wrote:
[snip]
> Not sure if this setup is perfect, but it is working quite well. Yes,
> the mail takes a few seconds longer and there is probably more I could
> do, but this ROCKS!!!
Totally agree. I'm definitely not a postfix expert but below I have
listed some rules I have in my config.
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
I also have:
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
> smtpd_client_restrictions = permit_mynetworks,permit
In smtpd_client_restrictions I have:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
check_client_access pcre:/etc/postfix/dynamic_ip_client_block,
reject_rbl_client bl.spameatingmonkey.net,
reject_rhsbl_sender uribl.spameatingmonkey.net,
reject_rhsbl_client uribl.spameatingmonkey.net,
reject_rhsbl_sender urired.spameatingmonkey.net,
reject_rhsbl_client urired.spameatingmonkey.net,
reject_rbl_client zen.spamhaus.org
The dynamic IP client list is quite effective. You can get the file:
wget -v http://www.hardwarefreak.com/fqrdns.pcre
> smtpd_helo_restrictions =
> permit_mynetworks,
> reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> permit
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> permit
In smtpd_sender_restrictions I also use
reject_rhsbl_sender fresh15.spameatingmonkey.net
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_invalid_hostname,
> reject_unauth_pipelining,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client truncate.gbudb.net,
> reject_rbl_client dnsbl.njabl.org
> reject_rbl_client cbl.abuseat.org
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client dnsbl.sorbs.net,
> sleep 1,
> permit
>
> smtpd_data_restrictions =
> permit_mynetworks,
> reject_multi_recipient_bounce,
> permit
Not sure if these rules are correct. I only have
smtpd_data_restrictions =
reject_unauth_pipelining
On my CentOS 5 box I don't user "permit" at all.
Regards,
Patrick
More information about the CentOS
mailing list