This site is some kind of personal database gathering notes about my day-to-day discoveries in the IT world basically about security.
While some are howtos and tips (we learn a new thing every day eh), hopefully you'll find some of them informative !

November 21, 2007

Stop SPAM Using Postfix Configuration

I assume you have a fully working mail server using Postfix. There are a lot of docs and howto to configure postfix as your mail server.

Open /etc/postfix/main.cf and place the following lines in it (replacing the respective settings if they exist):

vi /etc/postfix/main.cf

smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 reject_invalid_hostname,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_sender_domain,
 reject_unknown_recipient_domain,
 reject_unauth_pipelining,
 permit_mynetworks,
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client multi.uribl.com,
 reject_rbl_client dsn.rfc-ignorant.org,
 reject_rbl_client sbl-xbl.spamhaus.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client dnsbl.sorbs.net,
 reject_rbl_client ix.dnsbl.manitu.net,
 reject_rbl_client combined.rbl.msrbl.net,
 reject_rbl_client rabl.nuclearelephant.com,
 reject_rbl_client list.dsbl.org,
 reject_rbl_client sbl.spamhaus.org,
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client dul.dnsbl.sorbs.net,
 reject_rbl_client multihop.dsbl.org,
 reject_rbl_client unconfirmed.dsbl.org
 reject_rbl_client relays.ordb.org,
 permit

This just tell Postfix to check those website if it is listed on their spam database before sending out to the users.

Anti-spam blacklist
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_sender_restrictions = reject_unknown_address
smtpd_helo_restrictions =
 permit_mynetworks,
 reject_non_fqdn_hostname,
 reject_invalid_hostname,
 permit
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code =554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
Also force Postfix to limit incoming or receiving email rate to avoid spam.
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Just put this in your main.cf and restart Postfix. I have 250+ users and this configuration block over 1500+ spam emails a day.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)