Linux/Mailserver/Internet Site: Difference between revisions
< Linux | Mailserver
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
* server with static ip | * server with static ip | ||
* control of dns entries | * control of dns entries | ||
= Spam filtering = | |||
* edit /etc/postfix/main.cf | |||
<blockquote> | |||
<pre> | |||
# Restrictions in order: client, helo, sender, relay/recipient | |||
smtpd_client_restrictions = | |||
permit_mynetworks, | |||
reject_unauth_pipelining, | |||
smtpd_helo_required = yes | |||
smtpd_helo_restrictions = | |||
permit_mynetworks, | |||
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, | |||
smtpd_sender_restrictions = | |||
permit_mynetworks, | |||
reject_non_fqdn_sender, reject_unknown_sender_domain, | |||
check_sender_access hash:/etc/postfix/sender_access, | |||
# Reject destination we're not responsible for, limit abuse or | |||
# prevent postfix become an open relay. (version >= 2.10 required) | |||
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, | |||
reject_unauth_destination, | |||
smtpd_recipient_restrictions = | |||
# General rules | |||
reject_non_fqdn_recipient, | |||
reject_unknown_recipient_domain, | |||
# Our users | |||
permit_mynetworks, | |||
permit_sasl_authenticated, | |||
# Spam filters | |||
reject_rbl_client zen.spamhaus.org, | |||
reject_rbl_client dnsbl.sorbs.net, | |||
reject_rhsbl_reverse_client dbl.spamhaus.org, | |||
reject_rhsbl_helo dbl.spamhaus.org, | |||
reject_rhsbl_sender dbl.spamhaus.org, | |||
# This should be next-to-last | |||
check_policy_service unix:private/postgrey, | |||
permit | |||
</pre> | |||
</blockquote> | |||
== Postgrey == | == Postgrey == | ||
Revision as of 20:13, 5 September 2016
Requirements
- Ubuntu 16.04
- server with static ip
- control of dns entries
Spam filtering
- edit /etc/postfix/main.cf
# Restrictions in order: client, helo, sender, relay/recipient
smtpd_client_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access,
# Reject destination we're not responsible for, limit abuse or
# prevent postfix become an open relay. (version >= 2.10 required)
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination,
smtpd_recipient_restrictions =
# General rules
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
# Our users
permit_mynetworks,
permit_sasl_authenticated,
# Spam filters
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
# This should be next-to-last
check_policy_service unix:private/postgrey,
permit
Postgrey
- install
apt install postgrey
- edit /etc/default/postgrey
POSTGREY_OPTS="--inet=10023 --delay=60"
- restart
systemctl restart postgrey
- edit /etc/postfix/main.cf
smtpd_recipient_restrictions =
...
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
...
check_policy_service inet:127.0.0.1:10023
...
permit