Linux/Mailserver/Internet Site: Difference between revisions

From Wiki
Line 39: Line 39:
         reject_rhsbl_helo dbl.spamhaus.org,
         reject_rhsbl_helo dbl.spamhaus.org,
         reject_rhsbl_sender dbl.spamhaus.org,
         reject_rhsbl_sender dbl.spamhaus.org,
         check_policy_service inet:127.0.0.1:10023
        check_policy_service inet:127.0.0.1:10022,
            # check SPF of remote mail server
         check_policy_service inet:127.0.0.1:10023,
             # check with postgrey     
             # check with postgrey     
         permit
         permit

Revision as of 20:38, 5 September 2016

Requirements

  • Ubuntu 16.04
  • server with static ip
  • control of dns entries

Spam filtering

  • edit /etc/postfix/main.cf
smtpd_client_restrictions = 
        permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_pipelining,

smtpd_helo_required = yes
smtpd_helo_restrictions = 
        permit_mynetworks,
        reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname

smtpd_sender_restrictions = 
        permit_mynetworks,
        reject_non_fqdn_sender, reject_unknown_sender_domain,

smtpd_relay_restrictions = 
        permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_destination,

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        permit_mynetworks,
        reject_rbl_client zen.spamhaus.org,
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_helo dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        check_policy_service inet:127.0.0.1:10022,
            # check SPF of remote mail server
        check_policy_service inet:127.0.0.1:10023,
            # check with postgrey    
        permit


Postgrey

  • install
apt install postgrey  
  • edit /etc/default/postgrey
POSTGREY_OPTS="--inet=10023 --delay=60"
  • restart
systemctl restart postgrey