Linux/Mailserver/Internet Site

From Wiki
< Linux‎ | Mailserver
Revision as of 20:13, 5 September 2016 by Marcluer (talk | contribs)

Requirements

  • Ubuntu 16.04
  • server with static ip
  • control of dns entries

Spam filtering

  • edit /etc/postfix/main.cf
# Restrictions in order: client, helo, sender, relay/recipient
smtpd_client_restrictions = 
        permit_mynetworks,
        reject_unauth_pipelining,
smtpd_helo_required = yes
smtpd_helo_restrictions = 
        permit_mynetworks,
        reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
smtpd_sender_restrictions = 
        permit_mynetworks,
        reject_non_fqdn_sender, reject_unknown_sender_domain,
    check_sender_access hash:/etc/postfix/sender_access,
# Reject destination we're not responsible for, limit abuse or
# prevent postfix become an open relay. (version >= 2.10 required)
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
    reject_unauth_destination,
smtpd_recipient_restrictions =
    # General rules
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    # Our users
    permit_mynetworks,
    permit_sasl_authenticated,
    # Spam filters
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rhsbl_reverse_client dbl.spamhaus.org,
    reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org,
    # This should be next-to-last
    check_policy_service unix:private/postgrey,
    permit


Postgrey

  • install
apt install postgrey  
  • edit /etc/default/postgrey
POSTGREY_OPTS="--inet=10023 --delay=60"
  • restart
systemctl restart postgrey
  • edit /etc/postfix/main.cf
smtpd_recipient_restrictions =
    ...
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    ...
    check_policy_service inet:127.0.0.1:10023
    ...
    permit