Linux/Mailserver/Internet Site
< Linux | Mailserver
Requirements
- Ubuntu 16.04
- server with static ip
- control of dns entries
Spam filtering
- edit /etc/postfix/main.cf
# Restrictions in order: client, helo, sender, relay/recipient smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining, smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, # Reject destination we're not responsible for, limit abuse or # prevent postfix become an open relay. (version >= 2.10 required) smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, smtpd_recipient_restrictions = # General rules reject_non_fqdn_recipient, reject_unknown_recipient_domain, # Our users permit_mynetworks, permit_sasl_authenticated, # Spam filters reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, # This should be next-to-last check_policy_service unix:private/postgrey, permit
Postgrey
- install
apt install postgrey
- edit /etc/default/postgrey
POSTGREY_OPTS="--inet=10023 --delay=60"
- restart
systemctl restart postgrey
- edit /etc/postfix/main.cf
smtpd_recipient_restrictions = ... permit_sasl_authenticated permit_mynetworks reject_unauth_destination ... check_policy_service inet:127.0.0.1:10023 ... permit