Hello,
I'm trying to adjust my current antispam measures as they are no
longer working. I'm running postfix 2.3 on a rel5 machine. I've got the
below, which is a postconf -n output of my current configuration. To it i'd
like to add spf, and postgrey support in smtpd_recipient_restrictions after
the rbl checks, and dkim-milter last in the file. I'd appreciate any
feedback on these settings and suggested improvements if any.
Thanks.
Dave.
address_verify_map = btree:/var/spool/postfix/verified_senders
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 127.0.0.1, <External IP>
invalid_hostname_reject_code = 554
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20971520
multi_recipient_bounce_reject_code = 554
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relay_domains_reject_code = 554
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_helo_timeout = 60s
smtpd_banner = $myhostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_unverified_sender reject_unverified_recipient
reject_multi_recipient_bounce, permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, check_helo_access
hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/sender_checks, check_sender_mx_access
cidr:/etc/postfix/bogus_mx check_recipient_access
hash:/etc/postfix/recipient_access check_client_access
hash:/etc/postfix/client_checks, check_client_access
pcre:/etc/postfix/client_checks.pcre, reject_rbl_client
zen.spamhaus.org, reject_rbl_client black.uribl.com, reject_rbl_client
combined.rbl.msrbl.net, reject_rhsbl_sender dsn.rfc-ignorant.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.crt
smtpd_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
