Hello, I'm trying to adjust my current antispam measures as they are no longer working. I'm running postfix 2.3 on a rel5 machine. I've got the below, which is a postconf -n output of my current configuration. To it i'd like to add spf, and postgrey support in smtpd_recipient_restrictions after the rbl checks, and dkim-milter last in the file. I'd appreciate any feedback on these settings and suggested improvements if any. Thanks. Dave.
address_verify_map = btree:/var/spool/postfix/verified_senders alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON home_mailbox = Maildir/ html_directory = no inet_interfaces = 127.0.0.1, <External IP> invalid_hostname_reject_code = 554 local_recipient_maps = proxy:unix:passwd.byname $alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 104857600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 20971520 multi_recipient_bounce_reject_code = 554 mydomain = example.com myhostname = mail.example.com mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 554 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains_reject_code = 554 sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop show_user_unknown_table_name = no smtp_helo_timeout = 60s smtpd_banner = $myhostname smtpd_data_restrictions = reject_unauth_pipelining smtpd_error_sleep_time = 5s smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_sender reject_unverified_recipient reject_multi_recipient_bounce, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_sender_mx_access cidr:/etc/postfix/bogus_mx check_recipient_access hash:/etc/postfix/recipient_access check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client black.uribl.com, reject_rbl_client combined.rbl.msrbl.net, reject_rhsbl_sender dsn.rfc-ignorant.org smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_soft_error_limit = 10 smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/smtp.crt smtpd_tls_CAfile = /etc/postfix/ssl/ca-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/smtp.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_uid_maps = static:5000