Hello All,
I am new to the list and this is my first post. I have a postfix server that
is
receiving a big number of spam. I already have spamassassin, amavisd-new
and a number of configs in postfix that are blocking a huge number, but then
I was looking for something to help me diminish the passing spams. Comes
postscreen.
I understand that a great number of chekings that are already been done by
postfix can be relayed to postscreen. My postfix main.cf is at the end of
this
post.
What is not clear for me is: do I need to change my main.cf in order to run
postscreen and do not duplicate its functionality in postfix?
It seems to me that smtpd_hard_error_limit, smtpd_helo_required and other
configs may just be removed from main.cf, but I am not sure and I would not
like to do it in production site...
Also I could not find any HOWTO that spoke clearly about the issue... If any
of you can help with that too I will be very grateful.
8<--------------------
soft_bounce = yes
biff = no
maximum_queue_lifetime = 2h
default_destination_concurrency_limit = 50
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
local_recipient_maps =
smtpd_hard_error_limit = ${stress?1}${stress:4}
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
header_checks = pcre:/etc/postfix/header_checks.pcre
smtpd_client_restrictions =
reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname,
check_client_access pcre:/etc/postfix/accepted-servers.pcre,
check_client_access pcre:/etc/postfix/blocked-servers.pcre,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net,
permit
smtpd_helo_restrictions =
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
check_helo_access hash:/etc/postfix/helo_checks,
permit
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/whitelist,
check_sender_access pcre:/etc/postfix/frequently_forged_senders.pcre,
check_sender_access pcre:/etc/postfix/blocked-senders.pcre,
check_sender_access hash:/etc/postfix/blocked-senders,
check_sender_access hash:/etc/postfix/blocked-domains,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_policy_service inet:127.0.0.1:10031,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_banner = $mydomain ESMTP Server
smtpd_client_restrictions =
reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname,
check_client_access pcre:/etc/postfix/accepted-servers.pcre,
check_client_access pcre:/etc/postfix/blocked-servers.pcre,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net,
permit
smtpd_helo_restrictions =
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
check_helo_access hash:/etc/postfix/helo_checks,
permit
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/whitelist,
check_sender_access pcre:/etc/postfix/frequently_forged_senders.pcre,
check_sender_access pcre:/etc/postfix/blocked-senders.pcre,
check_sender_access hash:/etc/postfix/blocked-senders,
check_sender_access hash:/etc/postfix/blocked-domains,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_policy_service inet:127.0.0.1:10031,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
8<--------------------
Many thanks!
Fernando Maior
