Hi postfix profis,
I'm running postfix 2.1.5-9 for several domains. Of course it handles the
workload with ease, but when I tail the mail.log the screen scrolls
constantly as it's just rejecting spam every second. The good thing is that
all these accesses are rejected, and logged. Also good is that postfix seems
to do most of the rejecting before handing off to amavis-new, for example, so
the CPU is used fairly efficiently I suspect. The bad thing is that this
still seems as though this amount of data processing must surely be excessive
for just a couple of domains, and and I'm wondering if I can reduce that
overhead any more. I've attached my main and master cf's and a few hundred
lines of mail.log output which shows less than one minutes worth of logging,
with the vain hope that someone might have some constructive criticisms to
offer with which to improve this setup.
Thanks in advance for any (helpful ;) comments.
--
Richard Foley
Ciao - shorter than aufwiedersehen
http://www.rfi.net/
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#
# postfix config - postfix reload
#
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
append_at_myorigin = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
myhostname = blix.rfi.net
mydomain = rfi.net
# alias_maps = pcre:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
alias_database = alias_maps
myorigin = /etc/mailname
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8, 195.10.223.184
mailbox_size_limit = 0
home_mailbox = mbox
# mailbox_command =
mailbox_command = /usr/bin/procmail -t
recipient_delimiter = +
inet_interfaces = all
# rfi
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = pcre:/etc/postfix/virtual_alias_maps
# relay_domains = lists.nakedeurope.org
# mailman
# transport_maps = hash:/etc/postfix/transport
# mailman_destination_recipient_limit = 1
# sasl
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# clamav + spamassassin
# content_filter = smtp-amavis:[127.0.0.1]:10024
content_filter = amavisfeed:[127.0.0.1]:10024
# receive_override_options = no_address_mappings
# http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
parent_domain_matches_subdomains = smtpd_access_maps
header_checks = pcre:/etc/postfix/header_checks
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
# body_checks = pcre:/etc/postfix/body_checks
smtpd_data_restrictions =
reject_unauth_pipelining
permit
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_rhsbl_sender dsn.rfc-ignorant.org
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_recipient_access pcre:/etc/postfix/recipient_checks
reject_multi_recipient_bounce
check_helo_access hash:/etc/postfix/helo_checks
reject_non_fqdn_hostname
reject_invalid_hostname
check_sender_access hash:/etc/postfix/sender_checks
check_client_access pcre:/etc/postfix/client_checks
# reject_rbl_client cbl.abuseat.org
# reject_rbl_client list.dsbl.org
# reject_rbl_client sbl.spamhaus.org
# reject_rbl_client pbl.spamhaus.org
# NB. zen.spamhaus incorporates the CBL list from abuseat.org, as well as
all
# the zen.spamhaus.org SBL/XBL/PBL lists
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.njabl.org
permit
#
# Postfix master process configuration file. Each logical line
# describes how a Postfix daemon program should be run.
#
# A logical line starts with non-whitespace, non-comment text.
# Empty lines and whitespace-only lines are ignored, as are comment
# lines whose first non-whitespace character is a `#'.
# A line that starts with whitespace continues a logical line.
#
# The fields that make up each line are described below. A - field
# value requests that a default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next