Postfix Anti-Spam Example

Now that we’ve covered the many aspects of Postfix’s anti-spam arsenal, we’ll finish with an example configuration. Requirements vary considerably from site to site, so it’s impossible to make actual recommendations apart from the considerations that have been discussed in this chapter. Example 11-2 can provide a starting point, but you must decide for yourself which restrictions fit your own circumstances.

Example 11-2. Sample restrictions to block UBE
smtpd_restriction_classes =
        spamlover
        spamhater

spamhater =
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_unknown_sender_domain
        reject_rbl_client nospam.example.com

spamlover = permit

smtpd_helo_required = yes
smtpd_client_restrictions =
             check_client_access hash:/etc/postfix/client_access
smtpd_helo_restrictions =
        reject_invalid_hostname
        check_helo_access hash:/etc/postfix/helo_access
smtpd_sender_restrictions =
        reject_non_fqdn_sender
        reject_unknown_sender_domain
        check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        reject_unknown_recipient_domain
smtpd_data_restrictions =
        reject_unauth_pipelining
header_checks = /etc/postfix/header_checks
body_checks = /etc/postfix/body_checks

You should enter IP and email addresses into the access tables from messages you receive that you have identified as spam. It’s very difficult to block a lot of spam with the check_helo_access and check_sender_access restrictions ...

Get Postfix: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial