rogv24@yahoo.com,

Here's some suggestions for a start. You can look them all up in "man 5 postconf".

The "rejectmydomains" file prevents outsiders from spoofing your domain names
(since insiders are already allowed via "permit_mynetworks".

Use of the "proxy" command speeds up Postfix.

spamhaus is the best RBL service out there. I don't like bl.spamcop.com any more
because they block some sites like yahoo and gmail relays.


# Check MAIL FROM:
smtpd_recipient_restrictions =
check_recipient_access proxy:dbm:/etc/postfix/recipients,
reject_non_fqdn_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

# Check RCPT TO:
smtpd_sender_restrictions = reject_non_fqdn_sender,
check_sender_access proxy:dbm:/etc/postfix/senders,
permit_mynetworks,
check_sender_access proxy:dbm:/etc/postfix/rejectmydomains,
reject_rhsbl_sender dns.rfc-ignorant.org,
reject_unknown_sender_domain,
permit

# Check IP address
smtpd_client_restrictions =
permit_mynetworks,
check_client_access proxy:cidr:/etc/postfix/cidr,
check_client_access proxy:dbm:/etc/postfix/access,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client korea.services.net,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client bl.csma.biz,
reject_rbl_client relays.ordb.org

# Check HELO
smtpd_helo_restrictions = check_helo_access proxy:dbm:/etc/postfix/helo,
check_helo_access proxy:dbm:/etc/postfix/access,

proxy_read_maps = proxy:dbm:/etc/postfix/recipients,
proxy:dbm:/etc/postfix/senders,
proxy:dbm:/etc/postfix/rejectmydomains,
proxy:cidr:/etc/postfix/cidr,
proxy:dbm:/etc/postfix/access,
proxy:dbm:/etc/postfix/helo

--
Greg



rogv24@yahoo.com wrote:
> I am trying to fine tune the main.cf and I am trying cut down the
> number of spam thats
> coming through.
>
> In this company so far they have in main.cf file:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_unauth_destination
> check_recipient_access dbm:$config_directory/recipient_access,
> check_client_access dbm:$config_directory/access,
> check_client_access dbm:$config_directory/helo_access,
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client bl.spamcop.net,
> check_sender_access dbm:$config_directory/spammers
> check_sender_access dbm:$config_directory/junk
> check_sender_access dbm:$config_directory/freemail_access,
> reject_unauth_pipeliningcheck_sender_access type:table
>
> # End of new
>
> I am trying to add some additional restrictions that will not impact
> the inbound/outbound emails.
>
> Does anyone know what can be SAFELY added to this file to kick out
> spammers?
>
> I pulled this info from a website will any of these ?
>
> check_sender_access type:table
> check_sender_mx_access type:table
> check_sender_ns_access type:table
> reject_authenticated_sender_login_mismatch
> reject_sender_login_mismatch
> reject_unknown_sender_domain
> reject_unlisted_sender
> reject_unverified_sender
>
> thanks
>