I am trying to fine tune the main.cf and I am trying cut down the
number of spam thats
coming through.

In this company so far they have in main.cf file:

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
check_recipient_access dbm:$config_directory/recipient_access,
check_client_access dbm:$config_directory/access,
check_client_access dbm:$config_directory/helo_access,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client bl.spamcop.net,
check_sender_access dbm:$config_directory/spammers
check_sender_access dbm:$config_directory/junk
check_sender_access dbm:$config_directory/freemail_access,
reject_unauth_pipeliningcheck_sender_access type:table

# End of new

I am trying to add some additional restrictions that will not impact
the inbound/outbound emails.

Does anyone know what can be SAFELY added to this file to kick out
spammers?

I pulled this info from a website will any of these ?

check_sender_access type:table
check_sender_mx_access type:table
check_sender_ns_access type:table
reject_authenticated_sender_login_mismatch
reject_sender_login_mismatch
reject_unknown_sender_domain
reject_unlisted_sender
reject_unverified_sender

thanks

rogv24@yahoo.com,

Here's some suggestions for a start. You can look them all up in "man 5 postconf".

The "rejectmydomains" file prevents outsiders from spoofing your domain names
(since insiders are already allowed via "permit_mynetworks".

Use of the "proxy" command speeds up Postfix.

spamhaus is the best RBL service out there. I don't like bl.spamcop.com any more
because they block some sites like yahoo and gmail relays.


# Check MAIL FROM:
smtpd_recipient_restrictions =
check_recipient_access proxy:dbm:/etc/postfix/recipients,
reject_non_fqdn_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

# Check RCPT TO:
smtpd_sender_restrictions = reject_non_fqdn_sender,
check_sender_access proxy:dbm:/etc/postfix/senders,
permit_mynetworks,
check_sender_access proxy:dbm:/etc/postfix/rejectmydomains,
reject_rhsbl_sender dns.rfc-ignorant.org,
reject_unknown_sender_domain,
permit

# Check IP address
smtpd_client_restrictions =
permit_mynetworks,
check_client_access proxy:cidr:/etc/postfix/cidr,
check_client_access proxy:dbm:/etc/postfix/access,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client korea.services.net,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client bl.csma.biz,
reject_rbl_client relays.ordb.org

# Check HELO
smtpd_helo_restrictions = check_helo_access proxy:dbm:/etc/postfix/helo,
check_helo_access proxy:dbm:/etc/postfix/access,

proxy_read_maps = proxy:dbm:/etc/postfix/recipients,
proxy:dbm:/etc/postfix/senders,
proxy:dbm:/etc/postfix/rejectmydomains,
proxy:cidr:/etc/postfix/cidr,
proxy:dbm:/etc/postfix/access,
proxy:dbm:/etc/postfix/helo

--
Greg



rogv24@yahoo.com wrote:
> I am trying to fine tune the main.cf and I am trying cut down the
> number of spam thats
> coming through.
>
> In this company so far they have in main.cf file:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> reject_unauth_destination
> check_recipient_access dbm:$config_directory/recipient_access,
> check_client_access dbm:$config_directory/access,
> check_client_access dbm:$config_directory/helo_access,
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client bl.spamcop.net,
> check_sender_access dbm:$config_directory/spammers
> check_sender_access dbm:$config_directory/junk
> check_sender_access dbm:$config_directory/freemail_access,
> reject_unauth_pipeliningcheck_sender_access type:table
>
> # End of new
>
> I am trying to add some additional restrictions that will not impact
> the inbound/outbound emails.
>
> Does anyone know what can be SAFELY added to this file to kick out
> spammers?
>
> I pulled this info from a website will any of these ?
>
> check_sender_access type:table
> check_sender_mx_access type:table
> check_sender_ns_access type:table
> reject_authenticated_sender_login_mismatch
> reject_sender_login_mismatch
> reject_unknown_sender_domain
> reject_unlisted_sender
> reject_unverified_sender
>
> thanks
>

hello Greg,

Are you using the main.cf in your company?
If you are does have you been encountering any problems
or everything looks OK?

Roger

hello Greg,

Are you using the main.cf in your company?
If you are does have you been encountering any problems
or everything looks OK?

Roger

The stuff I posted was not my entire main.cf file. It was just some
examples to illustrate how to make your main.cf file more robust.

I'm not sure exactly what you are asking me now about "my company".
But the examples I gave are solid and not experimental, if that is
what you are asking.

I suggest that you first test any changes on a development server, before making
any changes to a company production server. It a good way to keep your job. :-)






rogv24@yahoo.com wrote:
> hello Greg,
>
> Are you using the main.cf in your company?
> If you are does have you been encountering any problems
> or everything looks OK?
>
> Roger
>