Comments on: Postfix configure anti spam with blacklist http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Fri, 10 Feb 2012 20:37:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: ddr-2kpphttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-169138 ddr-2kpp Thu, 24 Feb 2011 16:53:20 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-169138 great description, did use it at all, but extend it with my policyd-config: check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031 great description, did use it at all, but extend it with
my policyd-config:

check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031

]]> By: B SengUKhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-150077 B SengUK Wed, 12 Aug 2009 21:52:12 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-150077 Already have all that in and more .... smtpd_recipient_restrictions = reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname Already have all that in and more ….

smtpd_recipient_restrictions = reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname

]]> By: bbgunzhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-150016 bbgunz Tue, 11 Aug 2009 02:10:42 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-150016 Old bump but i had this problem too to fix this: smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination Old bump but i had this problem too

to fix this:

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination

]]> By: B SengUKhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-149436 B SengUK Fri, 10 Jul 2009 18:14:49 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-149436 I never sorted this out fully, although I have got spam assassin working which identifies masses of mails coming through the server. The issue I tihnk is with the authentication and reject_invalid_hostname combination. My mail is sent from my outlook (and those other users of the server) through a cable connection. Although this theoretically should be OK I can only get mail to send without this coomand in place - and from what I found out this is the one that will make the most difference :( Currently I have the following set in main.cf # Following entries REQUIRED by Matrix control panel virtual_maps = hash:/etc/postfix/virtual transport_maps = hash:/etc/postfix/transport virtual_mailbox_domains = $transport_maps local_destination_concurrency_limit = 1 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 relay_domains = $mydestination smtpd_recipient_restrictions = reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname smtpd_sasl_auth_enable = yes ### Checks to remove badly formed email smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit check_client_access = reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, permit maximal_queue_lifetime = 3d Any advice would be really appreciated .. many thanks in advance. I never sorted this out fully, although I have got spam assassin working which identifies masses of mails coming through the server.

The issue I tihnk is with the authentication and reject_invalid_hostname combination. My mail is sent from my outlook (and those other users of the server) through a cable connection. Although this theoretically should be OK I can only get mail to send without this coomand in place – and from what I found out this is the one that will make the most difference :(

Currently I have the following set in main.cf

# Following entries REQUIRED by Matrix control panel
virtual_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
virtual_mailbox_domains = $transport_maps
local_destination_concurrency_limit = 1
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
relay_domains = $mydestination
smtpd_recipient_restrictions = reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unknown_reverse_client_hostname
smtpd_sasl_auth_enable = yes

### Checks to remove badly formed email
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554

smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit

check_client_access = reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_sender dsn.rfc-ignorant.org, permit
maximal_queue_lifetime = 3d

Any advice would be really appreciated .. many thanks in advance.

]]> By: DaveQBhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-147934 DaveQB Wed, 01 Apr 2009 13:13:30 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-147934 B SengUK, Did you sort that out? Seemed the recipients domain name's was not in full. What was the email address you were sending to? B SengUK,
Did you sort that out?
Seemed the recipients domain name’s was not in full.
What was the email address you were sending to?

]]> By: Matt Lunnhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-146938 Matt Lunn Tue, 27 Jan 2009 20:07:04 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-146938 Thanks for the informative and easy to understand/ follow tip. Hopefully this will stop unauthorised people using my new mail server! Thanks for the informative and easy to understand/ follow tip.

Hopefully this will stop unauthorised people using my new mail server!

]]> By: B SengUKhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-146921 B SengUK Tue, 27 Jan 2009 00:51:32 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-146921 I'm having issues with: smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit not allowing me to send mails -- I get a sys admin return saying invalid fqdn as follows: Your message did not reach some or all of the intended recipients. Subject: Testing 123 Sent: 27/01/2009 00:39 The following recipient(s) could not be reached: ************ on 27/01/2009 00:39 504 5.5.2 : Helo command rejected: need fully-qualified hostname Any ideas as I really need to stop SPAM asap I’m having issues with:

smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit

not allowing me to send mails — I get a sys admin return saying invalid fqdn as follows:

Your message did not reach some or all of the intended recipients.

Subject: Testing 123
Sent: 27/01/2009 00:39

The following recipient(s) could not be reached:

************ on 27/01/2009 00:39
504 5.5.2 : Helo command rejected: need fully-qualified hostname

Any ideas as I really need to stop SPAM asap

]]> By: Raulhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-145563 Raul Wed, 12 Nov 2008 21:01:24 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-145563 Thank you!. With this howto I'm locking spam in 5 minutes Thank you!. With this howto I’m locking spam in 5 minutes

]]> By: Leehttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-143168 Lee Fri, 14 Mar 2008 06:57:24 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-143168 Thanks for the great writeup! One note,without the addition of reject_unauth_destination to smtpd_recipient_restrictions, I got an error. postfix/smtpd[6726]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit Thanks for the great writeup!

One note,without the addition of
reject_unauth_destination to smtpd_recipient_restrictions,

I got an error.
postfix/smtpd[6726]: fatal: parameter “smtpd_recipient_restrictions”: specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

]]> By: Aaronhttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-142970 Aaron Thu, 21 Feb 2008 22:39:16 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-142970 Using your rules. Thanks so much. Let's see what happens. Using your rules. Thanks so much. Let’s see what happens.

]]> By: Thomashttp://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-142837 Thomas Sun, 10 Feb 2008 11:09:01 +0000 http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html#comment-142837 Hi, thank you for the HOWTO - I added the described rules into my config ... I will see, what happens :-) Thomas Hi,

thank you for the HOWTO – I added the described rules into my config … I will see, what happens :-)

Thomas

]]>