[SLL] Postfix anti-spam configuration
Jules Agee
julesa at pcf.com
Tue Jan 16 15:57:34 PST 2007
Hi everyone,
We've been using Sendmail + SpamAssassin on our internet mail gateway
for years now, and now we're switching to Postfix, postgrey, and SA.
This is a gateway for a few hundred users, and I want to err on the side
of caution: zero rejected legitimate messages. I don't use any RBLs for
outright rejection, I just configure spamassassin to raise the spam
score on an RBL hit -- conservative all the way. This gateway is
strictly for incoming Internet mail, I don't expect to see any
connections directly from mail client software.
What Postfix options have you found to be effective that have a very low
false positive rate? Can I use all the options below without expecting
torches and pitchforks at the office door because of rejected legit
mail? I'll use warn_if_reject at first, to prevent the torches and
pitchforks scenario, but any comments would be very much appreciated.
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
check_helo_access hash:/etc/postfix/helo_checks,
permit
# note: helo_checks will just reject localhost, my IP, my hostname
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
permit
Thanks!!!
-Jules
--
Jules Agee
System Administrator
Pacific Coast Feather Co.
julesa at pcf.com x284
More information about the linux-list
mailing list