Comments on: My Postfix anti-spam configuration

By: Niobos

Niobos — Thu, 13 Mar 2014 08:08:42 +0000

Thanks Aquel,
I’ve added a paragraph in the post to warn readers that don’t come down to the comments section.

By: Aquel

Aquel — Wed, 12 Mar 2014 14:03:35 +0000

According to the postfix documentation, it is dangerous to rely on the recipient restrictions only:
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
In your particular case, your configuration seems alright but for other people their too-permissive restrictive could lead to an unprotected mail server.

By: Niobos

Niobos — Thu, 15 Dec 2011 15:41:40 +0000

Here is the relevant part:

# Restrictions during SMTP commands (in order)
smtpd_client_restrictions =
smtpd_helo_restrictions = 
smtpd_sender_restrictions = 
# some checks can already be performed in the above stages.
# Running them below allows us to gather more information on the mail before
# rejecting it.
# 10023 is the greylist server
smtpd_recipient_restrictions = permit_mynetworks,
	reject_non_fqdn_hostname,
	reject_invalid_hostname,
	reject_non_fqdn_sender,
	reject_unknown_sender_domain
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	reject_unauth_destination,
	check_policy_service inet:127.0.0.1:10023,
	warn_if_reject, check_policy_service unix:private/policy-spf,
	check_recipient_access hash:/etc/postfix/spamassassin
	reject_rbl_client bl.spamcop.net,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client dnsbl.sorbs.net
spf-policyd_time_limit = 3600
# Restrictions during SMTP DATA
#header_checks = regexp:/etc/postfix/header_checks
header_checks = 
body_checks =

By: Chris

Chris — Thu, 15 Dec 2011 11:50:42 +0000

Are you able to post your main.cf as I tried your suggestion and it went to custard, trying to work out where I went wrong…