Comments on: My Postfix anti-spam configuration /2011/03/08/my-postfix-anti-spam-configuration A collection of note-to-self's Sun, 24 Mar 2019 23:04:45 +0000 hourly 1 https://wordpress.org/?v=5.1.1 By: Niobos /2011/03/08/my-postfix-anti-spam-configuration/comment-page-1#comment-223817 Thu, 13 Mar 2014 08:08:42 +0000 http://blog.dest-unreach.be/?p=1991#comment-223817 Thanks Aquel,
I’ve added a paragraph in the post to warn readers that don’t come down to the comments section.

]]>
By: Aquel /2011/03/08/my-postfix-anti-spam-configuration/comment-page-1#comment-223774 Wed, 12 Mar 2014 14:03:35 +0000 http://blog.dest-unreach.be/?p=1991#comment-223774 According to the postfix documentation, it is dangerous to rely on the recipient restrictions only:
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
In your particular case, your configuration seems alright but for other people their too-permissive restrictive could lead to an unprotected mail server.

]]>
By: Niobos /2011/03/08/my-postfix-anti-spam-configuration/comment-page-1#comment-43554 Thu, 15 Dec 2011 15:41:40 +0000 http://blog.dest-unreach.be/?p=1991#comment-43554 Here is the relevant part:

# Restrictions during SMTP commands (in order)
smtpd_client_restrictions =
smtpd_helo_restrictions = 
smtpd_sender_restrictions = 
# some checks can already be performed in the above stages.
# Running them below allows us to gather more information on the mail before
# rejecting it.
# 10023 is the greylist server
smtpd_recipient_restrictions = permit_mynetworks,
	reject_non_fqdn_hostname,
	reject_invalid_hostname,
	reject_non_fqdn_sender,
	reject_unknown_sender_domain
	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,
	reject_unauth_destination,
	check_policy_service inet:127.0.0.1:10023,
	warn_if_reject, check_policy_service unix:private/policy-spf,
	check_recipient_access hash:/etc/postfix/spamassassin
	reject_rbl_client bl.spamcop.net,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client dnsbl.sorbs.net
spf-policyd_time_limit = 3600
# Restrictions during SMTP DATA
#header_checks = regexp:/etc/postfix/header_checks
header_checks = 
body_checks = 
]]>
By: Chris /2011/03/08/my-postfix-anti-spam-configuration/comment-page-1#comment-43518 Thu, 15 Dec 2011 11:50:42 +0000 http://blog.dest-unreach.be/?p=1991#comment-43518 Are you able to post your main.cf as I tried your suggestion and it went to custard, trying to work out where I went wrong…

]]>