Resources to control spam using postfix
main.cf settings
# unknown_local_recipient_reject_code = 550 unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 # default_process_limit = 20 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 60 # This should translate to 1 per second limit smtpd_client_message_rate_limit = 60 smtpd_client_new_tls_session_rate_limit = 60 # smtpd_helo_required = yes address_verify_map = btree:${data_directory}/verify_cache smtpd_reject_unlisted_sender=yes smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/white_lists, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_client_hostname, reject_unverified_sender, permit_mynetworks, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client pbl.spamhaus.org permit smtpd_data_restrictions = reject_unauth_pipelining, permit
White list (and black list) settings
- Added check_client_access hash:/etc/postfix/white_lists
- Created file /etc/postfix/white_lists with list of IP and domain names white listed
- Ran postmap /etc/postfix/white_lists
- Restarted postfix: /etc/init.d/postfix restart
PostFix report
JIMSUN - Postfix Contribs has a tools called Postfix Log Entry Summarizer (pflogsumm) that is a perl script that does a summary report on postfix logs.
A daily cron job as below will work. Make sure to create a directory under /var/log as /var/log/postfixrep
#!/bin/bash # # Daily Postfix Log report # TS=$(date +%Y%m%d_%H%M%S); LOGFILE="/var/log/postfixrep/pfrep_$TS" PFLOGSUMM="/usr/local/bin/pflogsumm" PFMAILINF="/var/log/mail.info" REMAIL="root@example.org" REPSUB="Postfix Report" # $PFLOGSUMM $PFMAILINF > $LOGFILE cat $LOGFILE | mailx -s "$REPSUB" $REMAIL # exit 0
A quick note is to rotate logs on daily basis so the report is truly a daily summary.