no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | tech:linux:postfix_spam_control [2014/11/15 15:13] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Resources to control spam using postfix ====== | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | ====== main.cf settings ====== | ||
+ | < | ||
+ | # | ||
+ | unknown_local_recipient_reject_code = 550 | ||
+ | unknown_address_reject_code = 550 | ||
+ | unknown_client_reject_code = 550 | ||
+ | unknown_hostname_reject_code = 550 | ||
+ | unknown_relay_recipient_reject_code = 550 | ||
+ | unknown_virtual_alias_reject_code = 550 | ||
+ | unknown_virtual_mailbox_reject_code = 550 | ||
+ | unverified_recipient_reject_code = 550 | ||
+ | unverified_sender_reject_code = 550 | ||
+ | # | ||
+ | default_process_limit = 20 | ||
+ | smtpd_client_connection_count_limit = 10 | ||
+ | smtpd_client_connection_rate_limit = 60 # This should translate to 1 per second limit | ||
+ | smtpd_client_message_rate_limit = 60 | ||
+ | smtpd_client_new_tls_session_rate_limit = 60 | ||
+ | # | ||
+ | smtpd_helo_required = yes | ||
+ | address_verify_map = btree: | ||
+ | smtpd_reject_unlisted_sender=yes | ||
+ | smtpd_recipient_restrictions = | ||
+ | check_client_access hash:/ | ||
+ | reject_invalid_hostname, | ||
+ | reject_non_fqdn_hostname, | ||
+ | reject_non_fqdn_sender, | ||
+ | reject_non_fqdn_recipient, | ||
+ | reject_unknown_sender_domain, | ||
+ | reject_unknown_recipient_domain, | ||
+ | reject_unknown_client_hostname, | ||
+ | reject_unverified_sender, | ||
+ | permit_mynetworks, | ||
+ | reject_unauth_destination, | ||
+ | reject_rbl_client cbl.abuseat.org, | ||
+ | reject_rbl_client sbl.spamhaus.org, | ||
+ | reject_rbl_client pbl.spamhaus.org | ||
+ | permit | ||
+ | smtpd_data_restrictions = | ||
+ | reject_unauth_pipelining, | ||
+ | permit | ||
+ | </ | ||
+ | |||
+ | ====== White list (and black list) settings ====== | ||
+ | * Added check_client_access hash:/ | ||
+ | * Created file / | ||
+ | * Ran postmap / | ||
+ | * Restarted postfix: / | ||
+ | |||
+ | ====== PostFix report ====== | ||
+ | [[http:// | ||
+ | |||
+ | A daily cron job as below will work. Make sure to create a directory under /var/log as / | ||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | # | ||
+ | # Daily Postfix Log report | ||
+ | # | ||
+ | TS=$(date +%Y%m%d_%H%M%S); | ||
+ | LOGFILE="/ | ||
+ | PFLOGSUMM="/ | ||
+ | PFMAILINF="/ | ||
+ | REMAIL=" | ||
+ | REPSUB=" | ||
+ | # | ||
+ | $PFLOGSUMM $PFMAILINF > $LOGFILE | ||
+ | cat $LOGFILE | mailx -s " | ||
+ | # | ||
+ | exit 0 | ||
+ | </ | ||
+ | |||
+ | A quick note is to rotate logs on daily basis so the report is truly a daily summary. |