Guide to Harden Postfix Spam Policy on Plesk / Centos / Linux Systems

Posted on June 02, 2013

Quick and dirty code to harden the spam policy on Postfix systems to use RBL (Remote Black List) features.

/etc/postfix/main.cf
smtpd_sender_restrictions = 
   check_sender_access hash:/var/spool/postfix/plesk/blacklists, 
   permit_sasl_authenticated, 
   check_client_access pcre:/var/spool/postfix/plesk/non_auth.re, 
   reject_non_fqdn_sender, 
   reject_unauthenticated_sender_login_mismatch, 
   reject_unknown_sender_domain

smtpd_client_restrictions = 
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   permit_mynetworks, 
   permit_sasl_authenticated, 
   reject_rbl_client zen.spamhaus.org, 
   reject_rbl_client b.barracudacentral.org

smtpd_recipient_restrictions = 
   permit_mynetworks, 
   check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, 
   permit_sasl_authenticated, 
   reject_non_fqdn_hostname,
   reject_unauth_destination, 
   reject_invalid_hostname, 
   reject_unauth_pipelining, 
   reject_non_fqdn_sender, 
   reject_unknown_sender_domain, 
   reject_non_fqdn_recipient, 
   reject_unknown_recipient_domain

# fix ssl cert issue - on CentOS6 server at least
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

# slow down spammers who send errors or scan for accounts, maybe not worthwhile doing here
smtpd_error_sleep_time = 1s 
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10

———

Reference: Setting up Postfix/Amavisd/SpamAssassin on the Atomic Forums

Leave a Reply

Your email address will not be published.

Contact Us

Have a question? Send us a message. We'll get back to you soon.

captcha

Share
Tweet
Pin
Share