History of postmax
Version 14
postmax
How to configure Postfix to be fully tricked out with maximum high quality of service
1. Software Install
yum install postfix spamassassin amavisd-new clamav
chkconfig postfix on
chkconfig clamd on
chkconfig freshclam on
chkconfig amavisd on
chkconfig amavis on
2. Anti-Virus Configuration
Tweak /etc/amavisd.confSpamAssassin settings are made in this file. Also, make sure $inet_socket_port = 10024;
<?php
/etc/init.d/clamd start
service amavisd start
service amavis start
# If you are behind a proxy, you need adjust /etc/freshclam.conf
freshclam
freshclam start
?>
postconf -e 'content_filter = amavis:127.0.0.1:10024'
postconf -e 'receive_override_options = no_address_mappings'
Append these lines to /etc/postfix/master.cf
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
3. Test Setup
Use telnet to see if the appropriate ports are open:telnet yourhost.com 25
telnet localhost 3310
telnet localhost 10025
telnet localhost 10024
4. Spam Denial
RBLDNSD
This is a local DNS server database that performs local (e.g. FAST) DNS lookups against a list of dynamic and blacklisted IP's. Successful local lookup means it's on the blacklist and will be rejected.- Install the rbldns RPM (available in Fedora Extras, or source)
- Edit your named.conf and add:
zone "clients.blocked.rbl" IN {
type forward;
forward first;
forwarders { 127.0.0.1 port 530; };
};
zone "hosts.blocked.rbl" IN {
type forward;
forward first;
forwarders { 127.0.0.1 port 530; };
};
- Edit /etc/sysconfig/rbldnsd and add the following lines:
RBLDNSD="dsbl -r/var/lib/rbldnsd -b 127.0.0.1/530 \
clients.blocked.rbl:ip4set:clients,dynamic \
hosts.blocked.rbl:dnset:hosts \
"
- Get the latest RBLDNS databases and move database files to /var/lib/rbldnsd
- Gentlepeople, start your daemons: "service restart named; service restart rbldnsd;" Test with telnet localhost 53; and telnet locahost 530;
- Preform a test lookup:
$dig @localhost 223.61.83.162.clients.blocked.rbl -t txt
;; ANSWER SECTION:
223.61.83.162.clients.blocked.rbl. 2048 IN TXT "DNSBL. 162.83.61.223 is a known spam source. Mail from 162.83.61.223 is NOT accepted on this server!"
- Update the following line of your /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_rbl_client clients.blocked.rbl,reject_rhsbl_client hosts.blocked.rbl,reject_rhsbl_sender hosts.blocked.rbl
En-masse IP Block Here is a tutorial for Blocking E-mail from China and Korea using Postfix and the Okean CIDR Blocks
5. Other tutorails
http://devnull.com/kyler/dspam.20040512.htmlhttp://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1-p3