Очередная заметка на память о том,как настроить Postfix на отсечку спама еще на начальном уровне — уровне приема письма, без активных антиспам фильтров.
Пример моего конфига main.cf:
mail_owner = postfix
myhostname = mail.имя_домена
mydomain = имя_домена
myorigin = $mydomain
mydestination = $myhostname
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 127.0.0.0/8
smtpd_helo_required = yes
smtpd_delay_reject = yes
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_transport = virtual
transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_maildir_extended=yes
smtpd_banner = SERVER READY !!!! ALL CONNECTION LOGGED !!!!
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_reverse_client_hostname
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
permit
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access pcre:/etc/postfix/checks/helo_checks.pcre
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
permit
smtpd_sender_restrictions = permit_mynetworks
reject_non_fqdn_sender
reject_unlisted_sender
reject_unknown_sender_domain
reject_sender_login_mismatch
permit_sasl_authenticated
permit
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unauth_destination
reject_unlisted_recipient
check_sender_access pcre:/etc/postfix/checks/sender_checks.pcre
permit
smtpd_data_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_pipelining
permit
smtpd_end_of_data_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_multi_recipient_bounce
permit
spf_time_limit = 3600
milter_default_action = accept
milter_connect_timeout = 300s
milter_command_timeout = 300s
milter_content_timeout = 300s
milter_protocol = 6
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtp_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtp_use_tls = no
disable_vrfy_command = yes
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
smtpd_helo_required = yes
так же в папке /etc/postfix/ есть папка /checks/ в которой есть такие файлы:
helo_checks.pcre:
/mail\.имя_домена\.ua/ REJECT You are not me
/192\.168\.0\.1/ REJECT You are not me
/127\.0\.0\.1/ REJECT You are not me
/mail\.еще_домен\.ru/ REJECT You are not me
/\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}/ REJECT We don’t like dynamic addressess
и sender_checks.pcre:
/^.*\@имя_домена\.ua$/ REJECT You are not me
Так же может потребоваться установить пакет postfix_pcre:
apt-get install postfix-pcre
После этого огромное количество спама отпадет само собой.При том,что мы не используем активных спам-фильтров.
З.Ы.Спасибо Trash за помощь в этом вопросе)))