From postfix-users Sun Sep 22 13:35:10 2019 From: Paul van der Vlis Date: Sun, 22 Sep 2019 13:35:10 +0000 To: postfix-users Subject: Suggestions for less spam Message-Id: <45458c7a-011a-f53a-79bc-aba30e838226 () vandervlis ! nl> X-MARC-Message: https://marc.info/?l=postfix-users&m=156915937216354 Hello, I would like some suggestions on how to get less spam, I will paste my configuration at the end of the mail. Maybe somebody with a nice setup could post his/her setup? As you can see, I am experimenting with reject_unknown_client_hostname. What's your opinion about that setting? I've never used greylisting. Are you using it? With regards, Paul van der Vlis root@server:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes compatibility_level = 2 content_filter = amavis:[127.0.0.1]:10024 inet_interfaces = all inet_protocols = ipv4, ipv6 mailbox_size_limit = 0 mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp message_size_limit = 224000000 mydestination = server.vandervlis.nl, server.lokaal.netwerk, localhost.lokaal.netwerk, localhost myhostname = server.vandervlis.nl mynetworks = 127.0.0.1/32 myorigin = /etc/mailname recipient_delimiter = + relayhost = smtp_tls_cert_file = /etc/letsencrypt/live/server.vandervlis.nl/fullchain.pem smtp_tls_key_file = /etc/letsencrypt/live/server.vandervlis.nl/privkey.pem smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, permit smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/whitelist, warn_if_reject reject_unknown_client_hostname, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, check_recipient_access pcre:/etc/postfix/recipient_access, permit smtpd_relay_restrictions = smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/server.vandervlis.nl/fullchain.pem smtpd_tls_exclude_ciphers = RC4 smtpd_tls_key_file = /etc/letsencrypt/live/server.vandervlis.nl/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transportmappings virtual_maps = hash:/etc/postfix/virtual root@server:~# -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/