'Re: Suggestions for less spam'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Suggestions for less spam
From:       Paul van der Vlis <paul () vandervlis ! nl>
Date:       2019-09-24 10:11:01
Message-ID: 695b62b9-281e-e02b-68fd-7ef487e84f28 () vandervlis ! nl
[Download RAW message or body]

I am using now much of your setting and it seems to help. Thanks a lot!


Op 22-09-19 om 17:59 schreef Dominic Raferd:
> On Sun, 22 Sep 2019 at 14:36, Paul van der Vlis <paul@vandervlis.nl> wrote:
>>
>> Hello,
>>
>> I would like some suggestions on how to get less spam, I will paste my
>> configuration at the end of the mail.
>>
>> Maybe somebody with a nice setup could post his/her setup?
>>
>> As you can see, I am experimenting with reject_unknown_client_hostname.
>> What's your opinion about that setting?
>>
>> I've never used greylisting. Are you using it?
> 
> I have been tweaking my settings for the last three years largely
> based on advice from this list. I give below my (slightly simplified)
> smtpd_recipient_restrictions settings for unauthenticated connections
> (suggestions for improvement very welcome). I also apply some
> header_checks and use spamassassin and clamav (via amavis) with some
> bespoke rules.
> 
> I think it is inadvisable to use reject_unknown_client_hostname (risk
> of fps) but I have found reject_unknown_reverse_client_hostname very
> effective. I tried greylisting but gave it up - it isn't necessary and
> the delays were very irritating to users (e.g. for password reset
> emails).
> 
> smtpd_recipient_restrictions =
>     reject_unauth_pipelining
> 
>      # localfile whitelists
>     check_sender_access hash:/etc/postfix/sender_access_whitelist
>     check_client_access hash:/etc/postfix/client_access_whitelist
>     check_client_access cidr:/etc/postfix/client_access_whitelist.cidr
>     check_helo_access hash:/etc/postfix/helo_access_whitelist
> 
>     # localfile blacklists
>     check_sender_access hash:/etc/postfix/sender_access
>     check_client_access hash:/etc/postfix/client_access
>     check_helo_access hash:/etc/postfix/helo_access
>     check_sender_access pcre:/etc/postfix/sender_access.pcre
> 
>     # reject clients without PTR
>     reject_unknown_reverse_client_hostname
> 
>     # reject clients with dynamic ips
>     reject_rbl_client dul.dnsbl.sorbs.net=127.0.0.10
> 
>     # rejections based on rbls for helo/sender/reverse_client
>     reject_rhsbl_helo dbl.spamhaus.org
>     reject_rhsbl_sender dbl.spamhaus.org
>     reject_rhsbl_reverse_client dbl.spamhaus.org
>     reject_rhsbl_sender fresh.fmb.la=127.2.0.[2;14]
> 
>     # ip-based remote whitelists
>     permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]
>     permit_dnswl_client white.uribl.com
>     permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.[1;3;5]
> 
>     # ip-based remote blacklists
>     reject_rbl_client zen.spamhaus.org
>     reject_rbl_client dyna.spamrats.com
>     reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2
>     reject_rbl_client truncate.gbudb.net
>     reject_rbl_client dnsbl.cobion.com
>     reject_rbl_client bl.fmb.la=127.0.0.2
>     reject_rbl_client b.barracudacentral.org
> 



-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic