This is an S/MIME signed message ------363B653AFAF46FB148890D4F987213D4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.13\)) > On 23 Sep 2019, at 1:59 am, Dominic Raferd wrote: > > On Sun, 22 Sep 2019 at 14:36, Paul van der Vlis wrote: >> >> Hello, >> >> I would like some suggestions on how to get less spam, I will paste my >> configuration at the end of the mail. >> >> Maybe somebody with a nice setup could post his/her setup? >> >> As you can see, I am experimenting with reject_unknown_client_hostname. >> What's your opinion about that setting? >> >> I've never used greylisting. Are you using it? > > I have been tweaking my settings for the last three years largely > based on advice from this list. I give below my (slightly simplified) > smtpd_recipient_restrictions settings for unauthenticated connections > (suggestions for improvement very welcome). I also apply some > header_checks and use spamassassin and clamav (via amavis) with some > bespoke rules. > > I think it is inadvisable to use reject_unknown_client_hostname (risk > of fps) but I have found reject_unknown_reverse_client_hostname very > effective. I tried greylisting but gave it up - it isn't necessary and > the delays were very irritating to users (e.g. for password reset > emails). > > smtpd_recipient_restrictions = > reject_unauth_pipelining > > # localfile whitelists > check_sender_access hash:/etc/postfix/sender_access_whitelist > check_client_access hash:/etc/postfix/client_access_whitelist > check_client_access cidr:/etc/postfix/client_access_whitelist.cidr > check_helo_access hash:/etc/postfix/helo_access_whitelist > > # localfile blacklists > check_sender_access hash:/etc/postfix/sender_access > check_client_access hash:/etc/postfix/client_access > check_helo_access hash:/etc/postfix/helo_access > check_sender_access pcre:/etc/postfix/sender_access.pcre > > # reject clients without PTR > reject_unknown_reverse_client_hostname > > # reject clients with dynamic ips > reject_rbl_client dul.dnsbl.sorbs.net=127.0.0.10 > > # rejections based on rbls for helo/sender/reverse_client > reject_rhsbl_helo dbl.spamhaus.org > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_reverse_client dbl.spamhaus.org > reject_rhsbl_sender fresh.fmb.la=127.2.0.[2;14] > > # ip-based remote whitelists > permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3] > permit_dnswl_client white.uribl.com > permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.[1;3;5] > > # ip-based remote blacklists > reject_rbl_client zen.spamhaus.org > reject_rbl_client dyna.spamrats.com > reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2 > reject_rbl_client truncate.gbudb.net > reject_rbl_client dnsbl.cobion.com > reject_rbl_client bl.fmb.la=127.0.0.2 > reject_rbl_client b.barracudacentral.org > Just wondering if it is worth using Razor. https://sourceforge.net/projects/razor/ Do people find it useful? Anyone using it? Seems at bit dated. Thanks, James. ------363B653AFAF46FB148890D4F987213D4 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIISTAYJKoZIhvcNAQcCoIISPTCCEjkCAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwGggg+FMIIGTjCCBTagAwIBAgIQBK55YGZmkBq5xX+mbFvczTANBgkq hkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBB c3N1cmVkIElEIFJvb3QgQ0EwHhcNMTMxMTA1MTIwMDAwWhcNMjgxMTA1MTIwMDAw WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBTSEEyIEFzc3Vy ZWQgSUQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc+BEjP2q1 78AneRstBYeiEEMx3w7UFRtPd6Qizj6McPC+B47dJyq8AR22LArK3WlYH0HtagUf 2mN4WR4iLCv4un7JNTtW8R98Qn4lsCMZxkU41z1E+SB8YK4csFoYBL6PO/ep8JSa pgxjSbZBF1NAMr1P5lB6UB8lRejxia/N/17/UPPwFxH/vcWJ9b1iudj7jkUEhW2Z zcVITf0mqwI2Reo2119q4hqCQQrc6dn1kReOxiGtODwT5h5/ZpzVTdlG2vbPUqd9 OyTDtMFRNcab69TvfuR7A+FEvXoLN+BPy4KKDXEY5KbgiSwb87JzPMGwkp4Yfb2r fcV9CKEswp9zAgMBAAGjggL4MIIC9DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud DwEB/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v Y3NwLmRpZ2ljZXJ0LmNvbTCBgQYDVR0fBHoweDA6oDigNoY0aHR0cDovL2NybDQu ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDA6oDigNoY0 aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB LmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwggGzBgNVHSAEggGq MIIBpjCCAaIGCmCGSAGG/WwAAgQwggGSMCgGCCsGAQUFBwIBFhxodHRwczovL3d3 dy5kaWdpY2VydC5jb20vQ1BTMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAg AHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAg AGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABv AGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBu AGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBl AGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBs AGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBk ACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMB0GA1Ud DgQWBBTnAiOAAE/Y17yUC9k/dDlJMjyKeTAfBgNVHSMEGDAWgBRF66Kv9JLLgjEt UYunpyGd823IDzANBgkqhkiG9w0BAQsFAAOCAQEATtSJJ7n9HYd3fg8oBZDxCi/J Oz69k5yQxq/6kVGHMlRr6MrBcVFcmY61+uBiGZmmB5p8Eyfb5QKihBLZFfYKRFfE NI9tcx861qABPd7jguRFa7LrJf2AXh05kL5bQvbOkWDj+aBWDEgQzjNoe82Tq/Bq y09YD7l7XRsEgZ6nIuJXSSfukpMIvmkIUwI6Ll3IGfRQgE4C2bBdkbSTh/mWloFV QI5m7YLYuyhf7Uxh7QZYKBlTEUS8RyApsgRs2IlUmTt122d4LB6SeMZVPVgSETJu vUMMTTTbe8ZC2+y+q5thTAaS447fISpQVwTAYKI11SSeZjcJSc/V+GWz4OJuwjCC A7cwggKfoAMCAQICEAzn4OUX2Eb+j+Vg/BvwMDkwDQYJKoZIhvcNAQEFBQAwZTEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290 IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowZTELMAkGA1UEBhMC VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0 LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ4VzuRDgFyxh/O3YPlxEqWu3CaU iKr0zvUgOShYYAz4gNqpFZUyYTy1sSiEiorcnwoMgxd6j5Csiud5U1wxhCr2D5gy NnbM3t08qKLvavsh8lJh358g1x/isdn+GGTSEltf+VgYNbxHzaE2+Wt/1LA4PsEb w4wz2dgvGP4oD7Ong9bDbkTAYTWWFv5ZnIt2bdfxoksNK/8LctqeYNCOkDXGeFWH IKHP5W0KyEl8MZgzbCLph9AyWqK6E4IR7TkXnZk6cqHm+qTZ1Rcxda6FfSKuPwFG hvYoecix2uRXF8R+HA6wtJKmVrO9spftqqfwt8WoP5UW0P+hlusIXxh3TwIDAQAB o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU Reuir/SSy4IxLVGLp6chnfNtyA8wHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6ch nfNtyA8wDQYJKoZIhvcNAQEFBQADggEBAKIOvN/i7fDjcnN6ZJS/93Jm2DLkQnVi rofr8tXZ3lazn8zOFCi5DZdgXBJMWOTTPYNJRViXNWkaqEfqVsZ5qxLYZ4GE338J PJTmuCYsIL09syiJ91//IuKXhB/pZe+H4N/BZ0mzXeuyCSrrJu14vn0/K/O3JjVt X4kBtklbnwEFm6s9JcHMtn/C8W+GxvpkaOuBLZTrQrf6jB7dYvG+UGe3bL3z8R9r DDYHFn83fKlbbXrxEkZgg9cnBL5Lzpe+w2cqaBHfgOcMM2a/Ew0UbvN/H2MQHvqN GyVtbI+lt2EBsdKjJqEQcZ2t4sP5w5lRtysHCM4u5lCyp/oKRS+i8PIwggV0MIIE XKADAgECAhACXK3clZ3biAP+dvhpKt+pMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp Y2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQTAe Fw0xOTA0MTgwMDAwMDBaFw0yMjA0MTcxMjAwMDBaMIGVMQswCQYDVQQGEwJBVTER MA8GA1UECBMIVmljdG9yaWExEjAQBgNVBAcTCUtub3hmaWVsZDEkMCIGA1UEChMb Qm9yZG8gSW50ZXJuYXRpb25hbCBQdHkgTHRkMRQwEgYDVQQDEwtKYW1lcyBCcm93 bjEjMCEGCSqGSIb3DQEJARYUamxicm93bkBib3Jkby5jb20uYXUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1I+uYAYR/4wO7wCYWP+XvaZ01sJWNWWWe Xu0rTKo68hau4NhZcXhMMzXtpYEDnljyn8x7TDwc8Se5nRpyD0207C0xtPiJN8jF U28lsanPh7rDVDWc++UnAGM2x6tfnxCDXn4woqKlDI/ELisLpHD1sPapJhYi/pB9 zjCGZCJSga8LbInQAtnoxjluLfLc6ZCTxD8ctR5WkhBB5OnlCg0MTutItja8fKaW gAbPBXSW4bELobQv5tqvLj8WCTt6LfkbIHR3v6AxNEp9yrGMEAd2KM9rcN2SnddZ nAz2rrVdJmGrC6wVhHWyBMSNUKK1Q0+dEGuI8yB57VBucgE+CIbdAgMBAAGjggHt MIIB6TAfBgNVHSMEGDAWgBTnAiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQU n+zELRPAJMZirB3WHxyXxejHB2gwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWgRRq bGJyb3duQGJvcmRvLmNvbS5hdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9bAQBAjAqMCgG CCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hB MkFzc3VyZWRJRENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQu Y29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRt MGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEF BQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAsdiYm4Lhr14GQ2lOqBlX lYOQkYbHCkeZuUniJ4iXobZ3cioumkzelQKW6UNhmEppWVug34Kz80ayy+O14/8O WOkKCE/fDyrftC8/ETbd2JuFMZW0dhG3U8jOG9sgYo8R+/GDRQxRkkHKZwReYcjR GLv8YOifwAo1F9OZqGCrSam36tYHm96kuBPG0wAeuf7NceUDRebR04ruodnCziUM oExLUQ1CP25HquYhrfj2avP6X5hOQ9HZrBSX8rcIP0e8JPWlcVHvPtTGbqh1r6vc 8KrV3BgQjiOIXy4WbkmLZXUngNzWQijfZLEKBRzOVWVCy2QGVGfYvgcjNT1JjitZ vjGCAoswggKHAgEBMHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0 IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNl cnQgU0hBMiBBc3N1cmVkIElEIENBAhACXK3clZ3biAP+dvhpKt+pMA0GCWCGSAFl AwQCAQUAoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF MQ8XDTE5MDkyNTAwMDIzMlowLwYJKoZIhvcNAQkEMSIEIJRaqbxxOTb75wRjzP/N 8U6PNXNRdEVCmWnb9h5JloD5MHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEq MAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcN AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0G CSqGSIb3DQEBAQUABIIBAGsQV5Sn6GhqAJ62LunnNhpWwcmlBRl6dUpSC7lDus95 F93I3VsWmrO6zKQB6S/leU9mHRvLKoV2iFdSDt0V53obADrw2wA+EKpGNAryzXqT x1Elok8LJkhIyijfK9D43XO3g46oXKWVFgEKZzTfFKJ6JPimptT9Rm80SziQP5uI B7ClfImm1iokbiR79xG9E7wv2BsHZg/pqZngLKGBRmeSc1IzpzAHAE+VfzbiVXWi Ysts34Oeir5mkwL79s26An/NWn47ZDBt6bTCaLmLTL2xdm0XaUm2zxKCKzkVcmDA 55joewkNdHRmMu58zPtT/y0relHU4xMU9McC1eeGZn8= ------363B653AFAF46FB148890D4F987213D4--