Comments on How To Fight Spam Using Your Postfix Configuration

>550 Your software is not RFC 2821 compliant

Ironically by doing this, you yourself are breaking an RFC, RFC793 specifically The Robustness Principle (Postel's Law):

TCP implementations will follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others.

A recent article published said that about 90% of mail bouncing around the mail servers is junk. With this setup I found I am rejecting 88% of the mail coming in to the system. There is a lot of bad email servers out there and I doubt anyone will ever achieve the perfect balance but when dealing with spam based on that rule we shouldn't use any Antispam techniques and simply look through 2000 messages per day of which 4 are legimate. Happy mediums are so hard to find!

Actually Postel's Law was refined with RFC 3117

"A subsequent RFC, RFC 3117, suggests that Postel's principle be followed only loosely, lest errors or less-than-desirable implementations should be propagated generally"  -Wikipedia

Not to mention that I doubt Postel envisioned the directions that TCP would be taken 25 years after RFC793 was written.

four things:

1) you assume that $mynetworks is listed in proxy_read_maps

2) check_policy_service inet:127.0.0.1:60000

i'm not aware of running anything on that port. you never explain that option either.

3) your lookup table works with '0' and '1' for the `active` column, your configuration file looks for 'yes'

4) your lookup table has no index.

since postfix 2.2, query templates (http://www.postfix.org/MYSQL_README.html) are supported which allows would allow, for example, to convert the ip address into an integer before lookup which makes indexing easier.

1) This is a hook on guide to this article on Howtoforge, https://www.howtoforge.com/virtual_postfix_mysql_quota_courier_p2 where $mynetworks is already in the proxy_read_maps

2) Added a little meat to the bones, my bad, but it was an article written in a rush.

3) Fixed, once again my bad.

4) You don't need one, works fine without it.

The original howtoforge guide which this is a hook for is based on Postfix 2.1 not 2.2 where the various query templates are much different so why bring this up it makes the whole situation more confusing when people just want a handy copy/paste guide.

When I ran this setup, I found that it was missing quite a few things - like backscatter prevention, and bayesian support.

 I did find a good writeup on http://www.piratefish.org - I've found it worthwhile and informative - and it covers backscatter, SPF checking, anti-virus, blacklists and more - and it's a complete from the ground up walkthrough using Debian Linux.  The last update added OCR of spam images to search them for spammy words too.

Well, I can't find any free instructions on piratefish.org. It seems you must buy an ebook with the instructions...

This is because the piratefish post was a cunning attempt at Spam.

If you want more aggressive filtering and can accept the increased risk of false positives, consider some of the other less-conservative blackhole lists such as the ones run by SPEWS or the various lists of blocks of dynamic IP addresses., Like SpamFilter ISP you may also consider using the reject_unknown_hostname option mentioned in the “HELO restrictions” section, but you can expect a small, measurable increase in false positives.

The ruleset described above should be sufficient on its own to eliminate the vast majority of junk email, so your time would probably be better spent implementing and adjusting it before testing other measures.

The tutorial is very good, but unfortunately Postfix still have some problems with latests releases. Once I tried to configure my Postfix to fight spam and in the end I got another problem, the queue was always full and never managed to empty it. Probably it was just my badluck, with a bad version. If you want some email utitlities that can help you fight spam, you can try some free Email Tools

Good luck all.

how to configure postfix to not sending spam mails

thank you