Postfix - Spam - Mailgraph

Discussion in 'Installation/Configuration' started by schmidtedv, Aug 14, 2008.

  1. schmidtedv

    schmidtedv New Member

    Well, I'm trying to get rid of some useless traffic (what else). I already did some changes like these:

    Code:
    mime_header_checks=pcre:/etc/postfix/mime-header-checks
    delay_warning_time = 3h
    qmgr_fudge_factor = 70
    message_size_limit = 51200000
    queue_minfree = 102400000
    bounce_size_limit = 30720
    bounce_template_file = /etc/postfix/bounce.cf
    delay_warning_time = 30m
    bounce_queue_lifetime = 3d
    maximal_queue_lifetime = 3d
    default_recipient_limit = 300
    default_destination_recipient_limit = 30
    default_destination_concurrency_limit = 10
    smtpd_helo_required = yes
    smtpd_delay_reject = yes
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
     
    invalid_hostname_reject_code = 554
    multi_recipient_bounce_reject_code = 554
    non_fqdn_reject_code = 554
    relay_domains_reject_code = 554
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_local_recipient_reject_code = 554
    unknown_relay_recipient_reject_code = 554
    unknown_sender_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    unverified_recipient_reject_code = 554
    unverified_sender_reject_code = 554
     
    [B]smtpd_client_restrictions =[/B] 
     
    [B]smtpd_helo_restrictions =[/B]
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_non_fqdn_hostname,
    reject_invalid_hostname,
    reject_unauth_pipelining
     
    [B]smtpd_sender_restrictions =[/B]
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining
     
    [B]smtpd_recipient_restrictions =[/B]
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    reject_unauth_destination,
    check_policy_service inet:127.0.0.1:60000,
    permit
    
    which helped a lot to cut down my daily spam from 1000 to 10 without even having spamassassin to check all these mails.

    1) That's correct? Would ISPConfig's spamassassin check the mail AFTER the above filters have been passed?

    2) Are the smtpd_xyz_restrictions = lines setup with the right syntax?

    3) Of course, there are still many mails that have to pass greylisting, so it's still work to do...however, could i harden these filters by putting in some lines that filter/reject out mails from countries I would never expect mail from?

    4) Another leftover are the mails once a week (300 at once) that are rejected from other mailservers because my address [email protected] with the name max/karl/paul mustermann seems to be used in some big spam-mailing-lists, so it looks like [email protected] sends a mail to [email protected] (doesn't these mailservers check the origin correctly?) .
    I get the mailer daemon rejects like "Undelivered Mail Returned to Sender" and have no clue how to filter these out right away (probably not possible to check, if these are rejects for mails i sended = keep them and mails that where rejected by being spam?)

    5) Actually, because of this traffic-testing right now i installed mailgraph yesterday (the old included debian etch package 1.2 with the newer .cgi from 1.4) and it seems to count a bit weird. My daily stat counts lets say 1000 rejects....then monthly there are about 800 and the count for the year is 0 ...is there something wrong in the package (.cgi is the same except for the layout)?
     
    Last edited: Aug 14, 2008
  2. falko

    falko Super Moderator ISPConfig Developer

    Yes.

    You must either put everything in one line, or start the following lines with at least one space, e.g. like this:

    Code:
    smtpd_recipient_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
     reject_invalid_hostname,
     reject_non_fqdn_hostname,
     reject_non_fqdn_sender,
     reject_non_fqdn_recipient,
     reject_unknown_sender_domain,
     reject_unknown_recipient_domain,
     reject_unauth_pipelining,
     reject_unauth_destination,
     check_policy_service inet:127.0.0.1:60000,
     permit
    This tutorial might be interesting: http://www.howtoforge.com/block_spam_at_mta_level_postfix
     
  3. schmidtedv

    schmidtedv New Member

    Thanks, well, the howto and having to add spaces I knew. It's just the forum that's cutting spaces if you do a copy-paste...btw. would a tab do the same job?

    And how about 3-5?
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Yes.

    Not sure...
     
  5. schmidtedv

    schmidtedv New Member

    :) ok, thx...will take a closer look around...
     

Share This Page