[Solved] How configure Postfix to check external blacklists?

Discussion in 'Installation/Configuration' started by dioobr, Sep 20, 2017.

  1. dioobr

    dioobr New Member

    Hello,
    How configure Postfix to block spam messages using external blacklists, like SPAMHAUS and BARRACUDA?

    Here my main.cf:
    Code:
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions =
        check_policy_service inet:127.0.0.1:10031,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
        reject_rbl_client zen.spamhaus.org,
        check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/ssl/server.example.com.crt
    smtpd_tls_key_file = /etc/postfix/ssl/server.example.com.key
    smtpd_tls_CAfile = /etc/postfix/ssl/server.example.com.ca-bundle
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        check_helo_access regexp:/etc/postfix/helo_access,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions =
        check_sender_access regexp:/etc/postfix/tag_as_originating.re,
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
        check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions =
        check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    myhostname = server.example.com
    mynetworks = 127.0.0.0/8 [::1]/128
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    bounce_template_file = /etc/postfix/bounce.cf
    mailbox_size_limit = 0
    message_size_limit = 0
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

  3. dioobr

    dioobr New Member

    The problem was Google Public DNS, what doesn't work with SPAMHAUS. Configured OpenDNS to resolve domains and now it works fine.
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

Share This Page