My current Postfix config

| No TrackBacks

I must say at this point I seem to be blocking most everything coming my way, whenever something does manage to sneak through, I then go out in search of more tools to try blocking these new junk mails.

I thought it might be good to report my Postfix config since I've updated it quite a bit since last time I listed it here.

In the config below, I'm doing some additional header_checks and mime_header_checks, the files referenced can be found at SecuritySage, just save their sample files to your local system (make sure the names are exactly right and don't have a hidden extension when you save them, I made that mistake the first time and of course they didn't work.

I'm also doing a body_checks, which like it sounds looks for specific text in the message body, my current file only has one line:




/this is the latest version of security update,/ REJECT Confirmed spam. Go away.


That line will catch a nasty email that is supposed to look like it's coming from Microsoft and they're being nice enough to send all of their customers a 'critical update', which I'm sure actually contains a worm that keeps spreading this nonsense. Generally this one gets blocked by some of my other filtering which eliminates mails with .exe, .com, and other PC executables, but some ISP's are actually nice enough to strip the executables off this mail since they know they're a virus, but they then leave the message intact instead of deleting it! So the spam gets through my filter since it'd been monkey'd with, that one line above seemed to be common in each of those mails, so if I see it, that message gets killed.

The folks at Declude have a great site with lots of filters for blocking mails, I've incorporated a number of these, but lately the best ones are the ones at rfc-ignorant.org, these are killing off a number of things that weren't being caught before, including a number of those MS critical update ones.

I'm also running Spamassassin which is installed by the latest build of Postfix Enabler for OS X, and just recently installed Vipul's Razor which works with Spamassassin.

The code below is a clip from my main.cf config file for Postfix, the first block is what Postfix Enabler does on its own, the various reject_rbl_client servers listed there need to be specified individually in Postfix Enabler, just enter them on the line given with commas separating each one. The second block is my 'custom Postfix settings', that whole thing gets pasted into the appropriate field in PostFix Enabler.


###Start PostfixEnabler###
alias_maps=hash:/etc/postfix/aliases
alias_database=hash:/etc/postfix/aliases
smtpd_sender_restrictions=hash:/etc/postfix/access
inet_interfaces=all
mynetworks_style=subnet
message_size_limit=10240000
mydomain=wrightthisway.com
myhostname=wrightthisway.com
smtpd_recipient_restrictions=permit_mynetworks,check_recipient_access hash:/etc/postfix/filtered_domains

smtpd_client_restrictions=hash:/etc/postfix/access,reject_rbl_client sbl-xbl.spamhaus.org,reject_rbl_client list.dsbl.org,reject_rbl_client relays.ordb.org,reject_rbl_client dnsbl.njabl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client dnsbl.ahbl.org,reject_rbl_client opm.blitzed.org,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client relays.visi.com,reject_rbl_client cbl.abuseat.org
default_rbl_reply=$rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain.
smtpd_helo_required=yes

unknown_local_recipient_reject_code=550
###End PostfixEnabler###

###Start Custom Config###
###Keep spammers from discovering real email's and alias expansions###
disable_vrfy_command = yes
default_process_limit = 10
smtpd_error_sleep_time = 30

strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/etc/postfix/access,
reject_unknown_hostname,
reject_invalid_hostname,
reject_non_fqdn_hostname

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unknown_client,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rhsbl_client rhsbl.ahbl.org,
reject_rhsbl_sender rhsbl.ahbl.org,
reject_rhsbl_client rhsbl.sorbs.net
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_client block.rhs.mailpolice.com,
reject_rhsbl_sender block.rhs.mailpolice.com,
reject_rhsbl_client dynamic.rhs.mailpolice.com,
reject_rhsbl_sender dynamic.rhs.mailpolice.com,
reject_rhsbl_client bogusmx.rfc-ignorant.org,
reject_rhsbl_sender bogusmx.rfc-ignorant.org,
reject_rhsbl_client abuse.rfc-ignorant.org,
reject_rhsbl_sender abuse.rfc-ignorant.org,
reject_rhsbl_client postmaster.rfc-ignorant.org,
reject_rhsbl_sender postmaster.rfc-ignorant.org,
reject_rhsbl_client dsn.rfc-ignorant.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
check_recipient_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/access,
check_recipient_access hash:/etc/postfix/filtered_domains

smtpd_data_restrictions =
reject_unauth_pipelining,
permit


header_checks = regexp:/etc/postfix/maps/header_checks
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
body_checks = regexp:/etc/postfix/maps/body_checks

unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550

###End Custom Config###



If you have questions about any of the commands, you can do a simple Google search on that command and usually find out what it's about in short order. Please be aware that the various RBL and RSHBL servers out there do tend to come and go, so it's a good idea to keep a list of what you're using bookmarked in your browser and check their home pages from time to time to see what might be new or changed, or if there's still there at all.

No TrackBacks

TrackBack URL: http://www.wrightthisway.com/cgi-bin/mt/mt-tb.cgi/60

November 2010

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

About this Entry

This page contains a single entry by Jim published on May 19, 2004 1:02 PM.

Vipul's Razor was the previous entry in this blog.

THX 1138 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 5.031