https://lms.onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Block_Spam_Using_Postfix_%28en%29 2026-04-19T20:20:42Z Revision history for this page on the wiki MediaWiki 1.45.1 https://lms.onnocenter.or.id/wiki/index.php?title=Block_Spam_Using_Postfix_(en)&diff=71386&oldid=prev 2025-01-03T23:49:46Z

<p>Created page with &quot;Blocking spam using SpamAssassin for 1000 emails/minute can overload the CPU. A smarter way to block spam before it reaches SpamAssassin is using RBL (Realtime Blacklists) and...&quot;</p> <p><b>New page</b></p><div>Blocking spam using SpamAssassin for 1000 emails/minute can overload the CPU. A smarter way to block spam before it reaches SpamAssassin is using RBL (Realtime Blacklists) and RHBL (similar but different from RBL), Greylisting, and HELO checks.<br /> <br /> We slightly modify the configuration in /etc/postfix/main.cf to add defenses at smtpd and check all hosts:<br /> <br /> ### Checks to remove badly formed email<br /> smtpd_helo_required = yes<br /> strict_rfc821_envelopes = yes<br /> disable_vrfy_command = yes<br /> unknown_address_reject_code = 554<br /> unknown_hostname_reject_code = 554<br /> unknown_client_reject_code = 554<br /> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit<br /> <br /> ### When changing sender_checks, this file must be regenerated using postmap &lt;file&gt;, to generate a Berkeley DB<br /> smtpd_recipient_restrictions =<br /> check_client_access hash:/etc/postfix/helo_client_exceptions<br /> check_sender_access hash:/etc/postfix/sender_checks,<br /> reject_invalid_hostname,<br /> ### Can cause issues with Auth SMTP, so be weary!<br /> reject_non_fqdn_hostname,<br /> ##################################<br /> reject_non_fqdn_sender,<br /> reject_non_fqdn_recipient,<br /> reject_unknown_sender_domain,<br /> reject_unknown_recipient_domain,<br /> permit_mynetworks,<br /> reject_unauth_destination,<br /> <br /> # Add RBL exceptions here, when changing rbl_client_exceptions, this<br /> # file must be regenerated using postmap &lt;file&gt;, to generate a Berkeley DB<br /> <br /> check_client_access hash:/etc/postfix/rbl_client_exceptions,<br /> reject_rbl_client cbl.abuseat.org,<br /> reject_rbl_client sbl-xbl.spamhaus.org,<br /> reject_rbl_client bl.spamcop.net, <br /> reject_rhsbl_sender dsn.rfc-ignorant.org,<br /> check_policy_service inet:127.0.0.1:60000<br /> permit <br /> <br /> We need to create a new file:<br /> <br /> vi /etc/postfix/helo.regexp<br /> <br /> /^subdomain\.host\.com$/ 550 Don&#039;t use my own hostname<br /> /^xxx\.yyy\.zzz\.xxx$/ 550 Don&#039;t use my own IP address<br /> /^\[xxx\.yyy\.zzz\.xxx\]$/ 550 Don&#039;t use my own IP address<br /> /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant<br /> /^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant<br /> <br /> This way is quite effective in discarding spammers who try to send HELO commands with chaotic [[IP address]] or hostname that do not comply with RFC 2821.<br /> <br /> ==A simpler way==<br /> <br /> To block [[mail spam]] using postfix, add the following lines in /etc/postfix/main.cf:<br /> <br /> check_helo_access hash:/etc/postfix/maps/helo_access,<br /> reject_rhsbl_sender cbl.abuseat.org,<br /> reject_rhsbl_sender dnsbl.njabl.org,<br /> reject_rhsbl_sender list.dsbl.org,<br /> reject_rhsbl_sender bl.spamcop.net,<br /> reject_rhsbl_sender cbl.abuseat.org,<br /> reject_rhsbl_sender dul.dnsbl.sorbs.net,<br /> reject_rhsbl_sender rhsbl.sorbs.net,<br /> permit<br /> <br /> smtpd_client_restrictions=<br /> reject_rbl_client cbl.abuseat.org,<br /> reject_rbl_client dnsbl.njabl.org,<br /> reject_rbl_client list.dsbl.org,<br /> reject_rbl_client bl.spamcop.net,<br /> reject_rbl_client cbl.abuseat.org,<br /> reject_rbl_client dul.dnsbl.sorbs.net,<br /> reject_rbl_client rhsbl.sorbs.net,<br /> permit_mynetworks,<br /> permit<br /> <br /> ==References==<br /> <br /> * http://www.howtoforge.com/virtual_postfix_antispam<br /> <br /> ==Interesting Links==<br /> <br /> * [[Postfix Installation]]<br /> * [[Postfix: Configuring relayhost with Authentication]]<br /> * [[Block Spam Using Postfix]]<br /> * [[Linux Howto]]<br /> * [[Tips on Building Your Own Server]]<br /> <br /> [[Category: Linux]]</div>

Unknown user