This article was written to create an easy step to add more SPAM protection to ISPConfig when you are running postfix. This not only will cut down on SPAM but it will also cut down on load by not sending as much SPAM to spamassassin. Below are some SPAM protection additions that can be made to postfix’s main configuration file and will stop most SPAM from even reaching spamassassin. The reject_rbl_client command is used to add SPAM blacklists for postfix to check against. You can research other blacklists and add them if you like.
Add the below to /etc/postfix/main.cf.
[quickcode:main.cf]
# SPAM Prevention Below
# Please make sure to keep blacklists up to date.
smtpd_helo_required = yes
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
unknown_client_reject_code = 554
unknown_sender_reject_code = 554
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client whois.rfc-ignorant.org,
reject_rbl_client combined.rbl.msrbl.net,
permit
[/quickcode]
Restart postfix by: /etc/init.d/postfix restart
You now have extra SPAM protection for postfix and your ISPConfig installation.
Hi Alex:
Thank you for this – I tried it out and it went a little awry – for some reason that I was not able to understand (newbie), it would not run. I will try to establish where it went wrong, but if not would you be able to provide some guidelines? Tks.
Regards, Mentor
Hello mwmentor,
If you are still having an issue post the details of the issue and we can work towards resolving.
Thanks. -Alex
my guess would be that it went wrong when he tried to restart postfix, and the formatting was off. Postfix got pissy about this:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
but was fine when i indented it with a tab like this:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
postfix either likes the block = block block or block = block,block,block
well my formatting didnt go very well, wordpress dropped the tab|tab stuff . it should read
( just the corrected part )
but was fine when i indented it with a tab like this:
smtpd_recipient_restrictions =
( tab ) reject_invalid_hostname,
( tab )reject_unknown_recipient_domain,
( tab )reject_unauth_pipelining,
postfix either likes the block = block (return)(tab)block or block = block,block,block
hope that one works :)
I definitely have run into Postfix formatting errors. It always seems I am missing a coma or a space somewhere and it always takes forever to find.
Thanks for expanding Quake_Sinatra.