[PLUG] better spam filtering through google

robinson-west user plug_1 at robinson-west.com
Sun Apr 13 19:36:45 UTC 2008


I'm using dnsbl.sorbs.net and bl.spamcop.net.
I tried to set up my own blacklist, but what to
populate it with and how is a major problem.

I'm also using sqlgrey, but I notice some down sides.
It seems to quit blocking all mail, I'll have to watch
to see if this is true.  Another downside is that it
deals with clients who are trying to access an invalid
recipient.  I want them to get blocked before the 
sqlgrey test.  Allowing anyone who retries to get on
the whitelist isn't what I want, but it seems to be
the default for sqlgrey.  I don't think there are very
many spam sources that don't retry anymore.  A lot of
spam is getting through sqlgrey,though razor catches
some.

Here is main.cf from one of my postfix relays...

queue_directory = /var/spool/relay_spool
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix

mail_owner = postfix

default_privs = nobody

canonical_maps=hash:/etc/postfix/canonical,
               hash:/etc/postfix/canonical_sophistasis

mydomain=robinson-west.com

myorigin=$mydomain

inet_interfaces = 216.151.30.106, 127.0.0.1

mydestination=
local_recipient_maps=
local_transport= error:local delivery is disabled

virtual_alias_maps=hash:/etc/postfix/virtual

mynetworks=127.0.0.0/8, 216.151.30.104/29
relay_domains = $mydomain, goose.$mydomain, sophistasis.com
parent_domain_matches_subdomains =
    debug_peer_list smtpd_access_maps

relay_recipient_maps=hash:/etc/postfix/relay_recipients,
                     hash:/etc/postfix/sophistasis_relay

transport_maps=hash:/etc/postfix/transport,
               hash:/etc/postfix/transport_sophistasis


in_flow_delay = 1s

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_delay_reject = yes


# Should I be doing the following?
smtpd_helo_required=yes

disable_vrfy_command=yes

smtpd_reject_unlisted_sender=yes

header_checks=regexp:/etc/postfix/header_checks


# There are suggestions that a helo should neither be required nor
checked...
smtpd_helo_restrictions= permit_mynetworks,
                         check_helo_access
hash:/etc/postfix/invalid_helo,
                         check_helo_access hash:/etc/postfix/access,
                         permit

smtpd_recipient_restrictions =    reject_non_fqdn_recipient,
                            reject_unknown_recipient_domain,
                                          permit_mynetworks,
                                  reject_unauth_destination,
            check_sender_access hash:/etc/postfix/blacklist,
                reject_rbl_client spamsrc.robinson-west.com,
                           reject_rbl_client bl.spamcop.net,
                          reject_rbl_client dnsbl.sorbs.net,
               check_policy_service unix:private/policy-spf,
                   check_policy_service inet:127.0.0.1:2501,
                                                     permit

policy_time_limit = 60

smtpd_data_restrictions = reject_unauth_pipelining,
                          permit

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES

unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
defer_code = 450
invalid_hostname_reject_code = 501
maps_rbl_reject_code = 554
non_fqdn_reject_code = 504
reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
multi_recipient_bounce_reject_code = 550
html_directory = no

smtp_error_sleep_time=1s
smtp_soft_error_limit=10
smtp_hard_error_limit=20




More information about the PLUG mailing list