Reducing spam at Postfix SMTP layer on Debian servers

At this fourth article on the antispam subject, we will go to another layer of defense.

Configuring Postfix SMTP server to help in reducing spam have advantages and imposes some risks.

Stopping spam at SMTP layer has the advantages of reducing server load, server network bandwidth comsumption, and better dealing with botnets of windows machines and open relay servers.

At other side, a sysadmin could exhagerate in some restrictions and then loose some valid messages.

Finding the right balance is the key.

After some years, I found that SpamHaus URIBL and RBL are the more conservative and better lists to use at this SMTP layer.

I never found a false positive.

But you should not use the more aggressive ones.

It is better to leave some spam slip through to be caught at SpamAssassin than to loose some valuable message.

So, our suggestion is to INCLUDE the following smtp client restrictions arguments at /etc/postfix/main.cf configuration file.

smtpd_client_restrictions = reject_rhsbl_client dbl.spamhaus.org reject_rbl_client sbl.spamhaus.org

ATTENTION: do not substitute your parameter line already at your server. ADD these arguments at the SAME configuration smtpd_client_restrictions parameter line (or multiline configuration).

Reload or restart postfix daemon and analyze the server logs looking for some misbehaving.

invoke-rc.d postfix restart

tail -f /var/log/mail.log

This is an example of correct working:

Aug 16 06:33:49 techforce postfix/smtpd[6596]: connect from dedicado.mjmkt.in[209.239.112.56]
Aug 16 06:33:49 techforce postfix/smtpd[6596]: NOQUEUE: reject: RCPT from dedicado.mjmkt.in[209.239.112.56]: 554 5.7.1 Service unavailable; Client host [dedicado.mjmkt.in] blocked using dbl.spamhaus.org; http://www.spamhaus.org/query/dbl?domain=mjmkt.in; from=<envio@mjmkt.in> to=<john_doe@techforce.com.br> proto=ESMTP helo=<dedicado.mkmkt.in>
Aug 16 06:33:49 techforce postfix/smtpd[6596]: disconnect from dedicado.mjmkt.in[209.239.112.56]

 

 

Blog Tags: