-1

EDIT: This question was poorly asked, later I found another question which answers what i wanted to know: Spam prevention tips for Postfix

I'm running a small (20 users, 30 mailman-lists) server with postfix. I think it's configured fine, more or less. I spent 2 days reading up on all kinds of material on postfix configuration, but I couldn't find any list of measures that are actually safe to enable/disable. For about every configuration option i found there were some people pro and some against it.

This is my postfix configuration, can you give me simple measures on what to improve?

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
home_mailbox = Mail/
inet_interfaces = all
mailbox_command = /usr/bin/spamc -e /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mydestination = localhost, <my1stDomain>.at, <my2ndDomain>.at
myhostname = <my1stDomain>.at
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl-certs/startssl.chained.crt.pem
smtpd_tls_cert_file = /etc/ssl-certs/startssl.our.crt.pem
smtpd_tls_key_file = /etc/ssl-certs/private/startssl.key.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom

Also recently I read something about BATV, and from reading my /var/log/mail.info i think i have quite a few messages being invalid bounces.

Community
  • 1
Fabian Zeindl
  • 229
  • 3
  • 10
  • I just wanted tips on what to improve. – Fabian Zeindl May 07 '12 at 09:00
  • Becaused my question was closed: How is it different to http://serverfault.com/questions/17221/spam-prevention-tips-for-postfix? – Fabian Zeindl May 08 '12 at 08:33
  • Although it's open-ended, the other question has a single, clear focus: preventing spam without Spamassassin. Yours mentions spam in the title, then chats about "unsafe" options without providing any examples, then talks about BATV. You also pasted a bunch of irrelevant and unchangeable config and asked for improvements without explaining what would be better than what you have now. Feel free to hit us up in [chat](http://chat.stackexchange.com/?tab=site&host=serverfault.com) or ask on [meta](http://meta.serverfault.com) if you want more hints on how to improve your question. – Ladadadada May 08 '12 at 10:02
  • Jeff [wrote a blog a while ago about asking better questions](http://blog.stackoverflow.com/2010/10/asking-better-questions/) which links to [two more](http://serverfault.com/questions/how-to-ask) [resources about asking better questions](http://googlewebmastercentral.blogspot.co.uk/2010/09/tips-for-getting-help-with-your-site.html). Eric Raymond also wrote [some good advice](http://www.catb.org/~esr/faqs/smart-questions.html) (in 18 languages!) many years ago that is still just as relevant today. – Ladadadada May 08 '12 at 10:07
  • a canonical question was asked : http://serverfault.com/questions/419407/fighting-spam-what-can-i-do-as-an-email-administrator-domain-owner-or-user –  Sep 23 '12 at 22:40

1 Answers1

1

check this tutorial. it's getting quite regularly updated - i used it ~5 yrs ago, i used it ~half year ago. it tells about the whole ecosystem [amavis, spamassasin, dcc, pyzor, razor and more], not just postfix.

pQd
  • 29,561
  • 5
  • 64
  • 106