EDIT: This question was poorly asked, later I found another question which answers what i wanted to know: Spam prevention tips for Postfix
I'm running a small (20 users, 30 mailman-lists) server with postfix. I think it's configured fine, more or less. I spent 2 days reading up on all kinds of material on postfix configuration, but I couldn't find any list of measures that are actually safe to enable/disable. For about every configuration option i found there were some people pro and some against it.
This is my postfix configuration, can you give me simple measures on what to improve?
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
home_mailbox = Mail/
inet_interfaces = all
mailbox_command = /usr/bin/spamc -e /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mydestination = localhost, <my1stDomain>.at, <my2ndDomain>.at
myhostname = <my1stDomain>.at
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl-certs/startssl.chained.crt.pem
smtpd_tls_cert_file = /etc/ssl-certs/startssl.our.crt.pem
smtpd_tls_key_file = /etc/ssl-certs/private/startssl.key.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
Also recently I read something about BATV, and from reading my /var/log/mail.info i think i have quite a few messages being invalid bounces.