-3

I want to configure Postfix to reject spam from the Internet. I found the following example here:

smtpd_client_restrictions = permit_mynetworks, reject

smtpd_helo_restrictions = reject_unknown_helo_hostname

smtpd_sender_restrictions = reject_unknown_sender_domain

smtpd_relay_restrictions = permit_mynetworks, 
permit_sasl_authenticated,
reject_unauth_destination

smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated,
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org

smtpd_data_restrictions = reject_unauth_pipelining

But when I sent an e-mail to my domain from a Gmail account it got blocked. I then changed:

smtpd_client_restrictions = permit_mynetworks, reject

to:

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname

and now my mail server seems to work.

Is this example provided by postfix.org a best practise or should I strengthen/weaken it?

user8056359
  • 151
  • 1
  • 7
  • Possible duplicate of [Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?](https://serverfault.com/questions/419407/fighting-spam-what-can-i-do-as-an-email-administrator-domain-owner-or-user) – Jenny D Jun 26 '17 at 08:24

1 Answers1

0

That's

Examples of simple restriction lists

It doesn't even try to be an example of a good overall configuration to prevent SPAM. You have removed the comment lines that clearly states what each of the examples are doing, e.g.

# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject

It does exactly that, thus it rejects all mail from the Internet.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • Yes, I removed the comments for readability's sake. I changed that line you mentioned because I didn't want to reject mail from the Internet as that would make my mail server useless. I just want to reject as much spam as possible. – user8056359 Jun 26 '17 at 19:09
  • Rejecting spam isn't about amounts. You must take compromises to avoid false positives. You need to decide how aggressive you want to be. That's why there's no one-size-fits-all solutions. You'll also need to evolve as the spammers do. – Esa Jokinen Jun 26 '17 at 20:29
  • I receive little spam so a good-enough solution will do. – user8056359 Jun 26 '17 at 23:28