|Main Archive Page > Month Archives > postfix-users archives|
On 10/19/2010 11:35 PM, Stan Hoeppner wrote:
> Jeroen Geilman put forth on 10/19/2010 8:09 PM:
>> You're missing some of the better spam prevention methods here, such as
>> decent HELO checks, and an RBL or two.
>> I'd suggest at least adding reject_unknown_reverse_client_hostname in
>> there, as well as (testing out)
> This will probably be a big help to Steve.
> smtpd_recipient_restrictions =
> check_client_access pcre:/etc/postfix/fqrdns.pcre
In your opinion, would check_reverse_client_hostname_access (Postfix
2.6+) work better here?
Many dynamic zombies don't always resolve forward.
> reject_rbl_client zen.spamhaus.org
> reject_rbl_client psbl.surriel.com
> reject_rhsbl_client dbl.spamhaus.org
> reject_rhsbl_sender dbl.spamhaus.org
> reject_rhsbl_helo dbl.spamhaus.org
> check_policy_service inet:127.0.0.1:60000
> This pcre rdns checker kills tons of bot spam from consumer IPs that
> should not be sending direct smtp mail. It picks up where the PBL
> leaves off. Zero FP rate. As always, exclude it from your own
> submission smtpd or it ighty well reject your own users.
> The check_policy_service line is the postgrey daemon. Doesn't stop
> alot, maybe 5-10 per day of 1000, but it's a needed safety net. Your
> anti spam toolbox needs many tools to make all the tools effective as a
> whole. Merely adding fqrdns.pcre has put a big smile on the faces of
> quite a few OPs.
> As always, do a "postfix reload" after making changes to main.cf.