
Cutting down on Postfix spam relaying
Postfix, it's used with many a LAMP stack to send out messages from a site, unfortunately it's prone to relaying many spam messages out of the box.
The below code can be easily appended to Postfix's main.cf to drastically reduce the authorization hole.
On Ubuntu you'll find the file at /etc/postfix/main.cf
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/helo_client_exceptions
check_sender_access hash:/etc/postfix/sender_checks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_sender dsn.rfc-ignorant.org,
permit
Then restart postfix: /etc/init.d/postfix restart
A couple of other handy commands:
- Check the mail queue with mailq
- Empty the queue with postsuper -d ALL
Image credit: Flickr user "Alan Levine"
⬅️ There's more to read on the blog overview
I'm Ken Hawkins
I do web architecture, holistic design, and a bit of UX and development.
If you want to learn more about me and what I do head to the front page, or:
- 🐦 Twitter @khawkins98
- ✉️ [email protected]
This site is a playground 🙈
What you're seeing was made with a combination 1 2 of the Foundation Framework, CSS/Sass, responsive design, Gulp, Panini static site generator, Markdown and some other stuff and then hosted through Travis CI and Github pages3.
In years past I would have likely made this site with Drupal, but for smaller sites with savvy editors I've been using static site combinations to simplify maintenance.