Spam Control

FIRST PUBLISHED HOWTO: SPAM CONTROL ON LINUX MAIL SERVERS

Below is a solution to inhibit the delivery of most of the spam that might hit your mail server. It's an ongoing development of mine that has been shared with Linux usergroups. I'm posting it here so that it has a home on my personal website as well.

So, I began to do some research and have come up with a modified main.cf for Postfix and a need to install Postgrey:

1) Install Postgrey

apt-get install postgrey

Postgrey will have a delay of 5 minutes by default on email going to your mailbox. If this is too long, edit the /etc/default/postgrey file by adding "--delay=120" where 120 is seconds.

2) Restart the Postgrey server.

/etc/init.d/postgrey restart

3) edit the Postfix main.cf. We will be adding several things including the Postgrey configuration.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first

# line of that file to be used as the name. The Debian default

# is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

biff = no

# appending .domain is the MUA's job.

append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters

smtpd_tls_cert_file = /etc/postfix/smtpd.cert

smtpd_tls_key_file = /etc/postfix/smtpd.key

smtpd_use_tls = yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

myhostname = my.derekgordon.com

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = my.derekgordon.com, localhost, localhost.localdomain

relayhost =

mynetworks = 127.0.0.0/8 [::1]/128 66.118.142.78

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

html_directory = /usr/share/doc/postfix/html

virtual_alias_domains =

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf

virtual_mailbox_base = /var/vmail

virtual_uid_maps = static:5000

virtual_gid_maps = static:5000

smtpd_sasl_auth_enable = yes

broken_sasl_auth_clients = yes

smtpd_sasl_authenticated_header = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multihop.dsbl.org, check_recipient_access regexp:/etc/postfix/spamtrap, permit

smtpd_tls_security_level = may

transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf

relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf

virtual_create_maildirsize = yes

virtual_maildir_extended = yes

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = "The user you are trying to reach is over quota."

virtual_overquota_bounce = yes

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf

smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf

maildrop_destination_concurrency_limit = 1

maildrop_destination_recipient_limit = 1

virtual_transport = maildrop

header_checks = regexp:/etc/postfix/header_checks

mime_header_checks = regexp:/etc/postfix/mime_header_checks

nested_header_checks = regexp:/etc/postfix/nested_header_checks

body_checks = regexp:/etc/postfix/body_checks

content_filter = amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings

message_size_limit = 0

disable_vrfy_command = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit

From a generic main.cf found in the Debian Lenny installation, I added/modified the BOLD areas.

4) Create a file named "spamtrap" in the /etc/postfix/ directory. This serves as a filter. If spam is emailed to this address and other addresses on your machine, it will drop that email so that it doesn't get to any other mailboxes.

spamtrap file looks like this:

/emailcontrol.*@derekgordon\.com/ DISCARD

This is regexp so the slashes have to be used. My filter email is [email]emailcontrol@derekgordon.com[/email] so edit accordingly and place in the spamtrap file!!!

Side note: Do not create this mailbox using ISPConfig. There is absolutely no reason for it to exist on your mailserver. It's a fake address meant to catch annoying spam.

5) Restart Postfix

/etc/init.d/postfix restart

ALL DONE!!! THE spam has decreased about 600% in the first full day of use. My personal email box, which was receiving 15 - 20 spam emails a day without Postgrey now receives 1.

If you want to leave feedback on this method, or have questions, you may post those to my original thread at http://www.howtoforge.com/forums/showthread.php?t=48608