Postfix
A nearly standard Postfix installation with only some minor customizations
- Postscreen support, filter out the worst spambots
- Proxy Protocol with HAProxy (the original ip-address is forwarded to Postfix)
- DNSBL support
Installation
apt-get install postfix
Postscreen
Changes to
/etc/postfix/master.cf
...
#smtp inet n - - - - smtpd
smtp inet n - - - 1 postscreen
smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
...
Proxy Protocol
Changes to
/etc/postfix/main.cf
which can be added to the end of the file
Receive the original client-ip address via the proxy procotol
postscreen_upstream_proxy_protocol = haproxy
DNS black lists
Support for
DNS Black lists.
smtpd_recipient_restrictions
happens at RCPT TO level, so before the message enters Spamassassin.
smtpd_recipient_restrictions =
reject_rbl_client sbl-xbl.spamhaus.org,
permit
Maildir
Deliver mail in ~/Maildir
home_mailbox = Maildir/
Follow the
OpenLDAP client installation instructions on how the LDAP users are made know to Postfix.
Spamassassin
With small modifications from
http://forums.sentora.org/showthread.php?tid=22
Spamassassin is very "expensive" compared to Postscreen and DNSBL.
Installation
apt-get install spamassassin spamc libmail-dkim-perl libmail-spf-perl pyzor razor bzip2 file gzip unzip zip
Run as non-root user
In order to run SpamAssassin as non-root user, create a new user specific for this task.
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
mkdir /var/log/spamassassin
chown spamd:spamd /var/log/spamassassin
/etc/default/spamassassin
ENABLED=1
CRON=1
...
SAHOME="/var/log/spamassassin/"
OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"
And change/update
/etc/postfix/master.cf
(again) so spamassassin is included, after the check performed by Postscreen.
...
#smtp inet n - - - - smtpd
smtp inet n - - - 1 postscreen
smtpd pass - - - - - smtpd -o content_filter=spamassassin
#dnsblog unix - - - - 0 dnsblog
...
Add at the end of the
master.cf
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
/etc/spamassassin/local.cf
rewrite_header Subject [*** SPAM ***]
required_score 3.0
Restart
spamassassin
and
postfix
.