You are here: Foswiki>HomeInfra Web>Postfix (31 Aug 2016, AdminUser)Edit Attach

digraph {

rankdir=LR;

message [color="red", shape="signature"]; Maildir [color="darkgreen",shape="folder"];

message -> postscreen [color="red",style="bold"];

subgraph cluster_0 { rankdir=TB; label="Postfix"; style="rounded,bold"; bgcolor="brown2:green2";

postscreen -> smtpd; } smtpd -> DNSBL [dir="both"]; smtpd -> Spamassassin [dir="both"]; smtpd -> Maildir [color="green",style="bold"]; }

Postfix

A nearly standard Postfix installation with only some minor customizations
  • Postscreen support, filter out the worst spambots
  • Proxy Protocol with HAProxy (the original ip-address is forwarded to Postfix)
  • DNSBL support

Installation

apt-get install postfix

Postscreen

Changes to /etc/postfix/master.cf

...
#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
...

Proxy Protocol

Changes to /etc/postfix/main.cf which can be added to the end of the file

Receive the original client-ip address via the proxy procotol
postscreen_upstream_proxy_protocol = haproxy

DNS black lists

Support for DNS Black lists. smtpd_recipient_restrictions happens at RCPT TO level, so before the message enters Spamassassin.
smtpd_recipient_restrictions =
        reject_rbl_client sbl-xbl.spamhaus.org,
        permit

Maildir

Deliver mail in ~/Maildir
home_mailbox = Maildir/

Follow the OpenLDAP client installation instructions on how the LDAP users are made know to Postfix.

Spamassassin

With small modifications from http://forums.sentora.org/showthread.php?tid=22 Spamassassin is very "expensive" compared to Postscreen and DNSBL.

Installation

apt-get install spamassassin spamc libmail-dkim-perl libmail-spf-perl pyzor razor bzip2 file gzip unzip zip

Run as non-root user

In order to run SpamAssassin as non-root user, create a new user specific for this task.
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
mkdir /var/log/spamassassin
chown spamd:spamd /var/log/spamassassin

Configure Spamassassin

/etc/default/spamassassin
ENABLED=1
CRON=1
...
SAHOME="/var/log/spamassassin/"
OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"

And change/update /etc/postfix/master.cf (again) so spamassassin is included, after the check performed by Postscreen.
...
#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd -o content_filter=spamassassin
#dnsblog   unix  -       -       -       -       0       dnsblog
...

Add at the end of the master.cf
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

/etc/spamassassin/local.cf
rewrite_header Subject [*** SPAM ***]
required_score 3.0 

Restart spamassassin and postfix.
Topic revision: r9 - 31 Aug 2016, AdminUser - This page was cached on 18 Apr 2017 - 10:26.

This site is powered by FoswikiCopyright © by Eddy Vervest