You are here: Foswiki>HomeInfra Web>Postfix (07 Oct 2017, AdminUser)Edit Attach


A nearly standard Postfix installation with only some minor customizations
  • Postscreen support, filter out the worst spambots
  • Proxy Protocol with HAProxy (the original ip-address is forwarded to Postfix)
  • DNSBL support


apt-get install postfix


Changes to /etc/postfix/

#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog

Proxy Protocol

Changes to /etc/postfix/ which can be added to the end of the file

Receive the original client-ip address via the proxy procotol
postscreen_upstream_proxy_protocol = haproxy

DNS black lists

Support for DNS Black lists. smtpd_recipient_restrictions happens at RCPT TO level, so before the message enters Spamassassin.
smtpd_recipient_restrictions =


Deliver mail in ~/Maildir
home_mailbox = Maildir/

Follow the OpenLDAP client installation instructions on how the LDAP users are made know to Postfix.


With small modifications from Spamassassin is very "expensive" compared to Postscreen and DNSBL.


apt-get install spamassassin spamc libmail-dkim-perl libmail-spf-perl pyzor razor bzip2 file gzip unzip zip

Run as non-root user

In order to run SpamAssassin as non-root user, create a new user specific for this task.
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
mkdir /var/log/spamassassin
chown spamd:spamd /var/log/spamassassin

Configure Spamassassin

OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"

And change/update /etc/postfix/ (again) so spamassassin is included, after the check performed by Postscreen.
#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd -o content_filter=spamassassin
#dnsblog   unix  -       -       -       -       0       dnsblog

Add at the end of the
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

rewrite_header Subject [*** SPAM ***]
required_score 3.0 

Restart spamassassin and postfix.
Topic revision: r13 - 07 Oct 2017, AdminUser
This site is powered by FoswikiCopyright © by Eddy Vervest