You are here: Foswiki>HomeInfra Web>Postfix (31 Aug 2016, AdminUser)Edit Attach

digraph {


message [color="red", shape="signature"]; Maildir [color="darkgreen",shape="folder"];

message -> postscreen [color="red",style="bold"];

subgraph cluster_0 { rankdir=TB; label="Postfix"; style="rounded,bold"; bgcolor="brown2:green2";

postscreen -> smtpd; } smtpd -> DNSBL [dir="both"]; smtpd -> Spamassassin [dir="both"]; smtpd -> Maildir [color="green",style="bold"]; }


A nearly standard Postfix installation with only some minor customizations
  • Postscreen support, filter out the worst spambots
  • Proxy Protocol with HAProxy (the original ip-address is forwarded to Postfix)
  • DNSBL support


apt-get install postfix


Changes to /etc/postfix/

#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog

Proxy Protocol

Changes to /etc/postfix/ which can be added to the end of the file

Receive the original client-ip address via the proxy procotol
postscreen_upstream_proxy_protocol = haproxy

DNS black lists

Support for DNS Black lists. smtpd_recipient_restrictions happens at RCPT TO level, so before the message enters Spamassassin.
smtpd_recipient_restrictions =


Deliver mail in ~/Maildir
home_mailbox = Maildir/

Follow the OpenLDAP client installation instructions on how the LDAP users are made know to Postfix.


With small modifications from Spamassassin is very "expensive" compared to Postscreen and DNSBL.


apt-get install spamassassin spamc libmail-dkim-perl libmail-spf-perl pyzor razor bzip2 file gzip unzip zip

Run as non-root user

In order to run SpamAssassin as non-root user, create a new user specific for this task.
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
mkdir /var/log/spamassassin
chown spamd:spamd /var/log/spamassassin

Configure Spamassassin

OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"

And change/update /etc/postfix/ (again) so spamassassin is included, after the check performed by Postscreen.
#smtp      inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd -o content_filter=spamassassin
#dnsblog   unix  -       -       -       -       0       dnsblog

Add at the end of the
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

rewrite_header Subject [*** SPAM ***]
required_score 3.0 

Restart spamassassin and postfix.
Topic revision: r9 - 31 Aug 2016, AdminUser - This page was cached on 18 Apr 2017 - 10:26.

This site is powered by FoswikiCopyright © by Eddy Vervest