Postfix的垃圾邮件控制
垃圾邮件是任何有邮件服务器的人的主要问题。 很多时候,垃圾邮件会发送到不存在的电子邮件地址。 但是,即使没有交付,它仍然是您的服务器。 其他时候,用户收件箱中将会出现令人讨厌的关于伟哥,妓女,免费软件等信息。
以下是一个解决方案。 我的努力不断积累,以尽我最大的能力阻止垃圾邮件。 到目前为止,它有97%的成功率,已经处理了超过20,000封电子邮件(垃圾邮件和火腿)。
按照说明进行操作。 如果事情似乎不清楚,我会根据需要进行更新/修改。 随意问
1)安装Postgrey,RRD,日志解析器和Graphing工具。
apt-get install postgrey rrdtool mailgraph pflogsumm
默认情况下,Postgrey将在您的邮箱的电子邮件中延迟5分钟。 如果这太长,则通过添加--delay = 120编辑/ etc / default / postgrey文件,其中120是秒。
2)重新启动Postgrey服务器。
/etc/init.d/postgrey restart
3)编辑Postfix main.cf.
我们将添加几个东西,包括Postgrey配置。
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = my.derekgordon.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = my.derekgordon.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128 66.118.142.78
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org, reject_rbl_client smtp.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multihop.dsbl.org, check_recipient_access regexp:/etc/postfix/spamtrap, permit
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
从Debian Lenny安装中的通用main.cf中,我添加/修改了BOLD区域。
4)在/ etc / postfix /目录中创建一个名为“spamtrap”的文件。
这用作过滤器。 如果垃圾邮件通过电子邮件发送到您的计算机上的此地址和其他地址,它将丢弃该电子邮件,以免其他邮箱。
spamtrap文件如下所示:
/emailcontrol.*@derekgordon\.com/ DISCARD
这是正则表达式,所以必须使用斜杠。 我的过滤器电子邮件是emailcontrol@derekgordon.com ,因此进行相应的编辑,并将其放入spamtrap文件中!
旁注:不要使用ISPConfig创建此邮箱。 绝对没有理由存在于你的邮件服务器上。 这是一个假地址,意在捕捉令人讨厌的垃圾邮件。
5)为SpamAssassin打开local.cf并添加以下位。
这将是一个额外的过滤器,旨在与SA一起工作,而不是一般的Postfix。
nano /etc/spamassassin/local.cf
在底部添加以下内容:
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
