in einem Forum unter http://www.free-av.de/cgi-bin/ubb/ultim ... 2&go=newer habe ich folgenden Beitrag gefunden, der mir doch etwas zu denken gab.
Den Thread sollten sich evt. mal die 'Experten' von Euch 'reinziehen' !
Ich bin jetzt völlig verunsichert, ob ich vielleicht 'ne 'unbrauchbare', oder zumindest nicht optimale 'main.conf' in Sachen "Spam-Abwehr" für Postfix habe !I had a look at the URL you mentioned.
http://www.rootforum.org/faq/index.php? ... 41&lang=de
The one who wrote this howto (luckily, not you) has no idea what he/she is doing.
The 'maps_rbl_domains' (deprecated) parameter in this configuration file needs the (also deprecated) 'reject_maps_rbl' and not 'reject_rbl_client'.
The prerequisite of having to run your own (publicly available) mailserver for the spam controls to work is one of the more essential omissions in this article.
I suggest to have a look at 'http://www.postfix.org/uce.html' to find out how Postfix can help you to reduce spam.
--------------------
Arjen de Korte
Hier der Inhalt meiner main.cf
Code: Select all
message_size_limit = 30240000
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
default_privs = autoresp
## Anfang von ANTI-SPAM ##
## damit wird festgelegt: Wenn einer davon Hier ruft, ists n spammer
maps_rbl_domains = sbl.spamhaus.org,
relays.ordb.org,
unconfirmed.dsbl.org,
bl.spamcop.net,
blackhole.securitysage.com,
dul.dnsbl.sorbs.net,
dnsbl.njabl.org,
cbl.abuseat.org,
opm.blitzed.org,
list.dsbl.org
## Wir wollen auch nen Helo sehen... ##
smtpd_helo_required = yes
## AntiVir als Content-Filter
content_filter = smtp:127.0.0.1:10024
myhostname = p15xxxxxx.pureserver.info
mydomain = meine-domain.de
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, smtp.$mydomain
mynetworks_style = host
local_recipient_maps = $alias_maps unix:passwd.byname
# in_flow_delay = 1s
in_flow_delay = 0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#recipient_delimiter = +
mail_spool_directory = /var/mail
# JUNK MAIL CONTROLS
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
fast_flush_domains = $relay_domains
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
#suseconfig:
canonical_maps = hash:/etc/postfix/canonical
# virtual_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
### CONFIXX POSTFIX ENTRY ###
virtual_maps = hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
### /CONFIXX POSTFIX ENTRY ###
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
inet_interfaces = all
masquerade_domains = knut-bewersdorff.de
smtpd_sender_restrictions = hash:/etc/postfix/access
strict_rfc821_envelopes = no
#strict_rfc821_envelopes = yes
## ANTI-SPAM ##
##und hier kommen die Begrenzungen....
## erlaubt nur die, die per sasl den smtp-auth-server ansprechen.
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_relay_domains,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_unknown_hostname,
reject_unknown_sender_domain,
reject_maps_rbl,
reject_unauth_destination,
reject_unauth_pipelining
#SMTPD Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
#TLS Support
smtpd_use_tls = yes
# smtpd_enforce_tls = no
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
mfg
steelking
