Wietse Venema put forth on 10/1/2009 12:34 PM: > The REAL mistake in your setup is that you forward SPAM into gmail. > This causes gmail to treat your machine as a SPAMMER, and may affect > legitimate mail that you do want to receive.
110% correct. > You must NEVER bounce SPAM to the sender address, because in most > cases that is not the sender. Exactly. Most MAIL FROM: addresses in spam are forged. Bouncing spam messages after you receive them merely creates outscatter http://en.wikipedia.org/wiki/Backscatter_(e-mail), and makes your MX a spam source in the eyes of receivers. You need to reject all spam (or as much as possible) at the inbound SMTP stage on your Postfix MX. Welcome to the world of spam fighting Jose. It's probably as important as any other aspect of running an MX host in 2009 and beyond. You need to implement some basic anti spam/UCE controls on your Postfix MX asap. Adding the following to your main.cf and restarting Postfix would be a good place to start immediately: disable_vrfy_command = yes smtpd_client_restrictions = reject_unknown_reverse_client_hostname smtpd_helo_required = yes smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com This is just a basic setup and will help kill most of the spam you're currently receiving. As time passes and more spammers get ahold of the email addresses at your domain, you'll need to implement additional measures. There is plenty of Postfix antispam/UCE documentation available on the Postfix website and other places easily found with Google. There are also many antispam mailing lists you could join to gain knowledge and experience on the subject as well. Probably the first thing you should look at implementing is Postgrey: http://postgrey.schweikert.ch/ If you can, install the version available through your operating system's package management system, instead of manually installing all the components from the Postgrey website. Hope this gets you off to a good start. -- Stan
