On Sun, Mar 25, 2012 at 10:15:40AM +0600, Vishal Agarwal wrote: > I want to reinstall postfix server right from scratch with spam > filter, grey listing and antivirus support working on submission > port. Pl suggest/advise any practical working tutorial.
I have reviewed quite a few of what I call the "kitchen sink" tutorials on the web, those which include "everything but the kitchen sink" (a colloquial expression. Most of them are very weak for various reasons. IMO they're trying to cover too much material. They cannot take the place of the software documentation. The right thing to do is to take it in pieces, so you understand about each piece. Installing Postfix: http://www.postfix.org/INSTALL.html http://www.postfix.org/BASIC_CONFIGURATION_README.html Spam filter & greylisting: http://www.postfix.org/POSTSCREEN_README.html (and Google this mailing list for my example postscreen config) http://www.postfix.org/SMTPD_ACCESS_README.html http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt I don't recommend greylisting other than what postscreen(8) does, assuming you choose to activate the "deep protocol tests". YMMV of course, but many spam zombies do go through their lists twice or more. Note that greylisting and postscreen make no sense at all and will not work on submission. Likewise, such tactics as DNSBL lookups and HELO checks are counterproductive when applied to submission users. A submission example is in your master.cf, but it requires SASL and strongly suggests the need for TLS: http://www.postfix.org/SASL_README.html http://www.postfix.org/TLS_README.html Somewhere along the way (before SASL) you should choose an IMAP server. Dovecot simplifies the SASL setup: http://www.dovecot.org/ http://wiki2.dovecot.org/ for documentation Antivirus / antizombie protection on submission is very important. You're not going to be able to do that natively in Postfix. You'll want rate limiting and content filtering. For rate limiting, a policy service is useful. See this: http://www.postfix.org/SMTPD_POLICY_README.html Consider one of the following third-party packages: http://www.postfwd.org/ http://www.policyd.org/ For content filtering, I'd recommend amavisd-new with SpamAssassin as a post-queue filter. I think you will have to tweak the default amavisd configuration to do filtering of submission mail. See here: http://www.amavisd.org/ (And NB to Mark: I think now is the time to reconsider that default, because authenticating malware is on the rise, and one such experience can be devastating, getting you blocked everywhere.) Amavisd-new can chain multiple filters, and it invokes SA internally as perl modules, but you might also be interested in their sites: http://spamassassin.apache.org/ IME clamav did not matter much on inbound mail when using the aforementioned Postfix-based spam controls, but it might be useful against authenticating malware, and it certainly does not hurt to have it deployed and ready. See here: http://www.clamav.net/ Yes, that is a lot of stuff to cover. Mail admin is not for the faint of heart. :) Good luck. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
