Sometimes, it is very helpful to get a view of how all the parts fit together, their inter-dependencies for configuration, some aspect of data flow, etc. In some cases, these 'kitchen sink' articles serve that purpose very well, not to mention sometimes citing/or based on OS install specifics wrt directory structures, permissions, etc. So, having pointed the OP to a wealth of detailed info, and having reviewed 'quite a few "kitchen sink" articles" perhaps you could suggest one or two of the better ones????
On Sun, Mar 25, 2012 at 10:34 AM, /dev/rob0 <[email protected]> wrote: > On Sun, Mar 25, 2012 at 10:15:40AM +0600, Vishal Agarwal wrote: > > I want to reinstall postfix server right from scratch with spam > > filter, grey listing and antivirus support working on submission > > port. Pl suggest/advise any practical working tutorial. > > I have reviewed quite a few of what I call the "kitchen sink" > tutorials on the web, those which include "everything but the kitchen > sink" (a colloquial expression. Most of them are very weak for > various reasons. IMO they're trying to cover too much material. They > cannot take the place of the software documentation. > > The right thing to do is to take it in pieces, so you understand > about each piece. > > Installing Postfix: > http://www.postfix.org/INSTALL.html > http://www.postfix.org/BASIC_CONFIGURATION_README.html > > Spam filter & greylisting: > http://www.postfix.org/POSTSCREEN_README.html > (and Google this mailing list for my example postscreen config) > http://www.postfix.org/SMTPD_ACCESS_README.html > http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt > > I don't recommend greylisting other than what postscreen(8) does, > assuming you choose to activate the "deep protocol tests". YMMV of > course, but many spam zombies do go through their lists twice or > more. > > Note that greylisting and postscreen make no sense at all and will > not work on submission. Likewise, such tactics as DNSBL lookups and > HELO checks are counterproductive when applied to submission users. > > A submission example is in your master.cf, but it requires SASL and > strongly suggests the need for TLS: > http://www.postfix.org/SASL_README.html > http://www.postfix.org/TLS_README.html > > Somewhere along the way (before SASL) you should choose an IMAP > server. Dovecot simplifies the SASL setup: > http://www.dovecot.org/ > http://wiki2.dovecot.org/ for documentation > > Antivirus / antizombie protection on submission is very important. > You're not going to be able to do that natively in Postfix. You'll > want rate limiting and content filtering. > > For rate limiting, a policy service is useful. See this: > http://www.postfix.org/SMTPD_POLICY_README.html > > Consider one of the following third-party packages: > http://www.postfwd.org/ > http://www.policyd.org/ > > For content filtering, I'd recommend amavisd-new with SpamAssassin as > a post-queue filter. I think you will have to tweak the default > amavisd configuration to do filtering of submission mail. See here: > http://www.amavisd.org/ > > (And NB to Mark: I think now is the time to reconsider that default, > because authenticating malware is on the rise, and one such > experience can be devastating, getting you blocked everywhere.) > > Amavisd-new can chain multiple filters, and it invokes SA internally > as perl modules, but you might also be interested in their sites: > http://spamassassin.apache.org/ > > IME clamav did not matter much on inbound mail when using the > aforementioned Postfix-based spam controls, but it might be useful > against authenticating malware, and it certainly does not hurt to > have it deployed and ready. See here: > http://www.clamav.net/ > > Yes, that is a lot of stuff to cover. Mail admin is not for the faint > of heart. :) Good luck. > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: >
