Zitat von Stephane Wirtel <stephane.wir...@gmail.com>:
Dear Postfix Jedi,
I need your help to secure a new postfix server against the SPAM flooding.
Currently I have an old postfix based on an old debian server and since
some days, my server is subject to the SPAM flooding (+- 50k mails/hours).
What do you mean by 50K mails/hour?
Do the mails really enter your Postfix queue?
Do you mean connection attempts?
So, I have decided to reconfigure a new server with an updated
distribution, because the old distribution is not supported by debian (too
old).
For this new server, I think to use
1. SASL (authentication)
2. TLS for the SMTP server.
3. use the smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetwork
4. I use pgsql server for the domains and the mailboxes.
http://www.postfix.org/pgsql_table.5.html
Have a look at the "domain" setting, it could lower the pressure for
the DB and http://www.postfix.org/proxymap.8.html for reducing the
number of connections to the DB.
5. postgrey and some rbl servers
Be sure to configure postgrey to tailor your needs, the defaults are
not optimal for all cases.
I have some questions,
1. is it enough ? (I think no, but if you have advice, I'm very interested)
Carefully configured it could be enough. You might need to setup a
"personal" blocklist for your favorite Spam net not included in the
RBLs.
2. do you know some "secure" and "efficient" rbl servers ?
Have a look at multirbl.valli.org for example and be sure to read and
understand the operation statement of the RBLs you like to choose.
Also check if the DNS latency to this RBLs are low.
3. Do I have to use SPF in my ns ?
SPF does nothing about your incoming Spam load, it might help for
delivery problems to some destinations like Hotmail.
Regards
Andreas
