Hi Andreas, On 04/16/2012 01:46 PM, lst_ho...@kwsoft.de wrote: > > Zitat von Stephane Wirtel <stephane.wir...@gmail.com>: > >> Dear Postfix Jedi, >> >> I need your help to secure a new postfix server against the SPAM flooding. >> >> Currently I have an old postfix based on an old debian server and since >> some days, my server is subject to the SPAM flooding (+- 50k mails/hours). > > What do you mean by 50K mails/hour? > Do the mails really enter your Postfix queue? yes > Do you mean connection attempts? > >> So, I have decided to reconfigure a new server with an updated >> distribution, because the old distribution is not supported by debian (too >> old). >> >> For this new server, I think to use >> 1. SASL (authentication) >> 2. TLS for the SMTP server. >> 3. use the smtpd_client_restrictions = permit_sasl_authenticated, >> permit_mynetwork >> 4. I use pgsql server for the domains and the mailboxes. > > http://www.postfix.org/pgsql_table.5.html > Have a look at the "domain" setting, it could lower the pressure for the DB > and > http://www.postfix.org/proxymap.8.html for reducing the number of connections > to the DB. for the connections to the database, it's not a problem, I can use proxymap or pg_pool, because I use postgresql everyday > >> 5. postgrey and some rbl servers > > Be sure to configure postgrey to tailor your needs, the defaults are not > optimal for all cases. Stan has proposed to me to use postscreen. > >> I have some questions, >> 1. is it enough ? (I think no, but if you have advice, I'm very interested) > > Carefully configured it could be enough. You might need to setup a "personal" > blocklist for your > favorite Spam net not included in the RBLs. > >> 2. do you know some "secure" and "efficient" rbl servers ? > > Have a look at multirbl.valli.org for example and be sure to read and > understand the operation > statement of the RBLs you like to choose. Also check if the DNS latency to > this RBLs are low. > >> 3. Do I have to use SPF in my ns ? > > SPF does nothing about your incoming Spam load, it might help for delivery > problems to some > destinations like Hotmail. It's my case, I have some problems with Hotmail and Gmail.
Thank you Regards, Stéphane
