On Wed, 10 Oct 2012 10:43:47 -0500, Paul Schmehl <g...@stovebolt.com>
wrote:
> readme files, but some of this stuff is above my pay grade. I get
> confused and am not sure what to do.
In order to benefit from postscreen you need to change both master.cf
and main.cf.
Assuming that you are starting with a fresh Postfix install:
I. To change master.cf:
a) comment out the line that starts with smtp and ends with smtpd
b) uncomment the lines that: start with smtpd and end in pass; or the
lines that have the following terms in them 'postscreen', 'dnsblog'
'tlsproxy'
In a debian/ubuntu linux you would only need to execute the following
single line command as root:
sed -i
's,^smtp .*smtpd$,#&,;/\(smtpd .*pass\|postscreen\|dnsblog\|tlsproxy\)/s/^#//'
/etc/postfix/master.cf
II. To change main.cf (maybe it will be safer for you to use the
postconf -e '' construct, instead of editing main.cf directly).
You could start with the following:
a) to enforce tests & log attempts
postconf -e 'postscreen_blacklist_action = enforce'
postconf -e 'postscreen_dnsbl_action = enforce'
postconf -e 'postscreen_greet_action = enforce'
b) to benefit from RBL lists
# ( do check options at: http://www.sdsc.edu/~jeff/spam/cbc.html )
postconf -e 'postscreen_dnsbl_sites = bl.spamcop.net,
zen.spamhaus.org, dnsbl.sorbs.net'
postconf -e 'postscreen_dnsbl_threshold = 1'
c) to enable (more expansive) tests after the 220 SMTP greeting
postconf -e 'postscreen_pipelining_enable = yes'
postconf -e 'postscreen_non_smtp_command_enable = yes'
postconf -e 'postscreen_bare_newline_action = enforce'
postconf -e 'postscreen_bare_newline_enable = yes'
All other postscreen related settings will work rather well at their
default values. Probably you will not need to explicitly set them.
Finally, remember that changes at master.cf need a Postfix restart. A simple
'reload' won't be enough). So, after executing the above commands, run as root:
/etc/init.d/postfix restart
Regards,
Mark
