> On 23 Sep 2019, at 1:59 am, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > On Sun, 22 Sep 2019 at 14:36, Paul van der Vlis <p...@vandervlis.nl> wrote: >> >> Hello, >> >> I would like some suggestions on how to get less spam, I will paste my >> configuration at the end of the mail. >> >> Maybe somebody with a nice setup could post his/her setup? >> >> As you can see, I am experimenting with reject_unknown_client_hostname. >> What's your opinion about that setting? >> >> I've never used greylisting. Are you using it? > > I have been tweaking my settings for the last three years largely > based on advice from this list. I give below my (slightly simplified) > smtpd_recipient_restrictions settings for unauthenticated connections > (suggestions for improvement very welcome). I also apply some > header_checks and use spamassassin and clamav (via amavis) with some > bespoke rules. > > I think it is inadvisable to use reject_unknown_client_hostname (risk > of fps) but I have found reject_unknown_reverse_client_hostname very > effective. I tried greylisting but gave it up - it isn't necessary and > the delays were very irritating to users (e.g. for password reset > emails). > > smtpd_recipient_restrictions = > reject_unauth_pipelining > > # localfile whitelists > check_sender_access hash:/etc/postfix/sender_access_whitelist > check_client_access hash:/etc/postfix/client_access_whitelist > check_client_access cidr:/etc/postfix/client_access_whitelist.cidr > check_helo_access hash:/etc/postfix/helo_access_whitelist > > # localfile blacklists > check_sender_access hash:/etc/postfix/sender_access > check_client_access hash:/etc/postfix/client_access > check_helo_access hash:/etc/postfix/helo_access > check_sender_access pcre:/etc/postfix/sender_access.pcre > > # reject clients without PTR > reject_unknown_reverse_client_hostname > > # reject clients with dynamic ips > reject_rbl_client dul.dnsbl.sorbs.net=127.0.0.10 > > # rejections based on rbls for helo/sender/reverse_client > reject_rhsbl_helo dbl.spamhaus.org > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_reverse_client dbl.spamhaus.org > reject_rhsbl_sender fresh.fmb.la=127.2.0.[2;14] > > # ip-based remote whitelists > permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3] > permit_dnswl_client white.uribl.com > permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.[1;3;5] > > # ip-based remote blacklists > reject_rbl_client zen.spamhaus.org > reject_rbl_client dyna.spamrats.com > reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2 > reject_rbl_client truncate.gbudb.net > reject_rbl_client dnsbl.cobion.com > reject_rbl_client bl.fmb.la=127.0.0.2 > reject_rbl_client b.barracudacentral.org > Just wondering if it is worth using Razor.
https://sourceforge.net/projects/razor/ Do people find it useful? Anyone using it? Seems at bit dated. Thanks, James.
smime.p7s
Description: S/MIME cryptographic signature
