Despues de unos dias con dolores de cabeza con el tema del spam y al hablar con un compañero, que sabe lo que no esta escrito sobre postfix y sistemas de correo, me comento que estaba usando el paquete Postfix Forwarder de pfSense como sistema antispam y le estaba dando muy buen resultado asi que dejo aqui el archivo main.cf para poder replicar la configuracion que nos interese en nuestros sistemas
#main.cf\ #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck #Copyright (C) 2011 Marcello Coutinho #All rights reserved. #DO NOT EDIT THIS FILE mynetworks = /usr/local/etc/postfix/mynetwork_table mynetworks_style = host header_checks = pcre:/usr/local/etc/postfix/header_check header_size_limit = 1024000 smtpd_discard_ehlo_keywords = dsn relay_domains = XXXX.net XXXXXXXXX.cat transport_maps = hash:/usr/local/etc/postfix/transport local_recipient_maps = relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients mydestination = mynetworks_style = host message_size_limit = 50240000 default_process_limit = 10 disable_vrfy_command = yes strict_rfc821_envelopes = yes #Just reject after helo,sender,client,recipient tests smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, reject_multi_recipient_bounce, permit # Allow connections from specified local clients and strong check everybody else. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, reject_spf_invalid_sender, permit #Saving all mail after header/body/rbl/spf checks to mailscanner postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/cal_cidr postscreen_dnsbl_action= enforce postscreen_blacklist_action= enforce postscreen_dnsbl_sites=dnsbl.sorbs.net, bl.spamcop.net*2, dnslb.local*-5, cbl.abuseat.org, b.barracudacentral.org postscreen_dnsbl_threshold=2
Tags
- pfsense
- postfix
- spam
Add new comment