如何阻止垃圾邮件之前它进入服务器(Postfix)

如何阻止垃圾邮件进入服务器(Postfix)

版本1.0
作者:Falko Timme

最近几个星期,垃圾邮件大幅增加(再次)。 估计垃圾邮件现在占所有电子邮件的80-90%,而且许多邮件服务器在管理最新垃圾邮件造成的额外负载方面遇到困难,垃圾邮件过滤器(如垃圾邮件社区)也不会像垃圾邮件那样识别大部分垃圾邮件之前。 幸运的是,我们可以在MTA级别阻止大量的垃圾邮件,例如通过使用黑名单,在发件人和收件人域上运行测试等。这样做的另一个好处是它会降低邮件服务器的负载,因为(资源匮乏的)垃圾邮件过滤器必须查看较少的电子邮件。

我不会保证这将为您工作!

1初步说明

这只是一个快速指南,向您展示如何在进入服务器之前配置Postfix(2.x和1.x)来阻止垃圾邮件。 它或多或少是不言自明的。 但是,将它应用于您自己的邮件服务器后,应该检查邮件日志以确保没有合法的邮件被阻止。

您还应该看看本指南: http : //www.youcl.com/virtual_postfix_antispam

而这个类别: http : //www.youcl.com/taxonomy_menu/1/78/24有一些更好的反垃圾邮件解决方案。

2 Postfix 2.x

打开/etc/postfix/main.cf并在其中放置以下行(替换相应的设置(如果存在)):

vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

smtpd_recipient_restrictions =
            reject_invalid_hostname,
            reject_unknown_recipient_domain,
            reject_unauth_pipelining,
            permit_mynetworks,
            permit_sasl_authenticated,
            reject_unauth_destination,
            reject_rbl_client multi.uribl.com,
            reject_rbl_client dsn.rfc-ignorant.org,
            reject_rbl_client dul.dnsbl.sorbs.net,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client sbl-xbl.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client ix.dnsbl.manitu.net,
            reject_rbl_client combined.rbl.msrbl.net,
            reject_rbl_client rabl.nuclearelephant.com,
            permit
[...]

之后重新启动Postfix:

/etc/init.d/postfix restart

3 Postfix 1.x

打开/etc/postfix/main.cf并在其中放置以下行(替换相应的设置(如果存在)):

vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

maps_rbl_domains =
            multi.uribl.com,
            dsn.rfc-ignorant.org,
            dul.dnsbl.sorbs.net,
            list.dsbl.org,
            sbl-xbl.spamhaus.org,
            bl.spamcop.net,
            dnsbl.sorbs.net,
            cbl.abuseat.org,
            ix.dnsbl.manitu.net,
            combined.rbl.msrbl.net,
            rabl.nuclearelephant.com

smtpd_recipient_restrictions =
            permit_sasl_authenticated,
            permit_mynetworks,
            reject_invalid_hostname,
            reject_non_fqdn_hostname,
            reject_non_fqdn_sender,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            reject_maps_rbl,
            check_relay_domains
[...]

之后重新启动Postfix:

/etc/init.d/postfix restart

4更多黑名单

您可以在这里找到更多可以添加到Postfix配置的DNS&RHS黑洞列表: http : //spamlinks.net/filter-dnsbl-lists.htm

5链接

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏