Reverse DNS, (DNS PTR Record)
You can check your rdns with the command host:
host YOUE-IP
SPF For Your Domain (DNS TXT Record)
Copy the spf result, then go to ISPConfig -> dns -> zones ->click on your domain name -> click on records tab -> and click on TXT
Hostname -> example.com. (with dot at the end!)
Text -> Paste here the spf result
Example:
v=spf1 a mx ptr ip4:YOUR.IP.ADDRESS -all
Click on Save.
Postfix main.cf
Let’s add/change something to /etc/postfix/main.cf
Helo restrictions:
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
Strict rfc:
strict_rfc821_envelopes = yes
Clients restrictions:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
Recipient restrictions:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unknown_recipient_domain
Data restrictions:
smtpd_data_restrictions = reject_unauth_pipelining
Smtpd delay:
smtpd_delay_reject = yes
Reload postfix:
/etc/init.d/postfix reload
SPF Check For Postfix (Debian And Ubuntu)
Intstall spf package:
apt-get install postfix-policyd-spf-python
or
apt-get install postfix-policyd-spf-perl
Add this to /etc/postfix/main.cf :
policy-spf_time_limit = 3600s
and add check_policy_service unix:private/policy-spf at the end of smtpd_recipient_restrictions:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf
Now edit master.cf and add at the end this (for the python version):
policy-spf unix – n n – – spawn
user=nobody argv=/usr/bin/policyd-spf
or this for the perl version:
policy-spf unix – n n – – spawn
user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
…reload postfix.
/etc/init.d/postfix reload
Greylist
Greylisting is a method of defending email users against spam. A mail transfer agent (MTA) using greylisting will “temporarily reject” any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the email will be accepted.
Installing postgrey (Debian, Ubuntu):
apt-get install postgrey
The configuration options are in /etc/default/postgrey ( default delay is 5 min).
Edit main.cf and add check_policy_service inet:127.0.0.1:10023 to the end of smtpd_recipient_restrictions:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf,check_policy_service inet:127.0.0.1:10023
…reload postfix:
/etc/init.d/postfix reload
DNSBL (DNS Based Blacklist/Blocklist)
