Front page  Projects  Slides  Writings  Blog  Notes  IPv6 test

My postfix setup

From time to time people ask me about my mail setup and what I do to prevent spam. This is a short summary.

I will not explain how the software works as there is lots of documentation available already.

I have chosen these tools with the goal of having a setup as simple as possible that limits spam as effectively as possible without acting in unpredictable ways. I have come pretty close.

Software

Postfix configuration

main.cf

My mail server only handles incoming mail:

mynetworks_style = host

Aliases for DSPAM:

alias_maps = hash:/etc/aliases, hash:/usr/local/etc/postfix/dspam_aliases

I have a few custom rules for mail headers and body:

header_checks = pcre:/usr/local/etc/postfix/header_checks
body_checks = pcre:/usr/local/etc/postfix/body_checks

The interesting stuff:

dspam_destination_recipient_limit = 1
smtpd_client_restrictions =
        permit_mynetworks,
        reject_unknown_client,
        check_client_access pcre:/usr/local/etc/postfix/dspam_filter_access,
        check_policy_service inet:127.0.0.1:10023

smtpd_sender_restrictions =
        reject_unknown_sender_domain

master.cf

dspam   unix    -       n       n       -       10      pipe    flags=Ru user=dspam argv=/usr/local/bin/dspam --deliver=innocent --user $user -i -f $sender -- $recipient

dspam_filter_access

/./     FILTER dspam:dspam

dspam_aliases

spam:   "|/usr/local/bin/dspam --debug --user root --class=spam --source=error"
nospam: "|/usr/local/bin/dspam --debug --user root --class=innocent --source=error"

Postgrey configuration

I just use the default configuration. Works great.

DSPAM configuration

I use MySQL for storage:

StorageDriver /usr/local/lib/libmysql_drv.so

MySQLServer            /tmp/mysql.sock

MySQLUser              dspam
MySQLPass              XXXXXXXXX
MySQLDb                dspam
MySQLCompress          true

MySQLUIDInSignature    on

Delivery is done using the Postfix sendmail binary. (Through mailwrapper)

TrustedDeliveryAgent "/usr/sbin/sendmail"

The dspam user needs to be trusted

Trust dspam

I want signatures located among the mail headers and spam mails should just be tagged - not quarantined - as I am filtering them with procmail.

Preference "signatureLocation=headers" # 'message' or 'headers'
Preference "spamAction=tag"

MySQL configuration

I use a pretty standard configuration. Remeber to disable bin-log unless you're using replication.

E-mail Valid XHTML 1.1 Valid CSS!