On 15.09.2011 00:03, Sandy Drobic wrote:
On 14.09.2011 22:27, Gurvinder Trehan wrote:
Open Suse 1.4 - Postfix Spam filter Steps to configure with Exchange server 2010
Uh... I hate to ask but are you offering a how-to or are you asking for advice how to set up Postfix as a spamfilter in front of Exchange?
Okay, I just saw your first try to post in a hijacked thread. (^-^) The first and most important step is not the actual configuration but the decision what kind of policy you wish to implement. Things like: - how important is it not to reject a mail that the recipient wishes to receive, even if the sending server abuses all rules how to set up a proper mailserver compared to the amount of spam that might still slip through if you configure a less strict policy on your server - how much spam can you suffer before you are looking for more effective ways to reject spam - what kind of usage do you expect for your server. If it is a heavily used system with millions of mails per day you probably want to set up several redundant hosts and not use pre-queue filtering. If the system running with light load you could use pre-queue filtering to reject mails that the content filter identifies as spam. Most basic and simple configuration: Postfix is set up as a relayhost in exchange. On your Postfix server you must configure these settings: /etc/postfix/main.cf: mydestination = transport_maps = hash:/etc/postfix/transport inet_interfaces = all mynetworks = 127.0.0.1, ip.of.post.fix ip.of.ex.change relay_domains = /etc/postfix/relay_domains # relay_recipient_maps = hash:/etc/postfix/relay_recipients_new smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, # reject_unverified_recipient /etc/postfix/relay_domains: relay.domain.tld domain1 another.domain.tld domain2 /etc/postfix/transport: relay.domain.tld relay:[ip.of.ex.change] another.domain.tld relay:[ip.of.ex.change] This is the absolute basic configuration that tells Postfix for which domains it is responsible, how to check for valid recipients (either you have a list of valid recipients in relay_recipient_maps (a script that periodically checks the ad and dumps them in a textfile, ldap access to AD etc..) or you tell Postfix to ask the backend exchange if the recipient ist valid with reject_unverified_recipients). Then the transport_maps tell Postfix where to send the accepted mails of the relay_domains. Next step is to configure basic anti spam measures with Postfix: Most of these additional checks are in smtpd_recipient_restrictions: /etc/postfix/main.cf: [....] smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, permit_mynetworks, reject_unauth_destination, reject_unverified_recipient # check_client_access hash:/etc/postfix/client_whitelist # check_client_access pcre:/etc/postfix/client_blacklist_pcre reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net client_whitelist and client_blacklist are not exactly needed for filtering but when you employ anti spam measures you will likely encounter systems configured badly enough to trigger you checks. Then you will need the whitelist to skip the checks after the whitelist. That will already catch 50-80 percent of the spam attempts. If that is not sufficient you can add more blacklists like spamcop. But likely you have reached the point where Postfix alone will not be enough. Then you can add greylisting (needs a policy service that offers greylisting), content filtering like spamassassin (most admins use amavisd-new that offers a very popular perl framework to add virus checking and spam filtering with spamassassin). Let's leave these steps for when you set up you basic system and it is running reliable. You should also consider your environment. A mailserver relies heavily on DNS, so the dns server that postfix uses must be available and fast. You might want to set up a local dns server or at least a caching server on your postfix box. Depending on your volume you might have to fiddle with process limits to allow enough smptd processes (for receiving) and smtp processes (for sending). If you already have a system configured with postfix then post more detailed questions and the configuration (output of command "postconf -n" and the content of /etc/postfix/master.cf). Also, what exactly you try to achieve. My configuration might not meet your requirements. Without knowing these requirements it is difficult to guess what you really need. Sandy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org