正确配置Postfix 阻止垃圾邮件

无疑问，近一段时期以来，垃圾邮件日益盛行。据估计，垃圾邮件占全部邮件的80%到90%，很多邮件服务器在对付由最新的垃圾邮件所引起的额外负担问题上存在着很大的困难，而且垃圾邮件过滤器如SpamAssassin并不能如以前那样识别大部分的垃圾邮件。幸运的是，我们可以在邮件传输代理(Mail Transfer Agent，MTA)层次上阻止大量的垃圾邮件，例如通过使用黑名单、在发送者和接收者的域上运行测试等。这样做的一个额外的优势是它可以降低邮件服务器的负荷，因为垃圾邮件过滤器需要查看的邮件更少。

基础工作

本文将讨论怎样配置Postfix(2.x和1.x)，在垃圾邮件进入服务器之前阻止它。不过，在将本文所讨论的方法运用到您的邮件服务器中之后，您应该检查您的邮件日志，确保合法的用户邮件不会被阻止。

您可以查看如下链接得到一些指导性的信息：

http://www.howtoforge.com/virtual_postfix_antispam

如下的链接包含另外一些反垃圾邮件解决方案：

http://www.howtoforge.com/taxonomy_menu/1/78/24

Postfix 2.x

打开/etc/postfix/main.cf文件，在其中增加如下的几行(如果相关的配置存在，就替换之):

vi /etc/postfix/main.cf

[...]

smtpd_helo_required?=?yes

disable_vrfy_command?=?yes

strict_rfc821_envelopes?=?yes

invalid_hostname_reject_code?=?554

multi_recipient_bounce_reject_code?=?554

non_fqdn_reject_code?=?554

relay_domains_reject_code?=?554

unknown_address_reject_code?=?554

unknown_client_reject_code?=?554

unknown_hostname_reject_code?=?554

unknown_local_recipient_reject_code?=?554

unknown_relay_recipient_reject_code?=?554

unknown_sender_reject_code?=?554

unknown_virtual_alias_reject_code?=?554

unknown_virtual_mailbox_reject_code?=?554

unverified_recipient_reject_code?=?554

unverified_sender_reject_code?=?554

smtpd_recipient_restrictions?=

reject_invalid_hostname,

reject_unknown_recipient_domain,

reject_unauth_pipelining,

permit_mynetworks,

permit_sasl_authenticated,

reject_unauth_destination,

reject_rbl_client?multi.uribl.com,

reject_rbl_client?dsn.rfc-ignorant.org,

reject_rbl_client?dul.dnsbl.sorbs.net,

reject_rbl_client?list.dsbl.org,

reject_rbl_client?sbl-xbl.spamhaus.org,

reject_rbl_client?bl.spamcop.net,

reject_rbl_client?dnsbl.sorbs.net,

reject_rbl_client?cbl.abuseat.org,

reject_rbl_client?ix.dnsbl.manitu.net,

reject_rbl_client?combined.rbl.msrbl.net,

reject_rbl_client?rabl.nuclearelephant.com,

permit

[...]

然后重新启动Postfix:

/etc/init.d/postfix restart

Postfix 1.x

打开/etc/postfix/main.cf，并在其中加入如下几行(如果相关的配置已经存在就替换之)：

vi /etc/postfix/main.cf

[...]

smtpd_helo_required?=?yes

disable_vrfy_command?=?yes

strict_rfc821_envelopes?=?yes

invalid_hostname_reject_code?=?554

multi_recipient_bounce_reject_code?=?554

non_fqdn_reject_code?=?554

relay_domains_reject_code?=?554

unknown_address_reject_code?=?554

unknown_client_reject_code?=?554

unknown_hostname_reject_code?=?554

unknown_local_recipient_reject_code?=?554

unknown_relay_recipient_reject_code?=?554

unknown_sender_reject_code?=?554

unknown_virtual_alias_reject_code?=?554

unknown_virtual_mailbox_reject_code?=?554

unverified_recipient_reject_code?=?554

unverified_sender_reject_code?=?554

maps_rbl_domains?=

multi.uribl.com,

dsn.rfc-ignorant.org,

dul.dnsbl.sorbs.net,

list.dsbl.org,

sbl-xbl.spamhaus.org,

bl.spamcop.net,

dnsbl.sorbs.net,

cbl.abuseat.org,

ix.dnsbl.manitu.net,

combined.rbl.msrbl.net,

rabl.nuclearelephant.com

smtpd_recipient_restrictions?=

permit_sasl_authenticated,

permit_mynetworks,

reject_invalid_hostname,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_unknown_sender_domain,

reject_unknown_recipient_domain,

reject_maps_rbl,

check_relay_domains

[...]

然后重新启动Postfix:

/etc/init.d/postfix restart