Skip to content

Instantly share code, notes, and snippets.

@phryneas
Last active August 29, 2015 14:17
Show Gist options
  • Save phryneas/09d3d88f0a4bfdf4884d to your computer and use it in GitHub Desktop.
Save phryneas/09d3d88f0a4bfdf4884d to your computer and use it in GitHub Desktop.
postfix configuration
# as by http://www.postfix.org/SMTPD_ACCESS_README.html
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_mynetworks
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_sender_restrictions =
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions =
# send everything originating from localhost
permit_mynetworks,
# send everything logged in
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail relay policy is specified under smtpd_relay_restrictions (available with Postfix 2.10 and later).
# highly trusworthy server, always allow
permit_dnswl_client list.dnswl.org=127.0.[0..255].[3],
# block everything where the sending ip is a known spammer
reject_rbl_client zen.spamhaus.org,
# block where the sending domain is a known spammer
reject_rhsbl_sender dbl.spamhaus.org,
# trustworthy server, allow if now blocked bs spamhaus
permit_dnswl_client list.dnswl.org=127.0.[0..255].[2],
# everything else goes through greylisting
check_policy_service inet:127.0.0.1:10023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment