[root:~]# telnet localhost 25 --------------------- (1)
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
helo localhost ---------------------------------------(2)
250 mail.example.com
mail from: --------------------------(3)
250 2.1.0 Ok
rcpt to: -------------------------- -(4)
250 2.1.5 Ok
data ----------------------------------------------------(5)
354 End data with .
Subject:hello -------------------------------------------(6)
I am john. ------------------------------------------(7)
.
250 2.0.0 Ok: queued as 5F2B641C083
quit
221 2.0.0 Bye
Connection closed by foreign host.
(1) smtpd_client_restrictions
(2) smtpd_helo_restrictions
(3) smtpd_sender_restrictions
(4) smtpd_recipient_restrictions
(5) smtpd_data_restrictions
(6) header_checks
(7) body_checks
1,smtpd_helo_required = yes 必须helo/ehlo
2, smtpd_client_restrictions =
check_client_access hash:/path/to/client_access ,
//针对client的IP来做相应的动作
reject_rbl_client bl.spamcop.net,
//拒绝在rbl里面的ip地址,例如:1.2.3.4,则去查询4.3.2.1.bl.spamcop.net是否有对应的A记录
reject_rbl_client sbl-xbl.spamhaus.org,
原理一样,可以同时查询多个RBL
reject_unknown_client_hostname
//检查反解ip->name,name->ip,name=ip 拒绝没有
反向DNS解析的IP发送邮件
3, smtpd_delay_reject = yes //延迟reject时间,即rcpt to:后再reject 4,smtpd_recipient_restrictions =
permit_mynetworks, //容许mynetworks中定义的私有的ip地址
permit_sasl_authenticated,// 容许通过认证的客户端进行转发
reject_non_fqdn_hostname, //拒绝helo/ehlo过来不完整的hostname
reject_non_fqdn_sender, // 拒绝不完整的发送者的域名
reject_non_fqdn_recipient, // 拒绝不完整的收件人域名 reject_unauth_destination,
//拒绝不属于本域的,包括mydestination,inet_interfaces,virtual_alias_maps,virtual_mailbox_maps,relay_domain相关的网域以及子域 reject_unauth_pipelining
拒绝在没有跟服务器确认可以进行流水线操作,就进行流水线操作的客户端 reject_invalid_helo_hostname (postfix2.3)
reject_invalid_hostname (postfix<2.3)
拒绝客户端提供的无效的hostname check_policy_service servername
check_policy_service unix:private/apolicy
在master.cf里配置 apolicy unix - n n - - spawn user=nobody argv=/usr/lib/postfix/apolicy.py check_policy_service inet:127.0.0.1:10030
check_policy_service unix:/some/where/policy
我使用的反垃圾配置
header_checks = regexp:/etc/postfix/checks/header_checks
mime_header_checks = regexp:/etc/postfix/checks/mime_header_checks
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
# reject_unknown_hostname,
# warn_if_reject reject_unknown_client_hostname,
# warn_if_reject reject_unknown_reverse_client_hostname,
# reject_non_fqdn_hostname,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/etc/postfix/my_sender_access_list,
reject_sender_login_mismatch,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_rhsbl_sender cblless.anti-spam.org.cn=127.0.8.5,
reject_rhsbl_sender xbl.spamhaus.org=127.0.0.4,
permit
smtpd_recipient_restrictions=
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5,
reject_rbl_client xbl.spamhaus.org=127.0.0.4,
permit
#check_policy_service inet:127.0.0.1:60000
#reject_invalid_hostname,
# reject_unknown_recipient_domain,
# reject_unauth_pipelining,
# reject_maps_rbl,
# reject_rbl_client cblless.anti-spam.org.cn
------------------------------
/etc/postfix/checks/header_checks文件# This filter is based on the work of Jeffrey Posluns
# Filter Version 20040407-1
# Please feel free to copy, use, discuss, link to, or modify this file in compliance with the rules below:
# 1. These filters (or portions thereof) may not be sold or included in a package (software or otherwise) for which fees are charged.
# 2. If you wish to sell or include these filters as part of a package for which fees are charged, please contact us to arrange for a redistribution license.
# 3. Leave this header information intact.
# 4. Do not change the SPAM-ID numbers. We use these numbers to help track false rejections.
# 5. if you modify this file, indicate such on the line below, so that people can be aware that the filter is not an original version.
# We use the header_checks file to remove some headers that we find undesirable.
# Return receipts and software versions are the most significant in this situation.
# For more information, please see
#/^Received: from 127.0.0.1/ IGNORE
/^Disposition-Notification-To:/ IGNORE
# On some systems we create a custom log entry for SpamAssassin confirmed spam emails.
# If you want to drop or hold these emails, change WARN to DISCARD or HOLD respectively.
# You can also use the FILTER command to forward all spam to another process or account.
# /^X-Spam-Flag: YES/ WARN SpamAssassin Confirmed Spam Content
# These are headers used to track some spam messages.
/^Bel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Hel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Kel-Tracking: .*/ REJECT Confirmed spam. Go away.
/^BIC-Tracking: .*/ REJECT Confirmed spam. Go away.
/^Lid-Tracking: .*/ REJECT Confirmed spam. Go away.
# Following Will Block Spams With Many Spaces In The Subject.
/^Subject: .* / REJECT Your subject had too many subsequent spaces. Please change the subject and try again.
# Emails with eronious dates (or dates far in the past) will appear at the top or bottom of your mail client.
# This is a common method that spammers use to try and get your attention on their emails.
#/^Date: .* 2004/ REJECT Your computer still thinks it's 2004. Fix your system clock and try again.
#/^Date: .* 2003/ REJECT Your computer still thinks it's 2003. Fix your system clock and try again.
/^Date: .* 200[0-4]/ REJECT Your email has a date from the past. Fix your system clock and try again.
/^Date: .* 19[0-9][0-9]/ REJECT Your email has a date from the past. Fix your system clock and try again.
# This filter will block subjects that contain ISO specifications.
# If you use any languages other than English, you might need to comment this out.
# /^Subject: .*\=\?ISO/ REJECT We don't accept strange character sets.
# This will block messages that do not have an address in the From: header.
# Note: This may violate RFC, but blocks a very significant amount of spam. If you implement this, you risk getting listed in
#/^From: <>/ REJECT You need to specify a return address, otherwise we will not accept your email.
# Following Are Alphabetical Listings Of Subject Contents That Will Be Blocked.
# Following is a listing of known mass mailer programs.
/^X-Mailer: 0001/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Avalanche/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Crescent Internet Tool/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: DiffondiCool/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: E-Mail Delivery Agent/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Emailer Platinum/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Entity/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Extractor/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: Floodgate/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: GOTO Software Sarbacane/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: MailWorkz/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: MassE-Mail/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: MaxBulk.Mailer/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: News Breaker Pro/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: SmartMailer/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: StormPort/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/^X-Mailer: SuperMail-2/ REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.
/etc/postfix/checks/mime_header_checks
# This filter is the work of Jeffrey Posluns
# Filter Version 20040504-1
# Please feel free to copy, use, discuss, link to, or modify this file in compliance with the rules below:
# 1. These filters (or portions thereof) may not be sold or included in a package (software or otherwise) for which fees are charged.
# 2. If you wish to sell or include these filters as part of a package for which fees are charged, please contact us to arrange for a redistribution license.
# 3. Leave this header information intact.
# 4. Do not change the SPAM-ID numbers. We use these numbers to help track false rejections.
# 5. if you modify this file, indicate such on the line below, so that people can be aware that the filter is not an original version.
# This entry will reject messages with attachments that could be dangerous, and will inform the sender of what type of attachemnt was rejected.
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dbx|dll|exe|hlp|hta|in[fs]|isp|js|jse|lnk|md[etw]|ms[cipt]|nws|ocx|ops|pcd|pi|pif|prf|reg|scf|scr|sct|sh[bms]|swf|uue|vb|vb[esx]|vxd|wab|ws[cfh]))"?\s*$/ REJECT Files attached to emails that contain or end in "$3" are prohibited on this server as they may contain viruses. The file named "$2" was rejected.
# This will filter our certain types of attachments that can be considered dangerous.
/name=[^>]*your_details.zip/ REJECT Mail filters have determined that your email appears to be infected with the Sobig virus.
/^\s*Content-(Disposition|Type).*name\s*=\s*"?((Attach|Information|TextDocument|Readme|Msg|Msginfo|Document|Info|Attachedfile|Attacheddocument|TextDocument|Text|TextFile|Letter|MoreInfo|Message)\.zip)"?\s*$/ REJECT Mail filters have determined that your email appears to be infected with the Bagle virus.
/^\s*Content-(Disposition|Type).*name\s*=\s*"?((Patch|MS-Security|MS-UD|UpDate|sys-patch|MS-Q).*\.zip)"?\s*$/ REJECT Mail filters have determined that your email appears to be infected with the Sober virus.
/^\s*Content-(Disposition|Type).*name\s*=\s*"?((doc_word3_|document_all_|part01_|product_|letter_|information_|document_|details_|screensaver_|website_|data_|text_|file_|prod_info_).*\.zip)"?\s*$/ REJECT Mail filters have determined that your email appears to be infected with the Netsky virus.
我的配置/etc/postfix/checks/header_checks文件:
/^Date:.* 200[0-7]/ REJECT Your email has a date from the past. Fix your system clock and try again.
/^Date:.*19[0-9][0-9]/ REJECT Your email has a date from the past. Fix your system clock and try again.
/^Date:.* 2[0-9][1-9][0-9] / REJECT Your email has a error date. Fix your system clock and try again.
/^Date:.* 200[9] / REJECT Your email has a error date. Fix your system clock and try again.
以下为转载:
Postfix最简单的anti-spam
November 18th 2007 Posted in Linux
是人都知道,我们做一个邮件服务器,肯定要做anti-spam的,那么,看了网上那么多anti-spam的教程,howto,都要用到spamassassin+amavisd-new,可是很多里面都没有或者很少提到postfix也可以做简单的anti-spam,而且它的这套,能做的更好。
ChinaVFX有自己的邮件服务器,我公司的域名也是在这边做的邮件服务器。现在的spamer都已经很强了,只要你在随便什么地方一公布邮箱,马上就会有狂多的垃圾邮件了。
我的两个邮箱,平均每天收到最少30封垃圾邮件。加起来,每天有近100封垃圾邮件发给我。。
每个邮件都有一个header(是人都知!!),在这里面,记录了这个邮件经过哪几个relay服务器,从什么client地址发出的,如果我们仔细看看,就能发现其中的问题。
现在每个邮件服务商都有自己的规则,所以通过用这些Free的,大众化的邮件服务商的邮箱来发送SPAM,已经很少了;但是自己做个邮件服务器却很简单,可以说,都不用专门的邮件服务器软件就可以疯狂群发邮件。
那么对于这种情况,可以想象,他们不可能做一个有效的域名,再去做MX,再去做一堆邮件服务器所需要的域名工作。因为他们负担不起,一旦这么搞法,这个域名最多能用几天,然后就会被全世界列入blocklist,所以他们都是用的动态IP地址。
那么动态IP地址的问题在哪?名字就说明问题了,第一,不可能有PTR记录,也就是说不能反向查找域名,第二,很有可能用动态IP地址也没有一个有效的域名,当然也不可能有一个有效的主机名。如果各位自己也有做过邮件服务器的话,可以看看自己邮箱里的SPAM,我的邮箱里的SPAM,有90%都是这种没有主机名,没有PTR的邮件服务器发过来的。
那怎么办呢?看看我的postfix的restriction
# enable some restrictions
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
permit
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname,
reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname,
reject_non_fqdn_hostname,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
下面来一行行的看看,第一行,helo,这个对于服务器来说是必须的,每个连接过来的人必须先helo,第二行,smtpd_delay_reject,这个一定要注意,它的意思是,如果指定为no,那么helo_restrictions就会在客户端发送helo命令时运行,那么在这时,就算你要sasl_auth,也是不太可能被permit,现在把它改成yes,就是让helo的限制检查推后到data开始。所以这条指令是最重要的一条了。
下面的smtpd_etrn_restrictions这个要不要都不是太重要,除非你的邮件服务器不是一直连在internet上的,这种情况可能会需要。
后面的就很明显了,作用最大的,还是在smtpd_helo_restrictions里面,这里面,我们允许sasl认证过的客户端,reject掉无效主机名的,未知主机名的(没有DNS)最重要的,如果这个客户端没在DNS里面没有PTR就REJECT掉,新浪的邮箱也是这么做的。
还有一个要说明的,就是permit_mynetworks,不重要么,好象是的,但可以肯定的说,肯定重要,因为对于自己的服务器发送的local信件,象cron的出错,等等,还有用PHP等等方式发出的邮件,都是来自于localhost,localhost显然不是一个FQDN的主机名,所以一定要加这个permit_mynetworks,另外,mynetwork,如果不指定,可能不一定会是你想要的结果,所以最好在main.cf里面的mynetworks指定为127.0.0.0/8。
注意main.cf里面mynetworks_style和mynetworks只需要指定一个,不需要两个同时指定。
好了,自从有了这些个restriction,我的邮箱干净多了。垃圾邮件从每天的几十封变成了现在的每天只有最多5封(当然,不排除有些白痴还是在用有效的域名在发SPAM)。哈哈,世界清静了!
