客户端判别规则:

Smtpd_client_restrictions客户端连接

Smtpd_helo_restrictions客户端自己的主机名称

Smtpd_sender_restrictions客户端使用mail from命令表示发现者的邮箱地址

Smtpd_recipient_restrictions客户端使用rcpt命令指出收件人的邮箱地址

Smtpd_data_restrictionsDATA命令让服务器端知道客户端传送邮件

邮件标题和内容判断

Header_check标题过滤

Body_check邮件内容过滤



最近公司邮箱服务器收到的垃圾邮件比较多,对于邮箱服务器做一些过滤规则如:

smtpd_client_restrictions =

permit_sasl_authenticated,

permit_mynetworks,

reject_rbl_clientcblless.anti-spam.org.cn=127.0.8.5,

reject_rbl_clientcblplus.anti-spam.org.cn=127.0.8.6,

接受SASL和同级别网段,其余禁止。

smtpd_client_restrictions =hash:/usr/local/etc/postfix/access

可以根据客户端的IP做黑白名单。

命名过则

#/usr/local/etc/postfix/main.cf:

#smtpd_client_restrictions =

#check_client_accesshash:/usr/local/etc/postfix/access

#

#/usr/local/etc/postfix/access:

#1.2.3REJECT

#1.2.3.4oK

Smtpd_helo_restrictions =检查Helo命名过则

Check_helo_access hash:/usr/localetc/post/helo_access

Reject_invalid_hostname

/usr/local/etc/post/helo_access

Helo_access访问列表内容为:

a.b.comREJECT

a.comOK

smtpd_sender_restrictions =检查mail from邮箱地址

permit_sasl_authenticated,

permit_mynetworks,

reject_sender_login_mismatch,

reject_authenticated_sender_login_mismatch,

reject_unauthenticated_sender_login_mismatch,

reject_unknown_sender_domain,

reject_non_fqdn_sender,

# reject_rhsbl_sendercblless.anti-spam.org.cn=127.0.8.5,

# reject_rhsbl_sendercblplus.anti-spam.org.cn=127.0.8.6,

permit

可以做SEND访问列表

check_sender_accesshash:/usr/local/etc/postfix/sender_access,

smtpd_recipient_restrictions =检查rcpt邮箱列表

permit_sasl_authenticated,

permit_mynetworks,

reject_unknown_sender_domain,

reject_unauth_pipelining,

reject_invalid_helo_hostname,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_non_fqdn_recipient,

reject_unknown_recipient_domain,

reject_unauth_destination,

reject_rbl_clientcblless.anti-spam.org.cn=127.0.8.5,

reject_rbl_clientcblplus.anti-spam.org.cn=127.0.8.6,

permit