How to avoid SPAM with Postfix

About

Even if you are a virtual host that resent email, you need to capture spam email otherwise, Gmail will block you.

Feb 18 14:55:52 beau postfix/smtp[31892]:

463F01A2EBD: host gmail-smtp-in.l.google.com[74.125.192.26] said: 421-4.7.28 [192.99.55.226 15]

Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address.

To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited.

Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError

to 421 4.7.28 review our Bulk Email Senders Guidelines. k10si2978071qtp.33 - gsmtp (in reply to end of DATA command)

Check and restrictions

The check and restrictions when an email is send

telnet 192.168.0.18 25                           # 
Trying 192.168.0.18...
Connected to 192.168.0.18 (192.168.0.18).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix              # <-smtp_client_restrictions
HELO mail.example.com                           # <-smtp_helo_restrictions
250 mail.example.com                            #
MAIL FROM:<[email protected]>                     # <-smtp_sender_restrictions
250 2.1.0 Ok                                    #
RCPT TO:<[email protected]>                       # <-smtp_recipient_restrictions
250 2.1.5 Ok                                    #
DATA                                            # <-smtp_data_restrictions
354 End data with <CR><LF>.<CR><LF>             #
To:<[email protected]>                            # <-header_checks
From:<[email protected]>                          #
Subject:Hello world                             #
This is a body                                  # <-body_checks
.                                               #
250 2.0.0 Ok: queued as 463F01A2EBD
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

smtpd_client_restrictions

postconf.5.html

The end of each list is equivalent to a PERMIT result.

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname

smtp_helo_restrictions

in /etc/postfix/main.cf

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_helo_hostname,
    permit

where:

postconf.5.html (default is yes)
postconf.5.html
smtpd_helo_restrictions
- postconf.5.html - permits the known IP
- postconf.5.html - permits the authenticated user/process
- postconf.5.html - reject if the hostname is not fully qualified
- postconf.5.html - reject malformed domain name
- postconf.5.html - reject email when the HELO/EHLO hostname has neither DNS A record nor MX record

smtp_sender_restrictions

The sender's email address should be valid

Others

greylist

Header check

Spam filter

https://en.wikipedia.org/wiki/Amavis#amavisd-new (https://www.amavis.org/)

Spf policy

2 SPF daemons exist

policyd-spf-perl
policyd-spf-python

https://serverfault.com/questions/726471/how-to-setup-postfix-to-check-spf-record-only-for-domains-that-i-want-to-check

About

Check and restrictions

smtpd_client_restrictions

smtp_helo_restrictions

smtp_sender_restrictions

greylist

Header check

Spam filter

Spf policy

Documentation / Reference