PostFix - How to avoid SPAM (relay/client restrictions - checks)

About

Even if you are a virtual host that resent email, you need to capture spam email otherwise, Gmail will block you.

Feb 18 14:55:52 beau postfix/smtp[31892]:

463F01A2EBD: host gmail-smtp-in.l.google.com[74.125.192.26] said: 421-4.7.28 [192.99.55.226 15]

Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address.

To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited.

Please visit 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError

to 421 4.7.28 review our Bulk Email Senders Guidelines. k10si2978071qtp.33 - gsmtp (in reply to end of DATA command)

Check and restrictions

The check and restrictions when an email is send

telnet 192.168.0.18 25                           # 
Trying 192.168.0.18...
Connected to 192.168.0.18 (192.168.0.18).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix              # <-smtp_client_restrictions
HELO mail.example.com                           # <-smtp_helo_restrictions
250 mail.example.com                            #
MAIL FROM:<[email protected]>                     # <-smtp_sender_restrictions
250 2.1.0 Ok                                    #
RCPT TO:<[email protected]>                       # <-smtp_recipient_restrictions
250 2.1.5 Ok                                    #
DATA                                            # <-smtp_data_restrictions
354 End data with <CR><LF>.<CR><LF>             #
To:<[email protected]>                            # <-header_checks
From:<[email protected]>                          #
Subject:Hello world                             #
This is a body                                  # <-body_checks
.                                               #
250 2.0.0 Ok: queued as 463F01A2EBD
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

smtpd_client_restrictions

smtpd_client_restrictions

The end of each list is equivalent to a PERMIT result.

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname

smtp_helo_restrictions

in /etc/postfix/main.cf

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_helo_hostname,
    permit

where:

smtp_sender_restrictions

  • The sender's email address should be valid

Others

greylist

Header check

Spam filter

Spf policy

Documentation / Reference


Powered by ComboStrap