Mailserver antispam solution, add in postfix main.cf and will stop 90% of all spam # Postfix main.cf setup myhostname = host.domain.com myorigin = host.domain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname #mydestination = host.domain.com, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + #inet_interfaces = all inet_interfaces = host.domain.com localhost inet_protocols = ipv4 message_size_limit = 10485760 notify_classes = resource, software bounce_size_limit = 1024 invalid_hostname_reject_code = 554 access_map_reject_code = 554 relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 non_fqdn_reject_code = 554 unknown_sender_reject_code = 554 unverified_sender_reject_code = 554 unverified_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 multi_recipient_bounce_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 disable_vrfy_command = yes smtpd_restriction_classes = verify_sender verify_sender = reject_unverified_sender, permit ## in order of processing. restrictions/anti-spam smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, # reject_unknown_client smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit smtpd_sender_restricitons = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, permit_tls_all_clientcerts, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_unknown_sender_domain smtpd_delay_reject = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_unknown_sender_domain, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/verify_sender.map reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client bogusmx.rfc-ignorant.org, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, # reject_rbl_client cbl.anti-spam.org.cn, # reject_rbl_client blackholes.five-ten-sg.com, # reject_rbl_client dnsbl.ahbl.org, # reject_rbl_client dnsbl.njabl.org, # reject_rbl_client multi.surbl.org, # reject_rbl_client bl.spamcop.net, # reject_rbl_client cbl.abuseat.org, # reject_rbl_client ix.dnsbl.manitu.net, # reject_rbl_client l1.apews.org, # reject_rbl_client l2.apews.org, # reject_rbl_client t1.dnsbl.net.au, # reject_rbl_client combined.rbl.msrbl.net, # reject_rbl_client rabl.nuclearelephant.com, # reject_rbl_client dnsbl.sorbs.net, # reject_rhsbl_sender rhsbl.sorbs.net, reject_non_fqdn_recipient, reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining, permit # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ ### see also local.cf from spamassassin, add header if user auth over smtp smtpd_sasl_authenticated_header = yes virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names extra files. /etc/postfix/helo.regexp /^localhost$/ 550 Don't use my own hostname /^host.domain.com$/ 550 Don't use my own hostname /^127.0.0.1$/ 550 Don't use my own IP address /^[180.169.9.91]$/ 550 Don't use my own IP address /^[180.169.9.92]$/ 550 Don't use my own IP address #/^[0-9.]+$/ 550 Your software is not RFC 2821 compliant #/^[0-9]+(.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant /etc/postfix/verify_sender.map ## reverse check the email adresses. ## Example: domain.extention verify_sender earthlink.net verify_sender hotmail.com verify_sender lycos.com verify sender msn.com verify_sender netscape.com verify_sender netscape.net verify_sender yahoo.com verify_sender gmail.com verify_sender gmail.nl verify_sender live.com verify_sender charter.net verify_sender and dont forget to postmap verify_sender.map !!! and reload postfix ( /etc/init.d/postfix reload )