we've inherited the DNS from another ISP and now our mail server is bombed by about 1000 emails per minute, 99.99% of these emails are just spam. We're trying to optimize the filtering/rejecting the spam with no much luck.
What would be on your opinion the optimal set for smtpd_recipient_restrictions?
The system config: Ubuntu + Amavis + Postfix + MySQL + Fail2Ban-Postfix
Any advise is welcome!
UDPATE, 2012-08-08
On alteration of the posftix configuration as folows and configuring the Potrgey service the spam level decayed 10 times
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_policy_service inet:127.0.0.1:10023,
reject_rbl_client zen.spamhaus.org,
check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
reject_unauth_pipelining,
reject_unauth_destination
Best Answer
You order of rules is very bad. If you want to keep all of them and not add anything else, the order must be:
And if that still is not enough then read about
postscreenin http://www.postfix.org/POSTSCREEN_README.html.