毫无疑问,近一段时期以来,垃圾邮件日益盛行。据估计,垃圾邮件占全部邮件的80%到90%,很多邮件服务器在对付由最新的垃圾邮件所引起的额外负担问题上存在着很大的困难,而且垃圾邮件过滤器如spamassassin并不能如以前那样识别大部分的垃圾邮件。幸运的是,我们可以在邮件传输代理(mail transfer agent,mta)层次上阻止大量的垃圾邮件,例如通过使用黑名单、在发送者和接收者的域上运行测试等。这样做的一个额外的优势是它可以降低邮件服务器的负荷,因为垃圾邮件过滤器需要查看的邮件更少。
基础工作
本文将讨论怎样配置postfix(2.x和1.x),在垃圾邮件进入服务器之前阻止它。不过,在将本文所讨论的方法运用到您的邮件服务器中之后,您应该检查您的邮件日志,确保合法的用户邮件不会被阻止。
您可以查看如下链接得到一些指导性的信息:
http://www.howtoforge.com/virtual_postfix_antispam
如下的链接包含另外一些反垃圾邮件解决方案:
http://www.howtoforge.com/taxonomy_menu/1/78/24
postfix 2.x
打开/etc/postfix/main.cf文件,在其中增加如下的几行(如果相关的配置存在,就替换之):
vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
[...]
|
然后重新启动postfix:
/etc/init.d/postfix restart
postfix 1.x
打开/etc/postfix/main.cf,并在其中加入如下几行(如果相关的配置已经存在就替换之):
vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
maps_rbl_domains =
multi.uribl.com,
dsn.rfc-ignorant.org,
dul.dnsbl.sorbs.net,
list.dsbl.org,
sbl-xbl.spamhaus.org,
bl.spamcop.net,
dnsbl.sorbs.net,
cbl.abuseat.org,
ix.dnsbl.manitu.net,
combined.rbl.msrbl.net,
rabl.nuclearelephant.com
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_maps_rbl,
check_relay_domains
[...]
|
然后重新启动postfix:
/etc/init.d/postfix restart(责任编辑:李磊)
【相关资料】
更多黑名单
您可以在如下的网址找到更多的dns和rhs黑名单列表,将其加入到您的postfix配置中:
http://spamlinks.net/filter-dnsbl-lists.htm
postfix链接
http://www.postfix.org
