毫無疑問,近一段時期以來,垃圾郵件日益盛行。據估計,垃圾郵件占全部郵件的80%到90%,很多郵件伺服器在對付由最新的垃圾郵件所引起的額外負擔問題上存在著很大的困難,而且垃圾郵件篩檢程式如SpamAssassin並不能如以前那樣識別大部分的垃圾郵件。幸運的是,我們可以在郵件傳輸代理(Mail Transfer Agent,MTA)層次上阻止大量的垃圾郵件,例如通過使用黑名單、在發送者和接收者的域上運行測試等。這樣做的一個額外的優勢是它可以降低郵件伺服器的負荷,因為垃圾郵件篩檢程式需要查看的郵件更少。
基礎工作
本文將討論怎樣配置Postfix(2.x和1.x),在垃圾郵件進入伺服器之前阻止它。不過,在將本文所討論的方法運用到您的郵件伺服器中之後,您應該檢查您的郵件日誌,確保合法的用戶郵件不會被阻止。
您可以查看如下鏈接得到一些指導性的資訊:
http://www.howtoforge.com/virtual_postfix_antispam
如下的鏈接包含另外一些反垃圾郵件解決方案:
http://www.howtoforge.com/taxonomy_menu/1/78/24
Postfix 2.x
打開/etc/postfix/main.cf檔,在其中增加如下的幾行(如果相關的配置存在,就替換之):
vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
[...]
然後重新啟動Postfix:
/etc/init.d/postfix restart
Postfix 1.x
打開/etc/postfix/main.cf,並在其中加入如下幾行(如果相關的配置已經存在就替換之):
vi /etc/postfix/main.cf
[...]
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
maps_rbl_domains =
multi.uribl.com,
dsn.rfc-ignorant.org,
dul.dnsbl.sorbs.net,
list.dsbl.org,
sbl-xbl.spamhaus.org,
bl.spamcop.net,
dnsbl.sorbs.net,
cbl.abuseat.org,
ix.dnsbl.manitu.net,
combined.rbl.msrbl.net,
rabl.nuclearelephant.com
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_maps_rbl,
check_relay_domains
[...]
然後重新啟動Postfix: /etc/init.d/postfix restart |