SPAM - config

Hello,

This is my first topic, so I would like to thank CWP crew for great job.
We use CWP as a service priveder in Poland and CWP doing a awesome job. Customers are loving it.

I got a question about spam. Is there any possibility to make some black domain list, that will always be marked as a spam ?

Best regards,
je2u

Hello, unfortunately it is impossible to do from the CWP but you can configure your postfix.
For block all mail to/from the list of domains, you should add the following directive to your postfix main.cf file:

Code: [Select]

smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/accessOnce this has been added to the main.cf, you need to create the /etc/postfix/access file and put entries in it like this:

Code: [Select]

some_bad_domain REJECT
next_bad_domain REJECT
nex_bad_domain REJECT

after run:

Code: [Select]

postmap hash:/etc/postfix/access
service postfix restart


As I supposed, thank you a lot!

Hello, unfortunately it is impossible to do from the CWP but you can configure your postfix.
For block all mail to/from the list of domains, you should add the following directive to your postfix main.cf file:

Code: [Select]

smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/accessOnce this has been added to the main.cf, you need to create the /etc/postfix/access file and put entries in it like this:

Code: [Select]

some_bad_domain REJECT
next_bad_domain REJECT
nex_bad_domain REJECT

after run:

Code: [Select]

postmap hash:/etc/mail/access
service postfix restart


The postmap command should be:

Code: [Select]

postmap hash:/etc/postfix/access


Right. My mistake. The command fixed, thank's.

Hello, I just finished configuring the postfix and would like to post for posterity my solution which works just fine.

First of all, we start at /etc/postfix/main.cf file and adding this:

Code: [Select]

# Sender restrictions:
smtpd_sender_restrictions =
    permit_mynetworks,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    check_sender_access hash:/etc/postfix/access,
    permit
Here you got the explanations - http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions

Then we need the access file, which should be at the postfix directory. (explanations -> http://www.postfix.org/access.5.html)
In this file, we start to list domains/mails/patterns and actions to take after postfix will read that. So, I just needed domains for now and it looks like this:

Code: [Select]

domain.com REJECT
domain1.com REJECT
domain2.com REJECT

After that we need to postmap the file access, so run:

Code: [Select]

postmap hash:/etc/postfix/access
After all, restart postfix:

Code: [Select]

service postfix restart
To check if domain is blocked, you can create domain block for your private mail (for ex. gmail.com, yahoo.com, etc.) and see the action in /var/log/maillog

Code: [Select]

tail /var/log/maillogThere should be: [...] Sender address rejected: Access denied; [...]

For me, It's just fine.
Thank you Igor for motivating me to action.

You can use rbls to reject the emails for more security NOte: Sender from the backlisted ips gets rejected automatically 

Code: [Select]

smtpd_client_restrictions = reject_unknown_client
smtpd_helo_restrictions =
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/etc/postfix/sender_whitelist, check_client_access hash:/etc/postfix/sender_blacklist, reject_unauth_destination, reject_non_fqdn_sender,reject_unknown_sender_domain,check_sender_access hash:/etc/postfix/access, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client noptr.spamrats.com, reject_rbl_client dyna.spamrats.com, reject_rbl_client spam.spamrats.com