> reject_unknown_client_hostname (with Postfix < 2.3:
> reject_unknown_client)Reject the request when 1) the client IP
> address->name mapping fails, 2) the name->address mapping fails, or 3)
> the name->address mapping does not match the client IP address.
> This is a stronger restriction than the
> reject_unknown_reverse_client_hostname feature, which triggers only
> under condition 1) above.
> The unknown_client_reject_code parameter specifies the response code for
> rejected requests (default: 450). The reply is always 450 in case the address-
> >name or name->address lookup failed due to a temporary problem.

If you are using Postfix, the following smtpd_recipient_restrictions work well 
for us. Note that you need to install policy-spf-python before you can use the 
last directive.:

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, 
reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, 
reject_unknown_sender_domain, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf

policy-spf-python in Ubuntu is installed as follows:

sudo apt-get install postfix-policyd-spf-python

Then in your postfix master.cf you add the following:

policy-spf  unix  -       n       n       -       -       spawn
     user=nobody argv=/usr/bin/policyd-spf

I'm also guessing you are using postscreen

> > Here is a blocked spamas an example:
> >
> > X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5
> Did you receive this mail since score = 8.3?
> Pls set final_spam_destiny to D_DISCARD in this way.
>  $final_spam_destiny       = D_DISCARD;
> It is worth to  have below 2 lines to D_DISCARD as well.
>  $final_virus_destiny      = D_DISCARD;
>  $final_banned_destiny     = D_DISCARD;

I would like to add that you should NEVER block your customers email. You don't 
have to pass them to their mailbox necessarily but you should dump them to a 
quarantine directory and release if needed. I have seen many situation where 
the system has marked a message as spam or a virus for that matter even though 
it was not and your customers are looking for that e-mail so you don't want to 
be that guy. You accomplish that like as follows in your amavis conf file:

$QUARANTINEDIR = "/path/to/quarantine/directory";
$virus_quarantine_method = 'local:virus/%m';
$spam_quarantine_method = 'local:spam/%m';
$banned_files_quarantine_method = 'local:banned/%m';
$bad_header_quarantine_method = 'local:bad_header/%m';

> >
> >    score BAYES_99  4.5 # was 3.5
> >    score BAYES_999 2.0 # was 0.2
> I do NOT conceder the above stuffs so much. I go with defaults.

I agree with above. Keeping with defaults is usually best. You should 
concentrate on doing everything else before you start messing around with the 


Hermes Secure Email Gateway
Hermes Secure Email Gateway combines Open Source technologies such as Postfix, 
Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under one 
unified web based Web GUI for easy administration and management of your 
incoming and ougoing email for your organization. Anti-spam, anti-virus and 
anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS support, 
built-in email archiving, end-user self-service web gui.

Download the free open-source appliance at:

Reply via email to