> > reject_unknown_client_hostname (with Postfix < 2.3: > reject_unknown_client)Reject the request when 1) the client IP > address->name mapping fails, 2) the name->address mapping fails, or 3) > the name->address mapping does not match the client IP address. > This is a stronger restriction than the > reject_unknown_reverse_client_hostname feature, which triggers only > under condition 1) above. > The unknown_client_reject_code parameter specifies the response code for > rejected requests (default: 450). The reply is always 450 in case the address- > >name or name->address lookup failed due to a temporary problem. >
If you are using Postfix, the following smtpd_recipient_restrictions work well for us. Note that you need to install policy-spf-python before you can use the last directive.: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf policy-spf-python in Ubuntu is installed as follows: sudo apt-get install postfix-policyd-spf-python Then in your postfix master.cf you add the following: # ==== PYTHON SPF POLICY BELOW THIS LINE. ENABLE IF YOU WISH TO USE policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf # === PYTHON SPF POLICY ABOVE THIS LINE === I'm also guessing you are using postscreen > > > Here is a blocked spamas an example: > > > > X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5 > > Did you receive this mail since score = 8.3? > > Pls set final_spam_destiny to D_DISCARD in this way. > > > $final_spam_destiny = D_DISCARD; > > It is worth to have below 2 lines to D_DISCARD as well. > > $final_virus_destiny = D_DISCARD; > $final_banned_destiny = D_DISCARD; > I would like to add that you should NEVER block your customers email. You don't have to pass them to their mailbox necessarily but you should dump them to a quarantine directory and release if needed. I have seen many situation where the system has marked a message as spam or a virus for that matter even though it was not and your customers are looking for that e-mail so you don't want to be that guy. You accomplish that like as follows in your amavis conf file: $QUARANTINEDIR = "/path/to/quarantine/directory"; $virus_quarantine_method = 'local:virus/%m'; $spam_quarantine_method = 'local:spam/%m'; $banned_files_quarantine_method = 'local:banned/%m'; $bad_header_quarantine_method = 'local:bad_header/%m'; > > > > score BAYES_99 4.5 # was 3.5 > > score BAYES_999 2.0 # was 0.2 > > I do NOT conceder the above stuffs so much. I go with defaults. > I agree with above. Keeping with defaults is usually best. You should concentrate on doing everything else before you start messing around with the scores. -- Hermes Secure Email Gateway Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS support, built-in email archiving, end-user self-service web gui. Download the free open-source appliance at: http://www.deeztek.com/hermes-secure-email-gateway/