> If you are using Postfix, the following smtpd_recipient_restrictions work
> well for us. Note that you need to install policy-spf-python before you can
> use the last directive.:
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,
> reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender,
> reject_unknown_sender_domain, reject_non_fqdn_recipient, reject
_unknown_recipient_domain, check_policy_service unix:private/policy-spf
I used reject_unknown_recipient_domain before. Now I do NOT use it.
> policy-spf-python in Ubuntu is installed as follows:
> sudo apt-get install postfix-policyd-spf-python
> Then in your postfix master.cf you add the following:
> # ==== PYTHON SPF POLICY BELOW THIS LINE. ENABLE IF YOU WISH TO USE
> policy-spf unix - n n - - spawn
> user=nobody argv=/usr/bin/policyd-spf
> # === PYTHON SPF POLICY ABOVE THIS LINE ===
> I'm also guessing you are using postscreen
>> > Here is a blocked spamas an example:
>> > X-Spam-Status: Yes, score=8.308 tag=-999 tag2=5.5 kill=7.5
>> Did you receive this mail since score = 8.3?
>> Pls set final_spam_destiny to D_DISCARD in this way.
>> $final_spam_destiny = D_DISCARD;
>> It is worth to have below 2 lines to D_DISCARD as well.
>> $final_virus_destiny = D_DISCARD;
>> $final_banned_destiny = D_DISCARD;
> I would like to add that you should NEVER block your customers email. You
> don't have to pass them to their mailbox necessarily but you should dump them
> to a quarantine directory and release if needed. I have seen many situation
> where the system has marked a message as spam or a virus for that matter even
> though it was not and your customers are looking for that e-mail so you don't
> want to be that guy. You accomplish that like as follows in your amavis conf
> $virus_quarantine_method = 'local:virus/%m';
> $spam_quarantine_method = 'local:spam/%m';
I do not use above 2 lines. I think it is set to default since I can
release quarantine mail with amavisd-release command.
> $banned_files_quarantine_method = 'local:banned/%m';
I think the above is also a default setting.
> $bad_header_quarantine_method = 'local:bad_header/%m';
yes, I use the above line due to this line
$bad_header_quarantine_method = undef;
I use below 2 lines to release mails
$bad_header_quarantine_method = 'local:badh-%m';
$bad_header_quarantine_to = 'bad-header-quarantine';
anyway, having those settings OK too.
>> > score BAYES_99 4.5 # was 3.5
>> > score BAYES_999 2.0 # was 0.2
>> I do NOT conceder the above stuffs so much. I go with defaults.
> I agree with above. Keeping with defaults is usually best. You should
> concentrate on doing everything else before you start messing around with the
> Hermes Secure Email Gateway
> Hermes Secure Email Gateway combines Open Source technologies such as
> Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under
> one unified web based Web GUI for easy administration and management of your
> incoming and ougoing email for your organization. Anti-spam, anti-virus and
> anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS
> support, built-in email archiving, end-user self-service web gui.
> Download the free open-source appliance at:
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts