Posted by Vince Wadhwani on Feb 08, 2007

A few months ago I wrote about how to setup your own mail server using Postfix and a few other open source components. Chances are, if you followed the instructions, your spam went way down thanks to the magic of postgrey. But there are still a few simple ways to whittle the spam you get down even further. Here are a few simple techniques:

The first things we'll want to do is have postfix reject any mail from unknown hosts. Spammers some time create their very own domain names that don't exist. Bouncing emails will thus be futile since nobody ever sees them. Well, if we know that the domain doesn't exist, why don't we just reject that spam to start with? Good idea! To do it modify this line to your /etc/postfix/main.cf file so it looks like this:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, check_policy_service inet:127.0.0.1:60000

Another thing we can do is reject mail from computers that don't know their own hostname. It's a bit sneaky, but it reeks of people who have set up bots or quick servers to send out spam. Any mail server that hasn't been configured even close to correctly is almost certainly owned by a spammer. So let's add this line to our main.cf to take care of it:

smtpd_helo_restrictions = reject_unknown_helo_hostname

Lastly, spammers sometimes use a technique called 'slamming' whereby they fire all the SMTP commands necessary to transmit an email message to another mail server without waiting for the normal SMTP responses. Blech! Stopping this is as simple as adding this one line to your main.cf file:

smtpd_data_restrictions = reject_unauth_pipelining

Now that we're done, let's go ahead and restart postfix:

sudo /etc/init.d/postfix stop
sudo /etc/init.d/postfix start

And that's it! Hopefully the additions of these lines will help slow down your spam even further without the need to rely on Realtime Blacklists (RBL) or whitelists.