Reducing Spam with postfix, SpamAssassin and AMaVIS on Ubuntu
The Spam Problem
I’ve set up postfix to forward emails, for my various addresses, to my usual email address. Postfix is running on my wonderful server with Digital Ocean. I started to receive a lot of spam; so I installed a spam filter. However, SpamAssasin doesn’t actually stop spam, it just flags it as spam (with a spam score - indicating how spam-like the email was).
As a consequence I still received more spam than I was comfortable with.
The Solution
Update Postfix to Stop Some Spam
First I made the following changes to my /etc/postfix/main.cf
after reading
this article on filtering spam with postfix:
# try to reduce the spam!
# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
# Sender restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
# Recipient restrictions:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
permit
# Block clients that speak too early
smtpd_data_restrictions = reject_unauth_pipelining
Use AMaVIS to Block Spam Flagged by SpamAssassin
Second, I followed this guide from Ubuntu to set up AMaVIS-New.
However, when I tried to start postfix
, the mail log said that there was
already something running on port 10025.
So, I changed the port in the master.cf
file from 10025 to 10026 and added the
following lines to /etc/amavis/conf.d/50-user
:
$notify_method = 'smtp:[127.0.0.1]:10026';
$forward_method = 'smtp:[127.0.0.1]:10026';
Gmail
I also found a problem with trying to send emails to GMail. It said:
postfix/smtp[]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c05::1a]:25: Network is unreachable
This was fixed by adding the following to /etc/postfix/main.cf
:
inet_protocols = ipv4
However, sorting out IPv6 networking may have been a better solution.
Conclusion
Hopefully this will significantly reduce the spam I get but at the same time not block any legitimate emails.