Email Blacklist?
07-10-2017, 10:15 PM
(This post was last modified: 07-10-2017, 10:16 PM by JonathanNet.)
Hi I am listed on 2 blacklists as showed below the text here, but how do I set it up so its more secure against email spam?
And I edit out the ips and the domain.
![[Image: sJ6gyFh.png]](http://i.imgur.com/sJ6gyFh.png)
My dovecot config:
And my postfix condig (main.cf):
Postfix Config (master.cf)
Hope someone here can help me to stop the email spam, and get my email server more secure
And I edit out the ips and the domain.
My dovecot config:
Code:
##
## Dovecot config file
##
listen = *
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
was present only in Ubuntu file
# SSL configuration - Begin
ssl = yes
ssl_cert = </etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.dk/privkey.pem
# Disable SSLV3 - Poodle
ssl_protocols = !SSLv2 !SSLv3
# SSL configuration - End
protocols = imap pop3 lmtp sieve
auth_mechanisms = plain login
passdb {
driver = sql
args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
mail_location = maildir:/var/sentora/vmail/%d/%n
first_valid_uid = 999
last_valid_uid = 999
first_valid_gid = 8
last_valid_gid = 8
=
mailbox_idle_check_interval = 30 secs
maildir_copy_with_hardlinks = yes
service imap-login {
inet_listener imap {
port = 143
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
}
service lmtp {
unix_listener lmtp {
= 0666
}
}
service imap {
vsz_limit = 256M
}
service pop3 {
}
service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = mail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
service auth-worker {
}
service dict {
unix_listener dict {
mode = 0666
user = vmail
group = mail
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 0
vsz_limit = 64M
}
service managesieve {
}
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
mail_plugins = quota sieve
postmaster_address = postmaster@mydomain.dk
}
protocol imap {
mail_plugins = quota imap_quota trash
imap_client_workarounds = delay-newmail
}
lmtp_save_to_detail_mailbox = yes
protocol lmtp {
mail_plugins = quota sieve
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
was present only in ubuntu file
}
protocol sieve {
managesieve_max_line_length = 65536
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_max_compile_errors = 5
}
dict {
quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf
}
plugin {
# quota = dict:User quota::proxy::quotadict
quota = maildir:User quota
acl = vfile:/etc/dovecot/acls
trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf
sieve_global_path = /var/sentora/sieve/globalfilter.sieve
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/sentora/sieve/
= +notify +imapflags
sieve_max_script_size = 1M
= 32
= 4
}
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
mail_debug=yes
# Things Philip Changed for SSL
= plain login
# don't allow non-TLS connections for IMAP or SASL
= required
# path to the certificate file, should be root:root and 0444
= </etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem
# path to the private key file, should be root:root and 0400
= </etc/letsencrypt/live/mail.mydomain.dk/privkey.pemAnd my postfix condig (main.cf):
Code:
# postfix config file
# uncomment for debugging if needed
soft_bounce=yes
# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
# network settings
inet_interfaces = all
mydomain = mydomain.dk
myhostname = mydomain.dk
mynetworks = 127.0.0.1, myextip
mydestination = localhost.$mydomain, localhost
relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf
# mail delivery
recipient_delimiter = +
# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
= hash:/etc/postfix/transport
=
# virtual setup
virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
regexp:/etc/sentora/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/sentora/vmail
virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# authentication
= yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
= dovecot
= private/auth
# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# path to the certificate file, should be root:root and 0444
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem
# path to the private key file, should be root:root and 0400
smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.dk/privkey.pem
# Allow use of TLS but make it optional
#smtpd_use_tls=yes
# Cache sessions for speed improvement
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
= btree:${data_directory}/smtp_scache
# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3
# Insist on stronger ciphers
smtpd_tls_ciphers = high
# SASL parameters
# Don't forget permit_sasl_authenticated in smtpd_relay_restrictions
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
# Jonathan Add
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
# rules restrictions
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10023,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_client_access hash:/etc/postfix/rbl_override,
check_sender_access hash:/etc/postfix/sender_access
# uncomment for realtime black list checks. (Warn: will also reject false positive)
,reject_rbl_client zen.spamhaus.org
,reject_rbl_client bl.spamcop.net
,reject_rbl_client dnsbl.sorbs.net
,reject_rbl_client cbl.abuseat.org
smtpd_helo_required = yes
= 554
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_banner = $myhostname ESMTP
message_size_limit = 20480000Postfix Config (master.cf)
Code:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=spamassassin
# -o content_filter=smtp-amavis:127.0.0.1:10024
# -o receive_override_options=no_address_mappings
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# ====================================================================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
-o smtpd_helo_required=no
-o smtpd_restriction_classes=
-o disable_vrfy_command=no
-o strict_rfc821_envelopes=yes
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}Hope someone here can help me to stop the email spam, and get my email server more secure
