In the server that I'm transitioning from, I also use Postfix. I use sqlgrey 1.7.6 (http://sqlgrey.sourceforge.net) to reduce spam. Sqlgrey has significantly reduced spam for my customers, so I'm now looking to add it to my Virtualmin server as well.

I've looked at the main.cf and see that it has relatively few entries in it compared to my non-Virtualmin server. This makes me also think that I can improve Virtualmin's configuration to improve security and reduce spam. If anyone would like to share what they did with Virtualmin to have a highly-effective Postfix configuration, I'd very much like to hear what you have to say.

Let me start this sharing with a few items in my main.cf. First, here is what I find in my present main.cf:

Code:

smtpd_recipient_restrictions =    permit_mynetworks    permit_sasl_authenticated    reject_unauth_destination

Here is some of what I use on my non-Virtualmin server:

Code:

smtpd_recipient_restrictions =     permit_mynetworks,     permit_sasl_authenticated,     reject_unknown_sender_domain,     reject_non_fqdn_sender,     reject_non_fqdn_recipient,     reject_invalid_hostname,     reject_unauth_destination,     check_helo_access hash:/etc/postfix/smtp_helo_blacklist     reject_unlisted_recipient,     check_policy_service inet:127.0.0.1:2501,     reject_unknown_recipient_domain,     check_sender_access hash:/etc/postfix/access_receive,     check_client_access hash:/etc/postfix/access_client,     check_recipient_access mysql:/etc/postfix/mysql-recipient.cf,     reject_rbl_client list.dsbl.org,     reject_rbl_client sbl-xbl.spamhaus.org,     permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions =     permit_mynetworks,     warn_if_reject     check_helo_access hash:/etc/postfix/helo_access,     permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_etrn_restrictions = reject

Note in particular the line check_policy_service above. This is the line that invokes sqlgrey spam reduction and is very successful in reducing spam. I haven't updated my main.cf in some time, so some of the info above might need updating as well. Of course, I'll need to not use mysql on my Virtualmin servers.

Will I need to make the changes directly in the main.cf file, or is there any Virtualmin UI that I should be using to instrument these changes? It'd make a nice addition if Virtualmin could help make the Postfix system as strong as it can be with respect to spam and security.

I'd appreciate any corrections or suggestions to the above. Also, any additional suggestions for Virtualmin configuration to improve Postfix security and anti-spam efficiency will be appreciated!

Hi, I'd like to try sqlgray... have you integrated this with virtualmin yet? Would you be willing to post a quick overview of the steps?

I'm fairly ignorant of postfix (used qmail before migrating to virtualmin), so any help would be great.

I'm experimenting with policy servers at the moment, and as soon as I find one we're comfortable with, it'll be a default part of the system. Greylisting, of course, is one of the more effective policies (but not the only one we care about--we'd also like to add SPF and DomainKeys support). The one I really like has been abandoned by its maintainer, so I'm looking at other alternatives...and spending a little time with the code of the one I like to see if we'd be willing to adopt it.