Tips to Block Email Spam with Postfix SMTP Server

By on July 11th, 2020

The Postfix is a Mail Transfer Agent (MTA), and it is an application that helps to send and receive emails. The queues in Postfix are categorized as pending and differed. If an unsolicited message or spam gets sent using a messaging system, then it is known as spamming. Email spam is one of the most recognized spamming, whereas spamming also occurs in other social platforms. In this knowledge base, we learn about some tips to block email spam with the Postfix SMTP server. In this tutorial, we can check some tips to Block Email Spam with Postfix SMTP Server.

1) Reject Email

We recommend that you set rules to reject emails if the sender’s email is not having a valid MX record or A record. The sender’s email address is also known as ‘envelope from’ address in Postfix. Some spammers use a non-existing domain to send emails. The Postfix finds the A record of the main domain if the domain of the sender does not have the MX record, and then sends the email to the host. If the domain does not have an A record and MX record, then Postfix won’t be able to send emails to that domain. So, we can reject emails from such domains using the following process.

Edit the Postfix main configuration file to filter out spams from domains without MX record or A record.

$ sudo vim /etc/postfix/main.cf

Add the following lines under the ‘smtpd_sender_restrictions’ section. The following line in the main configuration file informs the server to reject emails from the sender if they don’t have a valid MX or A record.

smtpd_sender_restrictions =
reject_unknown_sender_domain

Then, save and close the configuration file. After that, restart the Postfix to make sure that the changes get reflected.

$ sudo systemctl restart postfix

 

To reject emails, if

  1. SMTP client does not have a valid PTR record.
  2. SMTP client hostname does not have a valid A record.

And to enable HELO/EHLO hostname restriction, add the following lines under the smtpd_sender_restrictions section of the Postfix main configuration file. After adding the following lines in the main.cf file, restart the Postfix to reflect the changes.

smtpd_sender_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_sender_domain
reject_unknown_reverse_client_hostname
reject_unknown_client_hostname

 

2) Enable Greylisting

By default, the Postfix resends the failed email multiple times before informing the sender that the email could not be delivered. The Postgrey is a Postfix greylisting policy server. You can install the ‘Postgrey’ and enable greylisting on Ubuntu by following the below process

Run the following command to install Postgrey. After the installation, Postgrey gets automatically started.

$ sudo apt install postgrey

Execute the below command to check the status of the installed Postgrey.

$ sudo systemctl status postgrey

By default, Postgrey listens on TCP 10023 port on the localhost. To check the same, run the following command.

$ sudo netstat -lnpt | grep postgrey

By default, the time for greylisting is 300 seconds. If you want to change that time, you need to edit the /etc/default/postgrey file.

Open the /etc/default/postgrey file by using any of the text editors.

$ sudo nano /etc/default/postgrey

Find the “POSTGREY_OPTS=”–inet=10023″” line and replace that to the following if you want to change the greylist time to 60 seconds.

POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60"

Save and close the file and then restart the Postgrey for the changes to reflect.

$ sudo systemctl restart postgrey

Next, edit the Postfix main configuration file to make Postfix use the Postgrey server.

Open the main.cf file using any of the text editors.

$ sudo nano /etc/postfix/main.cf

Then, add the following line under the “smtpd_recipient_restrictions” section.

check_policy_service inet:<ip_address>:10023

Save and close the file and then restart Postfix to reflect the changes.

$ sudo systemctl restart postfix

After making all these changes, the messages or email gets greylisted or rejected by Postgrey, if any of the sender triplets is new. The sender’s triplets are a sender IP address, recipient email address, and sender email address. The greylisting can result in bad user experience. To avoid this, you can create a whitelist. Postgrey offers two whitelist files /etc/postgrey/whitelist_recipients and /etc/postgrey/whitelist_clients. The former contains the recipient’s email address, and the latter has the list of hostnames. In Postgrey, the mail servers whitelisted by default are Google’s mail servers.

 

3) Use the Public Anti-Spam Blacklists

The spammers also use email addresses with a valid hostname, PTR record, and an A record to send emails and because of which these emails pass the greylisting. In this scenario, we can use the public anti-spam blacklists to reject spam. You can visit the https://www.debouncer.com and mxtoolbox.com websites and then enter the spammer’s domain name or IP address to check which blacklists are blocking those spammers. After that, you can use that blacklist to reject emails from them. To do the same, follow the below steps:

Open the Postfix main configuration file using any of the text editors.

$ sudo nano /etc/postfix/main.cf

Add the following lines under the smtpd_recipient_restrictions section.

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rhsbl_helo <blacklists_name>,
reject_rhsbl_reverse_client <blacklists_name>,
reject_rhsbl_sender <blacklists_name>,
reject_rbl_client <blacklists_name>

In the above lines, replace the <blacklists_name> with the public blacklists, which have blacklisted the spammers.

 

4) Create a Whitelist

There is a chance that a legitimate email address gets blacklisted. So, to avoid such a situation, we can whitelist such email addresses. To do the same, follow the below steps:

Create the following file under the Postfix directory.

$ sudo nano /etc/postfix/rbl_override

In the created file, add the whitelist domain names in the following format. In the following format, replace the <domain_name> flag with the actual domain name that you want to whitelist.

<domain_name>  OK

Save and close the file.

Create the ‘rbl_override.db’ file by executing the following command.

$ sudo postmap /etc/postfix/rbl_override

Open the Postfix main configuration file using any of the text editors.

$ sudo nano /etc/postfix/main.cf

Then, add the following line in the smtpd_recipient_restrictions section.

check_client_access hash:/etc/postfix/rbl_override,

Reload the Postfix to make sure that the changes get reflected.

$ sudo systemctl reload postfix

 

Conclusion

If an unsolicited message or spam gets sent using a messaging system, then it is known as spamming. You can use the Postfix SMTP server to block email spam. The Postfix is a Mail Transfer Agent (MTA), and it is an application that helps to send and receive emails. We hope that this knowledge base was helpful to you. Please comment below for any questions or queries. If you are an InterServer customer, please reach out to our support team for further help.

Leave a Reply