Mail and SMTP

Version 10 by Stephane Carrez

SMTP

RSPAMD

Spamhaus

Configure Postfix::

smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        check_client_access hash:/etc/postfix/rbl_override,
        reject_rhsbl_sender         <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
        reject_rhsbl_helo           <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
        reject_rhsbl_reverse_client <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
        reject_rhsbl_sender         <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
        reject_rhsbl_helo           <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
        reject_rhsbl_reverse_client <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
        reject_rbl_client           <key>.zen.dq.spamhaus.net=127.0.0.[2..255],
rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map

Problems & Solutions

SPF issues

  • EHLO miss-match between announced name, IP and reverse
  • missing TXT SPF record for the announced EHLO name

Example: if MX is smtp.vacs.fr

  • reverse DNS of server IP must be smtp.vacs.fr
  • there must be a TXT record 'smtp.vacs.fr' with v=spf1 a mx -all

verify with https://www.mail-tester.com

See SPF Common Mistakes