I am trying to block spam coming into a mail server I admin. Config OpenSuSe11.3/Postfix/Dovecot Router TP-Link TD-W8920G Log below of incoming spam. Spamassassin correctly identifies it. It is delivered to one active mail box and bounced from another deleted user. main.cf (lots from falko's suggestions) included Questions. 1. From log: May 2 09:28:59 mmay-server postfix/smtpd[6063]: 5C7B5E43FA: client=unknown[192.168.6.2] The connecting server delivering the message is client=unknown[192.168.6.2]. 192.168.6.2 is the router's local ip. Why isn't the incoming mail server's external IP revealed? Is it a misconfiguration of my router? The router port forwards to the mail server box on 192.168.6.1 2. From log: May 2 09:29:03 mmay-server postfix/smtp[6087]: certificate verification failed for mx1.xrea.com[202.172.25.31]:25: untrusted issuer /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority May 2 09:29:04 mmay-server postfix/smtp[6087]: BEC6EE4472: to=<[email protected]>, relay=mx1.xrea.com[202.172.25.31]:25, delay=4.2, delays=0.05/0.01/2.8/1.3, dsn=2.0.0, status=sent (250 ok 1335914945 qp 19895) These lines seem to indicate that some info is captured to identify spamming server. How can I use it to stop spam? Thanks, Tim Log May 2 09:28:59 mmay-server postfix/smtpd[6063]: 5C7B5E43FA: client=unknown[192.168.6.2] May 2 09:29:00 mmay-server postfix/cleanup[6073]: 5C7B5E43FA: message-id=<69l85h57j48-69308177-739w3l27@kkqnbcqhj> May 2 09:29:00 mmay-server postfix/qmgr[17341]: 5C7B5E43FA: from=<[email protected]>, size=813, nrcpt=2 (queue active) May 2 09:29:00 mmay-server spamd[4755]: spamd: connection from localhost [127.0.0.1] at port 36258 May 2 09:29:00 mmay-server spamd[4755]: spamd: setuid to nobody succeeded May 2 09:29:00 mmay-server spamd[4755]: spamd: processing message <69l85h57j48-69308177-739w3l27@kkqnbcqhj> for nobody:65534 May 2 09:29:00 mmay-server spamd[4755]: spamd: identified spam (16.1/5.0) for nobody:65534 in 0.2 seconds, 793 bytes. May 2 09:29:00 mmay-server spamd[4755]: spamd: result: Y 16 - ALL_TRUSTED,BAYES_99,FREEMAIL_FROM,FS_REPLICA,FS_REPLICAWATCH,REPLICA_WATCH,SANE_04e8bf28eb445199a7f11b943c44d209,SANE_3b92eda751c992f230f215fb7eb36844,SANE_4ef8302546bf270a19baf98508afacc4 scantime=0.2,size=793,user=nobody,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=36258,mid=<69l85h57j48-69308177-739w3l27@kkqnbcqhj>,bayes=1.000000,autolearn=spam May 2 09:29:00 mmay-server spamd[3183]: prefork: child states: II May 2 09:29:00 mmay-server postfix/pickup[5960]: A2273E5086: uid=65534 from=<[email protected]> May 2 09:29:00 mmay-server postfix/pipe[6076]: 5C7B5E43FA: to=<[email protected]>, relay=spamassassin, delay=6.9, delays=6.6/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service) May 2 09:29:00 mmay-server postfix/pipe[6076]: 5C7B5E43FA: to=<[email protected]>, relay=spamassassin, delay=6.9, delays=6.6/0/0/0.25, dsn=2.0.0, status=sent (delivered via spamassassin service) May 2 09:29:00 mmay-server postfix/qmgr[17341]: 5C7B5E43FA: removed May 2 09:29:00 mmay-server postfix/cleanup[6073]: A2273E5086: message-id=<69l85h57j48-69308177-739w3l27@kkqnbcqhj> May 2 09:29:00 mmay-server postfix/qmgr[17341]: A2273E5086: from=<[email protected]>, size=3774, nrcpt=2 (queue active) May 2 09:29:00 mmay-server postfix/local[6083]: A2273E5086: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.17, delays=0.1/0.02/0/0.05, dsn=2.0.0, status=sent (delivered to mailbox) May 2 09:29:00 mmay-server postfix/local[6082]: A2273E5086: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.18, delays=0.1/0.01/0/0.07, dsn=5.1.1, status=bounced (unknown user: "kstewart") May 2 09:29:00 mmay-server postfix/cleanup[6073]: BEC6EE4472: message-id=<[email protected]> May 2 09:29:00 mmay-server postfix/bounce[6085]: A2273E5086: sender non-delivery notification: BEC6EE4472 May 2 09:29:00 mmay-server postfix/qmgr[17341]: BEC6EE4472: from=<>, size=5781, nrcpt=1 (queue active) May 2 09:29:00 mmay-server postfix/qmgr[17341]: A2273E5086: removed May 2 09:29:01 mmay-server postfix/smtpd[6063]: disconnect from unknown[192.168.6.2] May 2 09:29:03 mmay-server postfix/smtp[6087]: certificate verification failed for mx1.xrea.com[202.172.25.31]:25: untrusted issuer /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority May 2 09:29:04 mmay-server postfix/smtp[6087]: BEC6EE4472: to=<[email protected]>, relay=mx1.xrea.com[202.172.25.31]:25, delay=4.2, delays=0.05/0.01/2.8/1.3, dsn=2.0.0, status=sent (250 ok 1335914945 qp 19895) May 2 09:29:04 mmay-server postfix/qmgr[17341]: BEC6EE4472: removed postfix/main.cf inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = mmay-server.$mydomain delay_warning_time = 1h message_strip_characters = \0 program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain defer_transports = mynetworks_style = host mydomain = maxmay.com.au mynetworks = 127.0.0.0/8, !192.168.6.2, 192.168.6.0/24 relay_domains = $mydestination, hash:/etc/postfix/relay disable_dns_lookups = no relayhost = #content_filter = smtp-amavis:[127.0.0.1]:10025 content_filter = mailbox_command = mailbox_transport = strict_8bitmime = no disable_mime_output_conversion = no smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access smtpd_client_restrictions = #anti spam settings---> smtpd_helo_required = yes #smtpd_helo_required = no disable_vrfy_command = yes strict_rfc821_envelopes = yes #strict_rfc821_envelopes = no invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit #smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination # <------ end anti spam settings smtpd_helo_restrictions = #smtpd_reject_unlisted_sender = no smtp_sasl_auth_enable = no smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_auth_enable = yes smtpd_use_tls = yes smtp_use_tls = yes smtp_enforce_tls = no smtp_tls_session_cache_timeout = 3600s smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 0 smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
