We Bring In Tomorrows Technology

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

Tightening SPAM control on ISPConfig Server

E-mail Print PDF
User Rating: / 11

Recently one of my clients shifted from Plesk to ISPConfig, and I was asked to setup ISPConfig control panel on it. We followed an ISPConfig Howto from howtoforge.com . The installation was (almost) a breeze. Migration from plesk to ISPConfig was quite painful. But anyway, we did it.

Later when the system went live and remained in production for more than a week, we noticed that there is a lot of spam coming in. The postfix mail server needed some additional armor. I wanted some important checks, such as helo, RBL and SPF. Below is how I added that extra level of protection.


First, I want to thank and acknowledge the authors of following web pages, which helped me in achieving this:





For SPF, I downloaded the postfix-SPF (module/plugin) from http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz , and installed it as following:


cd /root/

wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz

tar xzf postfix-policyd-spf-perl-2.007.tar.gz

cp postfix-policyd-spf-perl-2.007/postfix-policyd-spf-perl /usr/libexec/postfix/

chmod +x /usr/libexec/postfix/postfix-policyd-spf-perl


Then I had to add the following text (it is one /single long line) to bottom of /etc/postfix/master.cf :-


vi /etc/postfix/master.cf


spfpolicy unix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/postfix-policyd-spf-perl



  • You can use Tabs instead of spaces in the line above. Refer to INSTALL file which comes with the tarball.
  • The INSTALL file uses the word policy, instead of spfpolicy, as shown here. It does not matter. Whatever you choose to use, make sure that you use the same in master.cf and main.cf files.


I then edited my /etc/postfix/main.cf file and added the following text. The text below contains SPF checks, RBL checks, invalid helo checks, invalid host-name checks, etc.


vi /etc/postfix/main.cf

. . .

(Change the following line:)

smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf


(Change to:)

smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit


Note: The line above is single line.


(Then add the following text:)

policy_time_limit = 3600smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service unix:private/spfpolicy, permit


Note: smtpd_* lines shown above are individual long single lines. (Tip: smtpd_* till permit is one line.)


After you save this file, restart postfix service :


service postfix restart


That's all. I hope it to be helpful to those switching to ISPConfig, or Postfix server in particular. You can discuss anything related to this in http://forums.wbitt.com


You are here How To / Tutorials Tightening SPAM control on ISPConfig Server