Steps to Protect Email Server on the Internet

  • Allow email relay only to authorzed hosts/subnets/domains.

  • If users need to send email from untrusted subnets, set SMTP AUTH and protect connections with SSL.

  • For IMAP/POP3 connections from untrusted networks, enable IMAPS/POP3S (tcp/993 and tcp/995).

  • Implement Postfix ant-spam configuration in /etc/postfix/main.cf: 
    
header_checks = regexp:/etc/postfix/bad_headers
    In /etc/postfix/bad_headers: 
    
/^Subject: Mortgage Low Rates / REJECT
/^(From:Received):.prodigy\.net/ REJECT
    Reject "non-fully qualified host names" and "non qualified domains" (unresolvable by DNS): 
    
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
  • Implement Virus and SPAM filtering software, for example, ClamAV and Spamassassin.



  • Reference on How To Install Postfix, Amavis, ClamAV, and Spamassassin.
    Previous Pageprevious First Pagetop Next Pagenext