Postfix spam prevention with simple means


I've published already quite a few tutorials on greylisting, rbls and so on. Here's another tutorial showing how you can reduce your spam with rather simple means.

 
First of all we need to edit the file /etc/postfix/main.cf and add those lines:
smtpd_helo_required     = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo_check, permit
 
The file /etc/postfix/helo_check has to be created of course, with the following content:
/^domain.tld$/ 550 Don't use my hostname
/^123.123.123.123$/ 550 Don't use my IP address
/^[123.123.123.123]$/ 550 Don't use my IP address
/^[0-9.]+$/ 550 Your software is not RFC 2821 compliant
/^[0-9]+(.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant
domain.tld or 123.123.123.123 of course has to be replaced with your hostname or IP address.
 
This blocks some spam, before it's even treated by the server, assuming that many spammers don't keep standards, etc. Depending on the amount of mails, this could already decrease a little the load of a server.
 
Many spammers don't send correct helo's, don't keep RFC standards or try to use your IP address or domain. This kind of stuff is blocked by the above modifications.
 
Of course you have to reload postfix: /etc/init.d/postfix reload