Configuração dos filtros de segurança
  1. Editar o arquivo /etc/postfix/main.cf. Descomentar as seguintes linhas:
    #smtpd_helo_required = yes
    #smtpd_reject_unlisted_recipient = yes
    #smtpd_helo_restrictions =
    #                               permit_sasl_authenticated,
    #                               check_helo_access hash:/etc/postfix/access,
    #                               permit_mynetworks,
    #                               reject_invalid_hostname
    #
    #smtpd_sender_restrictions =
    #                               permit_sasl_authenticated,
    #                               check_sender_access hash:/etc/postfix/access,
    #                               permit_mynetworks,
    #                               reject_unauth_destination,
    #                               reject_unknown_sender_domain,
    #                               reject_invalid_hostname,
    #                               reject_non_fqdn_sender,
    #                               reject_unknown_recipient_domain
    #
    #smtpd_client_restrictions =
    #                               permit_sasl_authenticated,
    #                               check_client_access hash:/etc/postfix/access,
    #                               permit_mynetworks,
    #                               reject_unknown_client,
    #                               reject_rbl_client bl.spamcop.net,
    #                               reject_rbl_client dnsbl.njabl.org,
    #                               reject_rbl_client list.dsbl.org,
    #                               reject_rbl_client sbl.spamhaus.org
    #
    #smtpd_recipient_restrictions =
    #                               permit_sasl_authenticated,
    #                               check_recipient_access hash:/etc/postfix/access,
    #                               permit_auth_destination,
    #                               reject_unauth_pipelining,
    #                               reject_non_fqdn_recipient,
    #                               reject_unknown_recipient_domain,
    #                               permit_mynetworks,
    #                               reject_unauth_destination,
    #                               warn_if_reject,
    #                               reject_non_fqdn_hostname,
    #                               reject_non_fqdn_sender,
    #                               reject_non_fqdn_recipient,
    #                               reject_invalid_hostname
    
    
    
    #smtpd_sasl_auth_enable   = yes
    #broken_sasl_auth_clients = yes
    #smtpd_sasl_type          = dovecot
    #smtpd_sasl_path          = private/auth
    
  2. Instalar o pacote postgrey:
    urpmi postgrey
  3. Editar o arquivo /etc/sysconfig/postgrey. Descomentar a seguinte linha:
    #OPTIONS="--inet=127.0.0.1:10031"
  4. Iniciar o serviço postgrey e certificar que o mesmo inicializa no boot do sistema:
    service postgrey start
    chkconfig postgrey on
  5. Instalar a dependência para o filtro SPF:
    urpmi perl-Mail-SPF-Query
  6. Baixar o o script perl do SPF para o local adequado:
    cd /usr/lib64/postfix
    wget http://suporte.lbr.com.br/confs/eadm/postfix-policyd-spf-perl
    chmod a+x postfix-policyd-spf-perl
    Ps.: Caso a arquitetura seja 32 Bits:
    cd /usr/lib/postfix
    wget http://suporte.lbr.com.br/confs/eadm/postfix-policyd-spf-perl
    chmod a+x postfix-policyd-spf-perl
  7. Editar o arquivo /etc/postfix/master.cf
    spf-policy   unix  -  n  n  -  -  spawn
       user=nobody argv=/usr/bin/perl /usr/lib64/postfix/postfix-policyd-spf-perl
    Ps.: Caso a arquitetura seja 32 Bits:
    spf-policy   unix  -  n  n  -  -  spawn
       user=nobody argv=/usr/bin/perl /usr/lib/postfix/postfix-policyd-spf-perl
  8. Editar o arquivo /etc/postfix/main.cf. Adicionar as seguintes linhas (em negrito):
    smtpd_sender_restrictions =
                                   permit_sasl_authenticated,
                                   check_sender_access hash:/etc/postfix/access,
                                   permit_mynetworks,
                                   reject_unauth_destination,
                                   check_policy_service unix:private/spf-policy,
                                   check_policy_service inet:127.0.0.1:10031,
  9. Reiniciar o postfix:
    service postfix restart
IP
3.237.16.210