First steps before enabling Anti-Spam solution
The Anti-spam solution as "content" filtering must be the last module you have to add on your Artica server, some severals settings can be implemented in order to enforce your SMTP service...
A) Standard SMTP RFC
The MTA provides some settings that can be used in order to not accept all messages:
- On the Postfix MTA Mail system section, choose "Security" icon.
- Click on "Connection filters" tab
- Click on "Senders Computers restrictions" icon
- There are some option to enable in order to enforce the your MTA verifications before accepting messages.
Reject unknown client hostname:
Reject the client when
- 1) the client IP address=name mapping fails,
- 2) the name=address mapping fails,
- 3) the name=address mapping does not match the client IP address
Reject unknown reverse client hostname
Reject the SMTP connection when
the client IP address has no address=name mapping.
This is a weaker restriction than the reject unknown client hostname rule,
which requires not only that
the address=name and name=address mappings exist,
but also that the two mappings reproduce the client IP address.
Reject unknown sender domain
Reject the request when Postfix is not final destination
for the sender address, and the MAIL FROM address has no DNS or MX record,
or when it has a malformed MX record
such as a record with a zero-length MX hostname
Reject invalid hostname
Reject the request when the client has a bad hostname syntax.
Reject non fqdn sender
Reject the request when the MAIL FROM address
is not in fully-qualified domain form,
as required by the RFC.
This specifies the response code to rejected requests (default: 504).
Reject forged emails
reject emails that pretend to be sent from your domains but not authenticated and not listed in your network list