Now that we've covered the many aspects of Postfix's anti-spam arsenal, we'll finish with an example configuration. Requirements vary considerably from site to site, so it's impossible to make actual recommendations apart from the considerations that have been discussed in this chapter. Example 11-2 can provide a starting point, but you must decide for yourself which restrictions fit your own circumstances.
Example 11-2. Sample restrictions to block UBE
smtpd_restriction_classes = spamlover spamhater spamhater = reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_sender_domain reject_rbl_client nospam.example.com spamlover = permit smtpd_helo_required = yes smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access smtpd_helo_restrictions = reject_invalid_hostname check_helo_access hash:/etc/postfix/helo_access smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access hash:/etc/postfix/sender_access smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient reject_unknown_recipient_domain smtpd_data_restrictions = reject_unauth_pipelining header_checks = /etc/postfix/header_checks body_checks = /etc/postfix/body_checks
You should enter IP and email addresses into the access tables
from messages you receive that you have identified as spam. It's very
difficult to block a lot of spam with the
check_sender_access restrictions ...