Today suddenly my email server stopped accepting incoming connections. I wasn’t able to send any emails. After careful checking logs I have figured out that I’m a victim of DOS attack. More – I asked for it tuning maximum number of incoming connections in my firewall to low. Anyway, after correcting firewall I started to look over the internet how to better secure my Postfix configuration to prevent such problems in the future. What I have found is some simple main.cf tweaks posted on the nixCraft site:

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit

smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Simple as that, and it works. Now I can see how my server is rejecting spammers one by one without even talking to them past HELO command.

Technorati Tags: email server, DOS attack, Postfix