Adapted Postfix configuration to block typical spam sending

[stonemaster]

mail servers using an enhanced client, sender and helo
restriction configuration.

The configuration has been adapted using this blog post:
https://www.webstershome.co.uk/2014/04/07/postfix-blocking-spam-enters-server/

Basically mail servers having invalid configuration (as e.g. sending
from and dynamic IP or a misconfigured hostname) will have their
mails rejected.

Additionnally three RBL servers are used to detect spam sending
IPs: dnsbl.sorbs.net, zen.spamhaus.org and bl.spamcop.net.

The results of a 12h test drive using a 100+ daily spam
mail account (SpamAssasin was always enabled, just counting
delivered mails to inbox not counting what SA detected):

• Before: 34 incoming mails
• Afer change: 6 incoming mails (82% reduction)

Fixes #161.

[tomav]

reject_non_fqdn_hostname is for postfix <2.3 no? It should be reject_non_fqdn_helo_hostname.

Same for reject_invalid_hostname => reject_invalid_helo_hostname

Have a look to http://www.postfix.org/postconf.5.html

[tomav]

Hi @stonemaster, thank you for this enhancement on postfix configuration.
I commented your commit because I think that some of postconf keys are for postfix <2.3
Could you please have a look to http://www.postfix.org/postconf.5.html ?

Thank you.

[tomav]

Regarding the tests and CI, don't worry it happen often on this test.

not ok 10 checking imap: server is ready with STARTTLS
# (in test file test/tests.bats, line 56)
#   `[ "$status" -eq 0 ]' failed

I'll have to find the reason. When you'll submit your modification, tests will be restarted.

[stonemaster]

Thanks for the review! That's a nice catch. I have been using those hostname* configuration options since ever and never noticed that have been deprecated for ages :-) It's funny though that nearly every blog post on anti-spam postfix configuration uses the deprecated configuration options. I also checked that the other options are recent and not deprecated.

[tomav]

Thank you @stonemaster !