Harden Postfix Server

[gderber]

Configure:

• [x] Spamassassin Milter #63
• [x] OpenDKIM milter[2] #462
• [ ] OpenDMARC milter[2] #429
• [ ] SPF Verification[2]
• [x] ClamAV #64
• [ ] #463
• [ ] DKIM DNS Record[2] #457
• [ ] DMARC DNS Record[2] #456
• [ ] SPF DNS Record[2] #310
• [ ] Use DHParams[5]
• [ ] DANE (DNSSEC) [6]
• [ ] Amavis #461
• [x] #465 [1]
• [x] Enable HELO[1]
• [ ] MTA Strict Transport Security #464
• [ ] Ensure anything "plaintext" is only on tls connections[7]

Refs:

1. https://linux-audit.com/postfix-hardening-guide-for-security-and-privacy/
2. https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-spf-dkim-and-dmarc-in-postfix
3. https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
4. https://netcorecloud.com/tutorials/setup-spf-and-dkim-with-postfix-on-ubuntu/
5. http://charmingwebdesign.com/postfix-hardening-guide-for-security-and-privacy-linux-audit-gdpr-hipaa-itar-dont-use-gmail-gsuite-get-your-own-corporate-server/
6. https://wiki.archlinux.org/title/postfix
7. https://try.popho.be/email.html

• https://help.ubuntu.com/community/Postfix
• https://www.reddit.com/r/linuxadmin/comments/7rhct9/postfix_hardening/
• http://www.michaelfoster82.co.uk/simple-postfix-hardening/
• https://www.howtoforge.com/hardening-postfix-for-ispconfig-3/
• https://willem.com/blog/2019-09-10_harden-postfix-to-block-spammers-configure-postfix-to-block-spam-before-it-enters-the-server/
• https://askubuntu.com/questions/418340/how-to-secure-postfix-on-ubuntu-server
• https://security.stackexchange.com/questions/81944/perfectly-secure-postfix-mta-smtp-configuration
• https://thecrow.uk/email-metadata-tells-all-about-you/