Originally Posted by tlsuess
No, Postfix is setup to receive outside e-mail but I was wondering if there's a way to disable SMTP access to prevent spamming with my server.
No, you can't. The outside world *only* gets its messages to you - legitimate and Spam - via SMTP.
Messages from the outside world come to your Postfix server via the Simple Mail Transfer Protocol. SMTP. Example:
mails Becky in England (who is not one of your users).
Becky replies. That reply requires Becky's ISP's mail server to:
a) look up yourdomain.com via DNS to find out what it's mail exchanger (MX) record is
b) make a connection, a SMTP
connection, to your MX
c) make it past any anti-spam defences you have set up in Postfix and if successful transmit the message payload.
d) Your Postfix server completes the delivery of the message to the users Maildir (more than likely) or hands it off to another process (such as Dovecot) to complete the delivery (not uncommon either)
Note step B. If you shut off SMTP from the outside world, you shut off all mail from the outside world, good, bad or indifferent.
I'm assuming that you aren't managing a ton of domains and a truck load of users. If this is the case I have good news for you - in that environment it is easily
possible to configure Postfix so that the vast majority of Spam connections to your SMTP server (Postfix) are blocked. Shunned. Door-slammed on them.
I'm not suggesting the solution I have in mind for you is designed only for small environments - far from it. An experienced mail admin would find it possible to extend the same protection to a very large and diverse group of users; the key difference is with a large diverse group of users often needs are quite different and you have to implement more user-driven choice in your solutions. In a smaller environment often you get to make all the choices for all, and that frequently makes things "easier".
Install and configure policyd-weight.
It is a single file Perl daemon plus a configuration file. The defaults will immediately improve your anti-spam defences. You can tune it, add more - whatever - but just get the basics in. It isn't hard to configure Postfix to use this and if you get stuck you can raise a thread here or reply to this one.
I run a number of mail servers - all Postfix - and policyd-weight is a key feature on all of them. In fact one server recently I disabled my spam content filters while doing an upgrade; the content filter is only used to file spam into a "Junk" folder, not for blocking, because I don't need to block spam, we get so little thanks to a well configured Postfix and policyd-weight.
In addition to policyd-weight you'll want to fine tune your Postfix setup to reject senders under certain conditions. I think that should be step two - deal with policyd-weight first. Your users, and your server, will thank you.