The following helped me immensely with such problems: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-2.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_helo_required = yes disable_vrfy_command = yes I hope this helps. ----- Eric F Crist On Jul 28, 2012, at 14:19:51, Raymond Norton <admin at lctn.org> wrote: > We run mailscanners for a number of domains on our WAN. Lately, we have been hammered with 100s of thousands of spam messages, forged with bogus email addresses of our local domain or the fqdn of the relay server. Wondering what the best way is to combat this. I could possibly implement spf checking to my postfix config, or maybe a simple access list check of allowed IPs??? > > > Any recommendations appreciated. > > > Raymond > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list