Linux Mail Server Setup and Howto Guide

Please help me to fight against spammers.

I am using Postfix on RHEL 5 box with the following restrictions -

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, check_relay_domains

Please advice whether any other directive needs to be placed?

Please also advice me whether the reject_rbl_client lists are OK?  What I mean to say is, for example, I am using reject_rbl_client sbl.spamhaus.org.  Please advice whether the url is correct or it should be http://www.spamhaus.org?

Please also advice me on whether the reject_rbl_client directives need to be re-ordered, e.g. whether I can put cbl.abuseat.org first before sbl.spamaus.org?  Please let me know, whether it results in performance delay?  What is Industry's "best practice"?

postconf -n output is given below -

[root@mail postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail -f- -a "$USER"
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 15728640
mydestination = keltonsec.com mail.keltonsec.com
myhostname = mail.keltonsec.com
mynetworks = 127.0.0.1
myorigin = keltonsec.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = Hi !! Nice to meet you
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname, reject_invalid_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = //etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
[root@mail postfix]#

Thanks

Atanu