How to set up anti-spam in Postfix with DNS BL\RBL lists

Its not a secret, that DNS BL\RBL lists are the most powerful and effective mechanism of anti-spam defense at this time (2015).

How it works?

IP-address of remote host checked against one or more DNS BL lists (free for all by default). If IP-address is in the list - mail session is rejected.

How to set it up?

Open main.cf and edit its parameter smtpd_recipient_restrictions. I use four basic DNS BL services:

smtpd_recipient_restrictions = permit_mynetworks,
                        reject_unauth_destination,
                        check_client_access hash:/etc/postfix/rbl_override,
                        reject_rbl_client bl.spamcop.net,
                        reject_rbl_client zen.spamhaus.org,
                        reject_rbl_client cbl.abuseat.org,
                        reject_rbl_client b.barracudacentral.org,
                        check_recipient_access hash:/etc/postfix/hold

Note the check_client_access hash:/etc/postfix/rbl_override instruction. It is a "white list" for IP-addresses we don't need to check.

Create file rbl_override, fill it with needed hosts and create hash:

1.2.3.4 OK
1.2.3.5 OK
host.mail.ru OK
postmap /etc/postfix/rbl_override

Do not forget to reload Postfix settings!

postfix reload

Tags: postfix (en)

PrintEmail

Add comment


Security code
Refresh