How to set up anti-spam in Postfix with DNS BL\RBL lists
Its not a secret, that DNS BL\RBL lists are the most powerful and effective mechanism of anti-spam defense at this time (2015).
How it works?
IP-address of remote host checked against one or more DNS BL lists (free for all by default). If IP-address is in the list - mail session is rejected.
How to set it up?
Open main.cf and edit its parameter smtpd_recipient_restrictions. I use four basic DNS BL services:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_override, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, check_recipient_access hash:/etc/postfix/hold
Note the check_client_access hash:/etc/postfix/rbl_override instruction. It is a "white list" for IP-addresses we don't need to check.
Create file rbl_override, fill it with needed hosts and create hash:
1.2.3.4 OK 1.2.3.5 OK host.mail.ru OK
postmap /etc/postfix/rbl_override
Do not forget to reload Postfix settings!
postfix reload
- Hits: 4823