Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database

October 16, 2007in CentOS, Debian / Ubuntu, EMail Servers, Linux, UNIX last updated October 16, 2007

Q. How do I configure my Postfix mail server to scan incoming mail for spam using DNS Blackhole List such as:
a) The Spamhaus
b) Open Relay Database etc

A. To discard spam or garbage email you can use 3rd party services such as Spamhaus. These are realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus or other project team and supplied as a free service to help email administrators better manage incoming email streams.

Postfix MTA DNS Blackhole Lists Configuration

Under Postfix mail server you need to define DNSRBLs in main.cf file using the smtpd_recipient_restrictions configuration directive. Open main.cf file:
# vi /etc/postfix/main.cf
Locate smtpd_recipient_restrictions line and setup reject_rbl_client as follows:

smtpd_recipient_restrictions =
....
.....
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
....
   permit

Here is my complete configuration:

smtpd_recipient_restrictions =
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit

Save and close the file. Restart / reload postfix mail server:
# /etc/init.d/postfix restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

5 comment

raj says:
October 23, 2007 at 3:37 pm
plz. can any one tell me how to configure pop3 and smtp base mail server step by step i am new to it.
Reply Report comment
Tomas says:
March 6, 2008 at 10:08 am
A little late, but in case you haven’t switched
to exchange already:
http://www.workaround.org
Really nice mailserver setup.
A little late I know, but in case others find this post and wondering the same.
Reply Report comment
Rico says:
March 8, 2009 at 7:01 am
This needs to be in smtpd_client_restrictions, not in smtpd_recipient_restrictions
Reply Report comment
BOK says:
May 10, 2009 at 1:56 pm
Rico is right: http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
Reply Report comment
Ben says:
January 15, 2013 at 6:35 pm
Actually, it appears that the original post is, in fact, correct. These directives should indeed be in smtpd_recipient_restrictions. The rationale is unintuitive, but take a look at the following articles:
http://www.akadia.com/services/postfix_uce.html (under the heading “SMTPD RECIPIENT Restrictions”)
“Note that all of the restrictions are in the recipient section because we like to have as much information as possible before rejecting an email. If you were to reject at smtpd_client_restrictions, then you would not be able to determine the helo, sender, and recipient information, which could help improve the filters.”
http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix
Reply Report comment

nixCraft

nixCraft

Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database

Postfix MTA DNS Blackhole Lists Configuration

Posted by: Vivek Gite

Share this on:

5 comment

Leave a Comment Cancel reply