Configure Postfix for DNS Blackhole Lists such as / database

Q. How do I configure my Postfix mail server to scan incoming mail for spam using DNS Blackhole List such as:
a) The Spamhaus
b) Open Relay Database etc

A. To discard spam or garbage email you can use 3rd party services such as Spamhaus. These are realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus or other project team and supplied as a free service to help email administrators better manage incoming email streams.

Postfix MTA DNS Blackhole Lists Configuration

Under Postfix mail server you need to define DNSRBLs in file using the smtpd_recipient_restrictions configuration directive. Open file:
# vi /etc/postfix/
Locate smtpd_recipient_restrictions line and setup reject_rbl_client as follows:

smtpd_recipient_restrictions =

Here is my complete configuration:

smtpd_recipient_restrictions =

Save and close the file. Restart / reload postfix mail server:
# /etc/init.d/postfix restart

🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • raj Oct 23, 2007 @ 15:37

    plz. can any one tell me how to configure pop3 and smtp base mail server step by step i am new to it.

  • Tomas Mar 6, 2008 @ 10:08

    A little late, but in case you haven’t switched
    to exchange already:

    Really nice mailserver setup.

    A little late I know, but in case others find this post and wondering the same.

  • Rico Mar 8, 2009 @ 7:01

    This needs to be in smtpd_client_restrictions, not in smtpd_recipient_restrictions

  • BOK May 10, 2009 @ 13:56
  • Ben Jan 15, 2013 @ 18:35

    Actually, it appears that the original post is, in fact, correct. These directives should indeed be in smtpd_recipient_restrictions. The rationale is unintuitive, but take a look at the following articles: (under the heading “SMTPD RECIPIENT Restrictions”)

    “Note that all of the restrictions are in the recipient section because we like to have as much information as possible before rejecting an email. If you were to reject at smtpd_client_restrictions, then you would not be able to determine the helo, sender, and recipient information, which could help improve the filters.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @