2015-03-13 22:34:58 -06:00
|
|
|
# Enable DNSBL service in Postfix to reduce spam
|
|
|
|
|
2016-07-13 21:16:16 -05:00
|
|
|
!!! attention
|
2016-03-14 08:24:40 -06:00
|
|
|
|
|
|
|
If you're running a high-traffic mail server, you'd better setup a local
|
|
|
|
DNS server to cache DNS queries, because free RBL services like
|
|
|
|
`zen.spamhaus.org` may improperly reply if your server exceed the DNS
|
|
|
|
query limit. Also, mail service higly relies on DNS queries, so a local
|
|
|
|
DNS server speeds up the mail flow.
|
2015-06-13 11:07:45 -05:00
|
|
|
|
2015-03-13 22:34:58 -06:00
|
|
|
You can enable additional DNSBL services in Postfix to reduce spam. We use
|
|
|
|
`zen.spamhaus.org` for example below.
|
|
|
|
|
|
|
|
* Open Postfix config file `/etc/postfix/main.cf` or
|
2017-02-09 02:39:49 -06:00
|
|
|
`/usr/local/etc/postfix/main.cf` (on FreeBSD), append
|
|
|
|
`reject_rbl_client zen.spamhaus.org` to parameter `smtpd_recipient_restrictions`.
|
|
|
|
Final setting looks like below:
|
2015-03-13 22:34:58 -06:00
|
|
|
|
|
|
|
```
|
2016-03-02 10:08:29 -06:00
|
|
|
smtpd_recipient_restrictions =
|
|
|
|
...
|
|
|
|
reject_unauth_destination
|
2017-02-09 02:39:49 -06:00
|
|
|
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]*3
|
2015-03-13 22:34:58 -06:00
|
|
|
```
|
|
|
|
|
|
|
|
It must be placed after `reject_unauth_destination`. You can add more DNSBL
|
|
|
|
services after `reject_unauth_destination`, and they will be queried in the
|
|
|
|
specified order.
|
|
|
|
|
2017-02-09 02:39:49 -06:00
|
|
|
Postfix will perform DNS query against `zen.spamhaus.org`, and wait for the
|
|
|
|
response code, only `127.0.0.2` to `127.0.0.11` are meaningful, so we use
|
|
|
|
`=127.0.0.[2..11]` to tell Postfix only reject clients when we get those
|
|
|
|
response code.
|
|
|
|
|
2015-03-13 22:34:58 -06:00
|
|
|
* Restart or reload Postfix service is required.
|
|
|
|
|
2016-03-02 10:08:29 -06:00
|
|
|
!!! note "Another popular DNSBL server"
|
|
|
|
|
|
|
|
Another popular DNSBL server address is `b.barracudacentral.org`. For more
|
|
|
|
details, please read its web site:
|
|
|
|
[Barracuda Reputation Block List (BRBL)](http://www.barracudacentral.org/rbl)
|
|
|
|
|
2015-08-17 22:40:44 -05:00
|
|
|
## See also
|
|
|
|
|
|
|
|
* [Enable postscreen service](./enable.postscreen.html)
|
|
|
|
|
2015-03-13 22:34:58 -06:00
|
|
|
## References
|
|
|
|
|
2015-03-13 23:03:38 -06:00
|
|
|
* [Postfix Configuration Parameters: reject_rbl_client](http://www.postfix.org/postconf.5.html#reject_rbl_client)
|
2015-03-13 22:34:58 -06:00
|
|
|
* [Spamhaus website](http://www.spamhaus.org)
|
|
|
|
|
|
|
|
* [Spamhaus DNSBL Usage Terms](https://www.spamhaus.org/organization/dnsblusage/)
|