2 KiB
2 KiB
Enable DNSBL service in Postfix to reduce spam
!!! attention
If you're running a high-traffic mail server, you'd better setup a local
DNS server to cache DNS queries, because free RBL services like
`zen.spamhaus.org` may improperly reply if your server exceed the DNS
query limit. Also, mail service higly relies on DNS queries, so a local
DNS server speeds up the mail flow.
You can enable additional DNSBL services in Postfix to reduce spam. We use
zen.spamhaus.org
for example below.
- Open Postfix config file
/etc/postfix/main.cf
or/usr/local/etc/postfix/main.cf
(on FreeBSD), appendreject_rbl_client zen.spamhaus.org
to parametersmtpd_recipient_restrictions
. Final setting looks like below:
smtpd_recipient_restrictions =
...
reject_unauth_destination
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
reject_rbl_client b.barracudacentral.org=127.0.0.2
It must be placed after reject_unauth_destination
. You can add more DNSBL
services after reject_unauth_destination
, and they will be queried in the
specified order.
Postfix will perform DNS query against zen.spamhaus.org
, and wait for the
response code, only 127.0.0.2
to 127.0.0.11
are meaningful, so we use
=127.0.0.[2..11]
to tell Postfix only reject clients when we get those
response code.
- If you have postscreen service enabled, you should add DNSBL services for
postscreen service instead, so please don't use any
reject_rbl_client
insmtpd_recipient_restrictions
parameter, but use below one instead:
postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2..11]*3
b.barracudacentral.org=127.0.0.2*2
- Restart or reload Postfix service is required.