Configure postfix with a threshold for reject_rbl_client

postfix spam
5,890

Solution 1

Upgrade your postfix version to at least 2.8, and configure postscreen.

It supports complex weighting and thresholds for individual DNSBLs

Solution 2

AFAIK what you ask is not possible with a standard postfix configuration. However, you could delegate the RBL checks to a postfix policy daemon that would do some custom checking of your own.

I'd suggest you have a look at the list of such daemons provided on the Postfix website. One of them might suit your needs. I've not used any of those but, looking at the documentation, the following seems particularly useful:

  • Gross: does RBL checks and greylisting and combine them in different ways,
  • policyd-weight: scores an incoming message depending on header contents, RBL checks and some other DNS queries, then accept or discards the message if the score is too high,
  • postfwd: does a lot more other things too (might be overkill for your needs),
Share:
5,890

Related videos on Youtube

Nic Cottrell
Author by

Nic Cottrell

I currently work at MongoDB as a Senior Engineer, helping our customers get the most out of their Big Data deployments. Previously, I worked at Transmachina AB in Sweden and France. We run the localization web service called Sprawk which runs on Java/Tomcat with a MongoDB database.

Updated on September 18, 2022

Comments

  • Nic Cottrell
    Nic Cottrell almost 2 years

    I have my postfix main.cf configured with a number of blacklists:

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client zombie.dnsbl.sorbs.net,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client multi.uribl.com,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client combined.rbl.msrbl.net

    An incoming mail was just rejected because it appeared on one of these lists (sorbs.net) but not on the others. Is it possible to configure postfix to only reject if 2 or more lists contain that IP address? I'm hoping this will remove false matches...

  • Nic Cottrell
    Nic Cottrell over 11 years
    Gosh - I'm on Centos5 still and have only 2.3.3...
  • adaptr
    adaptr over 11 years
    Postfix 2.**5** is no longer supported; 2.3 has been EOL for a few years.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Mail delivery failed for a message I didn't send
Use postfix and spamassassin packages on CentOS 6 to reject SPAM - without custom users and scripts
I can't send email from my server to gmail addresses
Multi-IP address zimbra server DNS PTR records and spam
smtpd_helo_restrictions = ..., reject_unknown_helo_hostname occasionally rejects mail I care about, how to handle?
My mail server is sending a lot of spam using my domain
Setup policyd on Zimbra 8.8.x to rate limit the number of messages each account can send with smtp-auth
Spam passing postfix config "hostname does not resolve to address: No address associated with hostname"
Why is my Zimbra mail going into the spam folder of yahoo, hotmail etc.?
Postfix Problem (helo/hostname mismatch)!