Postfix: Using RBL to block spam
I am using two servers (FreeBSD and Linux) as mail servers running postfix. They are running now for some years without any problem.
I was always thinking of setting up spam blocking and antivirus solutions on postfix, but most solutions were not the thing I really wanted. Most of the blocking solutions were not reliable enough to be implemented in a production environment. Losing even one email by mistake may cause serious troubles for my organization. It was why I did not implement one of those available softwares.
But with Postfix you can easily block emails coming from open-relays. The implementation in postfix is easy and very accurate. It has blocked 90% of spams on our network!
The trick is using Postfix’s internal UCE handling mechanism.
Jim Seymour’s page on Postfix anti-UCE is a valuable resourse in this way.
You only need to add some lines to your main.cf file and postfix checks all incoming connections against RBL servers:
smtpd_recipient_restrictions =
reject_rbl_client relays.ordb.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client proxies.relays.monkeys.com
reject_rbl_client opm.blitzed.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client blackholes.wirehub.net
reject_rbl_client list.dsbl.org
permit_mynetworks
check_sender_access hash:/usr/local/etc/postfix/sender_access
reject_unauth_destination
Done. You are now protected against 90% of spams. But don’t forget Jim Seymour’s advice:
Think about your use of DNSbl’s carefully. If you use a DNSbl to block/reject email, you are effectively giving some outside party control over your mail server. This is not *necessarily* a Bad Thing–it’s just something to keep in mind. Choose wisely.
Here is also the list of servers that I am using happily:
relays.ordb.org
sbl.spamhaus.org
proxies.relays.monkeys.com
opm.blitzed.org
dnsbl.njabl.org
blackholes.wirehub.net
list.dsbl.org
Good luck blocking spam in your network!
