Retrieve and format Spamhaus DROP list for use in postscreen

README.md

This script retrieves and formats the Spamhaus DROP list for use in postscreen.

Prerequisites:

• use postfix combined with postscreen;
• Perl with LWP::Simple

You could use this in your postfix configuration as follows:

postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen-access.cidr
postscreen_blacklist_action = drop

and add a crontab to run ie. every 6 hours to update the DROP list and restart postfix for the changes to take effect:

0 */6 * * * /usr/bin/perl /etc/postfix/postscreen-access-update.pl
5 */6 * * * systemctl restart postfix

An updated DROP list can help reduce requests to one or more DNSBL's and reduce load on postfix by dropping these requests before they hit the MTA for further checking.

postscreen-access-update.pl

#!/usr/bin/perl

use LWP::Simple;

# Define variables
$workdir = "/etc/postfix";
$file = "$workdir/postscreen-access.cidr";
$url = "http://www.spamhaus.org/drop/drop.lasso";
$myip4 = "x.x.x.x/32";
$myip6 = "y:y:y:y:y:y:y:y/128";

# No more editing should be necessary below unless you want to change the layout of the output

# Nicely format columns for own IPs
$length4 = 45 - length($myip4);
$filler4 = " " x $length4;
$length6 = 45 - length($myip6);
$filler6 = " " x $length6;

my $content = get $url;
die "Couldn't get $url" unless defined $content;

# Uncomment below for debugging
#print $content;

@lines = split(/\n/, $content);

open(FILE, ">$file");
print FILE "# Permit my own IP adresses\n";
print FILE $myip4 . $filler4 . "permit\n";
print FILE $myip6 . $filler6 . "permit\n";
print FILE "# spamhaus.org DROP list from http://www.spamhaus.org/drop/drop.lasso\n";

foreach $line (@lines) {
   if ($line =~ / ; /) {
      ($IP,$identifier) = split(/ ; /,$line);
      $length = 45 - length($IP);
      $filler = " " x $length;
      $string = $IP . $filler . "reject";
      print FILE "$string\n";
      }
   }
close FILE;

# EOF