Skip to content

Instantly share code, notes, and snippets.

@farrokhi
Last active July 22, 2021 04:07
Show Gist options
  • Save farrokhi/e27dfd5a09920f042664 to your computer and use it in GitHub Desktop.
Save farrokhi/e27dfd5a09920f042664 to your computer and use it in GitHub Desktop.
Current Effective RBL Setup for Postfix

Current Effective RBL Setup for Postfix

main.cf:

    smtpd_recipient_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_non_fqdn_hostname,
      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      reject_unauth_destination,
      reject_unauth_pipelining,
      reject_invalid_hostname,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client cbl.abuseat.org,
      reject_rbl_client dnsbl.sorbs.net,
      reject_rbl_client zen.spamhaus.org
@amroot
Copy link

amroot commented Sep 27, 2018

@farrokhi Just FYI, I think cbl.abuseat.org is included in zen.spamhaus.org.

@siniztr and @tuaris, I could be wrong but I believe that's only for commercial and high volume usage.
Reference: https://www.spamhaus.org/organization/dnsblusage/
Signup if necessary: https://www.spamhaustech.com

Note, that some of my test servers use Zen without any signup.

@diraven
Copy link

diraven commented Oct 1, 2018

Read here about zen and it's free usage requirements: https://www.spamhaus.org/zen/

@xpufx
Copy link

xpufx commented Mar 4, 2020

Isn't it better to use postscreen and take care of the RBL stuff there?

@tuaris
Copy link

tuaris commented Sep 12, 2020

I'm not sure if this is done with Postfix, but I would like to see if its possible (when using dovecot) to have postfix deliver mail from blocked hosts to a junk/spam folder.

@oktayaa the postscreen thing looks interesting. Is their an example setup to look at?

@xpufx
Copy link

xpufx commented Sep 12, 2020

@tuaris I believe I used this as a reference. It also has a link to the documentation you need at the top.
http://rob0.nodns4.us/postscreen.html

@raforg
Copy link

raforg commented Jul 22, 2021

cbl.abuseat.org should be removed. If it still works at all, it's a subset of zen.spamhaus.org, so it's a wasteful DNS lookup. See https://www.abuseat.org/cutover.html for details.

Also, for postscren documentation, see http://www.postfix.org/POSTSCREEN_README.html (or http://www.postfix.org/POSTSCREEN_3_5_README.html for older versions).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment