I administer an e-mail server (Postfix with Dovecot) and found that some of the e-mail addresses were getting spam more and more often. I really don't like spam and was trying to figure out how to reduce/eliminate it. I have SpamAssassin installed but it doesn't block known spamming clients.
After doing some research, I found that clients can be rejected after connecting to my mail server by checking the client ip address, helo domain name, and the from e-mail domain name against a spam database. An international organization, called "Spamhaus", runs a DNS Blackhole List (DNSBL) for IP addresses (zen.spamhaus.org) and domain names (dbl.spamhaus.org) which is basically a list of IP addresses and domain names that have been identified as used to send spam. I found that Spamhaus provides one of several blacklists that are available. I was excited to see that Postfix has the configuration to utilize a DNSBL.
After looking up the configuration, I found how to add it to my configuration files. First, to reject the client, the configuration must be specified in the
To reject the client if found based on:
the connecting IP address, use
the connecting declared domain name, use
the connecting IP address reverse domain name, use
For checking the domain from the FROM address, use
reject_rhsbl_sender dbl.spamhaus.organd this belongs in
Remember, if a config key is listed in the Postfix master.cf using the -o override, then then changes made in the main.cf will not take effect for the processes that override it. What I did is create a variable at the top of my main.cf called
client_spam_configand set the values inside it and used the variable anywhere that
client_spam_config = reject_rbl_client zen.spamhaus.org, \
reject_rhsbl_client dbl.spamhaus.org, \
smtpd_client_restrictions = $client_spam_config