Screen with bytes of info

RSS Feed
Technology Bytes

Rejecting Spam in Postfix


No Spam Sign

     I administer an e-mail server (Postfix with Dovecot) and found that some of the e-mail addresses were getting spam more and more often.  I really don't like spam and was trying to figure out how to reduce/eliminate it.  I have SpamAssassin installed but it doesn't block known spamming clients.

     After doing some research, I found that clients can be rejected after connecting to my mail server by checking the client ip address, helo domain name, and the from e-mail domain name against a spam database.  An international organization, called "Spamhaus", runs a DNS Blackhole List (DNSBL) for IP addresses (zen.spamhaus.org) and domain names (dbl.spamhaus.org) which is basically a list of IP addresses and domain names that have been identified as used to send spam.  I found that Spamhaus provides one of several blacklists that are available.  I was excited to see that Postfix has the configuration to utilize a DNSBL.

     After looking up the configuration, I found how to add it to my configuration files.  First, to reject the client, the configuration must be specified in the smtpd_client_restrictions config key.

To reject the client if found based on:
  the connecting IP address, use reject_rbl_client zen.spamhaus.org
  the connecting declared domain name, use reject_rhsbl_client dbl.spamhaus.org
  the connecting IP address reverse domain name, use reject_rhsbl_reverse_client dbl.spamhaus.org

     For checking the domain from the FROM address, use reject_rhsbl_sender dbl.spamhaus.org and this belongs in smtpd_sender_restrictions config key.

     Remember, if a config key is listed in the Postfix master.cf using the -o override, then then changes made in the main.cf will not take effect for the processes that override it.  What I did is create a variable at the top of my main.cf called client_spam_config and set the values inside it and used the variable anywhere that smtpd_client_restrictions was used:

main.cf
-----
client_spam_config = reject_rbl_client zen.spamhaus.org, \
     reject_rhsbl_client dbl.spamhaus.org, \
     reject_rhsbl_reverse_client dbl.spamhaus.org
...
smtpd_client_restrictions = $client_spam_config


master.cf
-----
    -o smtpd_client_restrictions=$client_spam_config,...