on
dns
technitium
ubuntu
- Get link
- X
- Other Apps
The postscreen_dnsbl_sites parameter can be used to check SMTP client’s IP address against public blacklists (DNSBL).
1. Edit /etc/postfix/main.cf. Adjust the dnsbl sites and thread based on your use case.
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_sites = zen.spamhaus.org,bl.mailspike.net,psbl.surriel.com
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
/etc/postfix/postscreen_access.cidr:
# Rules are evaluated in the order as specified.
# Denylist 192.168.* except 192.168.0.1.
192.168.0.1 permit
192.168.0.0/16 reject
2. Edit /etc/postfix/master.cf.
#smtp inet n - y - - smtpd
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
3. Restart postfix service.
sudo systemctl restart postfix
4. Monitor postfix log with postscreen.
Comments