Adding a sender blacklist to Postfix

Here at ProgClub, as moderator for our mailing lists, I get a bunch of spam that I have to get rid of every day, to keep our lists sparkling and spam-free. I regularly get spam from senders from ofenews.co.uk, and I wanted to add their entire domain to a blacklist on our mail server… I hadn’t configured a Postfix blacklist before, so I did a little research and came up with this:

I created a file /etc/postfix/sender_access like this:

ofenews.co.uk REJECT

Then I created the access database:

# postmap /etc/postfix/sender_access

Then I added the sender restrictions into /etc/postfix/main.cf:

smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/sender_access

Then I restarted postfix and was done! Everything is easy when you know how.

For reference, here is the doco which I read to help me:

Binding Postfix to particular IP addresses

I had a problem where my postfix mail system wasn’t listening on its IP address 10.1.1.123 but it was listening on 127.0.0.1. I checked my firewall settings and made sure port 25 was open, but I still couldn’t connect.

I read an article, Bind Postfix Mail Server To Localhost or Specific IP Address Only, which gave me the hint I needed.

The trick was to comment out inet_interfaces in /etc/postfix/main.cf because it was specifying loopback-only which meant postfix wasn’t listening on its other IP addresses.

Configure Postfix for DNS Blackhole Lists

Followed the instructions in this article Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database to configure my Postfix email server to stop spam. I used the whole recommendation:


smtpd_recipient_restrictions =
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit

Before that my settings where:


smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination

I kept the permit_sasl_authenticated setting too.

Mailman 3.0 and Postfix Virtual Domains

Read the spec for Mailman 3.0. Looks like it will be pretty good. The feature that I’m interested in, and I’m annoyed I can’t do this with my current version of Mailman, is to be able to put a link to the web archived message in the bottom of the outgoing SMTP message. I.e. so there’s a link back to that message on the web in the message itself. Would be really handy for referencing. At the moment if I want a link I have to go to the web archive for the particular list and find it.

While I was reading the Mailman 3.0 spec I noticed a link to Postfix Virtual Domain Hosting Howto. I think I might have read (at least some of) that before. But… reading that is now definitely on my TODO list.

Configuring bind for LAN PTR records

I have a hosts file that defines IP addresses on the LAN for all of my virtual hosts. The good thing about using the LAN IP addresses for inter-host communication is that it’s free bandwidth. I had a problem with Postfix though, because Postfix does a reverse lookup on IP addresses to get the corresponding hostname, and the IP address Postfix has for local addresses is the LAN IP address, not the public IP address. The public IP addresses are configured with proper reverse DNS PTR records, but the local addresses weren’t. So I decided to fix that.

Basically I installed bind and configured it with PTR records for the 10.0.0.0/8 network. Now when Postfix asks for the RDNS of a LAN IP address it should get the corresponding hostname. I didn’t need to configure bind with zones for the local IP addresses, because those are all specified in my /etc/hosts file. At least I hope I don’t have to configure DNS zones for my local IP addresses in bind, because that’d just be a pain in the arse.

Postfix Virtual Mailboxes and Procmail Filtering

Am interested in getting procmail to work with my Postfix/Courier setup. Am using virtual domains/aliases/mailboxes stored in a MySQL database and a Maildir file system. Have only just begun my investigations. So far I’ve found: