Enable DNSBL service in Postfix to reduce spam


If you're running a high-traffic mail server, you'd better setup a local DNS server to cache DNS queries, because free RBL services like zen.spamhaus.org may improperly reply if your server exceed the DNS query limit. Also, mail service higly relies on DNS queries, so a local DNS server speeds up the mail flow.

You can enable additional DNSBL services in Postfix to reduce spam. We use zen.spamhaus.org for example below.

smtpd_recipient_restrictions =
    reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
    reject_rbl_client b.barracudacentral.org=

It must be placed after reject_unauth_destination. You can add more DNSBL services after reject_unauth_destination, and they will be queried in the specified order.

Postfix will perform DNS query against zen.spamhaus.org, and wait for the response code, only to are meaningful, so we use =127.0.0.[2..11] to tell Postfix only reject clients when we get those response code.

postscreen_dnsbl_sites =

See also