1

I have several rbls listed in smtpd_client_restrictions, but this only checks the client IP against the RBLS. Is there any way to get postfix to check each Recieved: line against the RBL like spamassassin does?

Spamassassin tags blacklisted IPs in Received: as RCVD_IN_BL_xxx.

I'm assuming a content filter needs to be added. I could write one but would like to know if any such thing already exists.

Postfix - RBL check behind relayhost is somewhat related.

nyet
  • 131
  • 4
  • 1
    Since every header in the delivery chain before the actual host contacting your server can be forged that may not be a good approach – HBruijn Feb 21 '19 at 20:40
  • 1
    @HBruijn Do you expect forgeries intended to decrease reputation? :-) – AnFi Feb 21 '19 at 22:47

1 Answers1

1

For low load mail site I would recommend deploying spamassassin in network tests mode via milter.
It would allow you to reject message during SMTP without taking over responsibility to generate bounce messages.

Postfix supports milters like sendmail does.

Spamassassin capable milter list: https://wiki.apache.org/spamassassin/IntegratedInMta

WARNINGS:

  1. Use higher than usuall spam threshold for rejecting/bouncing messages.
  2. Some milters by default deploy spamassassin in "local tests only" mode to make scan faster.
  3. spamassassin scan in network mode may take a few seconds - it may be too long for heavy load sites
AnFi
  • 6,103
  • 1
  • 14
  • 27