Popular topics: Spam blocklist Abuse Contact ValidationPolicy blocklistWelcome listPotentially compromised accountsCombined blocklistDomain blocklistExploit blocklistRspamdWhat is XARF?

Postfix

How to configure Postfix to use Abusix Mail Intelligence

Instructions

There are various ways to configure Postfix and this is our preferred method.

Edit /etc/postfix/main.cf 

Add the following in the "smtpd_recipient_restrictions" parameter. It should be placed after "reject_unauth_destination".

For example:

smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    # Check rDNS in domain blacklist (optional)
    reject_rhsbl_client APIKEY.dblack.mail.abusix.zone
    # Check HELO/EHLO in domain blacklist (optional)
    reject_rhsbl_helo APIKEY.dblack.mail.abusix.zone
    # Check FROM domain in blacklist (optional)
    reject_rhsbl_sender APIKEY.dblack.mail.abusix.zone
    # Check connecting IP in whitelist (optional)
    # permit_dnswl_client entries should be placed before any reject directives
    # that want to skip, but should always be before any reject_rbl_client
    # entries to ensure that any IP listed on the whitelist not rejected.
    permit_dnswl_client APIKEY.white.mail.abusix.zone
    # Reject any IP listed in the blacklist
    reject_rbl_client APIKEY.combined.mail.abusix.zone

rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map

Where APIKEY is replaced with the key from your Dashboard.

Next, to prevent your APIKEY from being leaked. Create /etc/postfix/rbl_reply_map with the following:

APIKEY.combined.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}
APIKEY.dblack.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Abusix Mail Intelligence${rbl_reason?; $rbl_reason}


If you are using Postscreen then you can omit the "reject_rbl_client" entry and instead add:

postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = APIKEY.combined.mail.abusix.zone

Then to prevent your APIKEY from leaking, create /etc/postfix/postscreen_dnsbl_reply_map which should contain the following:

APIKEY.combined.mail.abusix.zone                mail.abusix.zone


Then reload Postfix to activate this configuration.

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support