> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abusix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Postfix

There are various ways to configure Postfix with Guardian Mail. The following is our preferred method.

Edit */etc/postfix/*[*main.cf*](http://main.cf)

Add the following in the “*smtpd\_recipient\_restrictions*” parameter. It should be placed after “*reject\_unauth\_destination*“.

```
smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    # Check rDNS in domain blacklist (optional)
    reject_rhsbl_client <APIKEY>.dblack.mail.abusix.zone
    # Check HELO/EHLO in domain blacklist (optional)
    reject_rhsbl_helo <APIKEY>.dblack.mail.abusix.zone
    # Check FROM domain in blacklist (optional)
    reject_rhsbl_sender <APIKEY>.dblack.mail.abusix.zone
    # Check connecting IP in whitelist (optional)
    # permit_dnswl_client entries should be placed before any reject directives
    # that want to skip, but should always be before any reject_rbl_client
    # entries to ensure that any IP listed on the whitelist not rejected.
    permit_dnswl_client <APIKEY>.white.mail.abusix.zone
    # Reject any IP listed in the blacklist
    reject_rbl_client <APIKEY>.combined.mail.abusix.zone

rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map
```

Replace \<APIKEY> with “**Your API key”** from your account in [app.abusix.com](http://app.abusix.com).

Next, to prevent your API key from being leaked, create */etc/postfix/rbl\_reply\_map* with the following:

```
<APIKEY>.combined.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason}
<APIKEY>.dblack.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason}
```

Replace \<APIKEY> with “**Your API key”** from your account in [app.abusix.com](http://app.abusix.com).

If you are using **Postscreen,** you can omit the “*reject\_rbl\_client*” entry and instead add:

```
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = <APIKEY>.combined.mail.abusix.zone
```

Replace \<APIKEY> with “**Your API key”** from your account in [app.abusix.com](http://app.abusix.com).

Then to prevent your API key from leaking, create */etc/postfix/postscreen\_dnsbl\_reply\_map,* which should contain the following:

```
<APIKEY>.combined.mail.abusix.zone                mail.abusix.zone
```

Replace \<APIKEY> with “**Your API key”** from your account in [app.abusix.com](http://app.abusix.com).

Then reload Postfix to activate this configuration.