How to use RBL(Real-time Blackhole List) to block spam in Postfix

If you host your own mail server, you may find that it is bombarded with spam throughout the day.

There are various methods to block or mark spam, depending on your strategy. One of the more radical approaches is to use RBL to reject spam.

RBL stands for Real-time Blackhole List, Real-time Blacklist, or Real-time block list. It's a list of IP addresses reported as spammy. RBL services are typically implemented using the Domain Name System, which is why it is also known as a Domain Name System-based Blackhole List.

When configured to use RBL, the mail service checks whether the host address of the mail sender is on the blacklist by sending a query request to the RBL service provider. The mail server will reject the message if the sender's host is blacklisted.

Enabling RBL checking in postfix is a simple process that involves the following steps:

1. Open /etc/postfix/main.cf, find the 'smtpd_recipient_restrictions'  sections,  and add the following code:  

   reject_rbl_client bl.spamcop.net,    reject_rbl_client cbl.abuseat.org,    reject_rbl_client dnsbl.sorbs.net,    reject_rbl_client zen.spamhaus.org

   Note: 'reject_rbl_client ' should be added rather than replacing the current options. The edited code should look like this:

   smtpd_recipient_restrictions =     permit_mynetworks,   permit_sasl_authenticated,   reject_unauth_destination,   check_policy_service unix:private/policy,         .....   reject_rbl_client bl.spamcop.net,   reject_rbl_client cbl.abuseat.org,   reject_rbl_client dnsbl.sorbs.net,   reject_rbl_client zen.spamhaus.org

2. Save and close the file.

3. Reload postfix:

   # postfix reload

After completing the above steps, when mail arrives, postfix will send a query request to the service provider (such as bl.spamcop.net) in the above order. If the sender's host address is listed in the service provider's blacklist, postfix will reject the mail.

Enabling RBL can block a lot of spam, but there is a possibility that some non-spam emails may also be rejected. Therefore, it is necessary to run some tests to ensure that you can receive emails from your customers. If your customer's IP address is on an RBL provider's blocklist, you can comment them out.

Additionally, you can use fail2ban to add the rejected sender's IP address to the system firewall. This will prevent spammers from connecting to the mail server and reduce the use of system resources.