Cart

/ Domain name

/ Hosting & Email

/ Your .CO.UK domain
for only £ 4.99**

Get started with your own domain names

Register now

/ Virtual Servers

/ Software

/ Networking

/ Storage

/ TransIP

/ Other

/ Latest news

Launch of new Big Storage platform

Read more
Need help?
Cart Control panel

    Sorry, we could not find any results for your search querry.

    Home VPS Configure your VPS Email Blacklist control and advanced anti-spam for Postfix

    Blacklist control and advanced anti-spam for Postfix

    Spammers often use specific tricks to send spam, such as domain names that cannot exist, fixed IPs from which spam is sent, etc. In this article, we show how to let Postfix perform checks on commonly used spam techniques and use blacklists and whitelists. You can choose from public blacklists or manually create your own black- or whitelist.

    With a public blacklist check, the sender's IP address is checked against the blacklist. With a manual blacklist, the blacklist can be set based on IP address or domain. If a sender is on the blacklist, the emails are blocked using the steps in this article.

    php


     

    Public Blacklists & Advanced Spam Control

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.

     

    Step 2

    Open the configuration of Postfix:

    nano /etc/postfix/main.cf

     

    Step 3

    Search for 'smtpd_recipient_restrictions' (with ctrlshift_ followed by v). Adjust the code so that it looks like the example below.

    smtpd_recipient_restrictions = 
    permit_mynetworks,
    reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net

    Explanation

    php

    • reject_rhsbl_helo: Postfix checks if the client or hostname HELO is blacklisted at Spamhaus. 
       
    • reject_rhsbl_sender: Postfix rejects email if the MAIL FROM domain is blacklisted at Spamhaus. 
       
    • reject_rbl_client: Checks if the client's IP address is blacklisted at Spamhaus or Spamcop.

    If any of the above conditions are met, the email is blocked.

    Optionally, you can expand this with the following lines, see the explanation below.

    smtpd_recipient_restrictions = 
    permit_mynetworks,
    reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_unauth_pipelining,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain

    Explanation

    less

    • reject_unauth_pipelining: Postfix supports a technique known as pipelining that speeds up the mass delivery of email by sending multiple smtp commands at once. The protocol requires clients to first check if the server supports pipelining. Many spammers send a series of commands without waiting for authorization to deliver their messages as quickly as possible. reject_unauth_pipelining blocks email from bulk mail software that wrongly uses pipelining to speed up deliveries. 
       
    • reject_non_fqdn_recipient: Checks if the email address contains a domain name (e.g., mail@example instead of mail@example.com). If not, the email is rejected. 
       
    • reject_unknown_recipient_domain: If an email is sent to a domain that you do not process mail for on your server, the email is rejected.

    Save your changes and close the file (ctrl + x > y > enter).

     

    Step 4

    Finally, restart Postfix to process the changes:

    systemctl restart postfix

    Incoming mail is now automatically scanned to check if the sender is on a blacklist.


     

    Manual Blacklist / Whitelist

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.

     

    Step 2

    Open the configuration of Postfix:

    nano /etc/postfix/main.cf

     

    Step 3

    Search for 'smtpd_recipient_restrictions' (with ctrlshift_ followed by v) and add the following line:

    check_sender_access
      hash:/etc/postfix/sender_access,

    If you have completed the previous steps in this article, the smtp_recipient_restrictions now look like this:

    smtpd_recipient_restrictions =
    permit_mynetworks,
    check_sender_access
          hash:/etc/postfix/sender_access,
    reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_unauth_pipelining,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain

    This indicates that the postfix black- and whitelist should be checked in the file /etc/postfix/sender_access.

    Save your changes and close the file (ctrl + x > y > enter).

     

    Step 4

    Open or create the new blacklist/whitelist file:

    nano /etc/postfix/sender_access

     

    Step 5

    Give the file the following content, where you indicate domains / (parts of) email addresses that you whitelist with 'OK' and blacklist with 'REJECT'.

    # /etc/postfix/sender_access
#
# Black/Whitelist for senders matching the 'MAIL FROM' field. Examples...
#
myfriend@example.com    OK
junk@spam.com           REJECT
marketing@              REJECT
theboss@                OK
deals.marketing.com     REJECT
somedomain.com          OK

    Save your changes and close the file (ctrl + x > y > enter).

     

    Step 7

    Finally, restart Postfix to process the changes:

    systemctl restart postfix

    Incoming mail is now automatically scanned to check if the sender is on your own blacklist.

     

    With that, we have come to the end of this guide on blacklist control in Postfix. If you have any questions based on this guide, do not hesitate to contact our support department. You can reach them via the 'Contact us' button at the bottom of this page.

    Was this article helpful?


    Provide feedback about this article

    Need help?

    Receive personal support from our supporters

    Contact us