Spam bypassing DNSBL in Postfix

Discussion in 'Server Operation' started by counterpoint, Jul 19, 2016.

  1. counterpoint

    counterpoint New Member

    I'm seeing increasing amounts of spam getting past my Postfix configuration that relies heavily on DNSBLs such as Spamhaus Zen.

    There is a line in under "smtpd_recipient_restrictions =" that says "reject_rbl_client". This is certainly having some effect as the daily mail log shows things like: "blocked using (top 25) (total: 628)".

    Typical spam that is getting through comes with an IP address that is flagged as spam by Spamhaus, but a hostname that is not flagged as spam, and is the reverse IP for the IP address for the mail connection. The hostname resolves to an IP address that is also not flagged as spam. So far as I understand Postfix configuration, this mail is getting through because the check is done on the reverse IP hostname from the connected IP address (which is a supposedly good host). To give a specific example, a warning is shown in the log " does not resolve to address" and these are the hostname and IP address for the mail connection. The reverse IP for is indeed and resolves to on a DNS lookup. Neither nor are blacklisted by Spamhaus, but the actual IP for the mail connection,, is blacklisted. It seems that this combination gets past the DNSBL check.

    Is there a way to configure Postfix so that it will check the actual given IP address against Spamhaus? It will then be recognised as spam.

Share This Page