> reject_rhsbl_helo dbl.spamhaus.org, > reject_rhsbl_reverse_client dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, > reject_rbl_client zen.spamhaus.org > --8<-------------------------------------------------------- >
Bear in mind that whilst Spamhaus is great, to get the most out of it, you also need to use Spamassassin alongside any early-filtering you might be doing with Postfix. This is especially the case if you are a subscriber and you want to make more extensive use of their content, as well as new innovations such as the Spamhaus HBL which is likely not usable from Postfix. See: - https://docs.spamhaustech.com/datasets/docs/source/40-real-world-usage/SpamAssassin/000-intro.html - https://github.com/spamhaus/spamassassin-dqs - If you are a subscriber, also look at the manuals in the portal Regarding your Postfix Spamhaus settings, you might want to add it under smtpd_client_restrictions and postscreen_dnsbl_sites. For example (N.B. this is a snippet from one of our sites, its not necessarily a Spamhaus recommended config, you can look on the subscriber portal for the detail on current recommended Postfix configs with Spamhaus) : smtpd_recipient_restrictions = permit_mynetworks,${indexed}custom_reject,reject_unauth_destination, reject_rhsbl_sender <OBFUSCATED>.dbl.dq.spamhaus.net=127.0.1.[2;4;5;6], reject_rhsbl_helo <OBFUSCATED>.dbl.dq.spamhaus.net=127.0.1.[2;4;5;6], reject_rhsbl_reverse_client <OBFUSCATED>.dbl.dq.spamhaus.net=127.0.1.[2;4;5;6], reject_rhsbl_sender <OBFUSCATED>.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_helo <OBFUSCATED>.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rhsbl_reverse_client <OBFUSCATED>.zrd.dq.spamhaus.net=127.0.2.[2..24], reject_rbl_client <OBFUSCATED>.zen.dq.spamhaus.net=127.0.0.[2;3;4..7;10;11] smtpd_client_restrictions = reject_rbl_client <OBFUSCATED>.zen.dq.spamhaus.net postscreen_dnsbl_sites = <OBFUSCATED>.zen.dq.spamhaus.net=127.0.0.[2;3;4..7;10;11]