main.cf:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org
Read here about zen and it's free usage requirements: https://www.spamhaus.org/zen/
Isn't it better to use postscreen and take care of the RBL stuff there?
I'm not sure if this is done with Postfix, but I would like to see if its possible (when using dovecot) to have postfix deliver mail from blocked hosts to a junk/spam folder.
@oktayaa the postscreen thing looks interesting. Is their an example setup to look at?
@tuaris I believe I used this as a reference. It also has a link to the documentation you need at the top.
http://rob0.nodns4.us/postscreen.html
cbl.abuseat.org should be removed. If it still works at all, it's a subset of zen.spamhaus.org, so it's a wasteful DNS lookup. See https://www.abuseat.org/cutover.html for details.
Also, for postscren documentation, see http://www.postfix.org/POSTSCREEN_README.html (or http://www.postfix.org/POSTSCREEN_3_5_README.html for older versions).
@farrokhi Just FYI, I think cbl.abuseat.org is included in zen.spamhaus.org.
@siniztr and @tuaris, I could be wrong but I believe that's only for commercial and high volume usage.
Reference: https://www.spamhaus.org/organization/dnsblusage/
Signup if necessary: https://www.spamhaustech.com
Note, that some of my test servers use Zen without any signup.