Date: 2021jan28 Update: 2022nov10 OS: Linux Q. Postfix: quick Postscreen setup A. Postscreen is a great way to cut down on spam. This worked for me. In /etc/postfix/master.cf: Comment out:

# smtp inet n - n - - smtpd # -o parameter=value

Uncomment:

smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd -o parameter=value dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy

In /etc/postfix/main.cf add:

postscreen_access_list = permit_mynetworks postscreen_dnsbl_threshold = 3

postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*2 psbl.surriel.com*1 bl.spameatingmonkey.net*2 list.dnswl.org*-3

postscreen_dnsbl_action = enforce postscreen_blacklist_action = enforce postscreen_greet_action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce

You could actually start with no postscreen options in main.cf to be conservative then add them slowly. If you want you can remove reject_rbl_client lines from main.cf since, in theory, they aren't needed any more.

smtpd_client_restrictions = permit_mynetworks, ... # reject_rbl_client bl.spamcop.net,

Reload:

# postfix reload

Watch the logs, make sure mail is still flowing More detailed description: http://www.postfix.org/POSTSCREEN_README.html