Date: 2021jan28
OS: Linux
Q. Postfix: quick Postscreen setup
A. Postscreen is a great way to cut down on spam.
This worked for me.
In /etc/master.cf:
Comment out:
# smtp inet n - n - - smtpd
# -o parameter=value
Uncomment:
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
-o parameter=value
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
In /etc/main.cf add:
postscreen_access_list = permit_mynetworks
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2
bl.spamcop.net*1
b.barracudacentral.org*1
postscreen_dnsbl_action = enforce
postscreen_blacklist_action = enforce
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
You could actually start with no postscreen options in main.cf to be conservative
then add them slowly.
Remove any reject_rbl_client lines since they aren't necessary any more
smtpd_client_restrictions = permit_mynetworks,
...
# reject_rbl_client bl.spamcop.net,
Reload:
# postfix reload
Watch the logs, make sure mail is still flowing
More detailed description:
http://www.postfix.org/POSTSCREEN_README.html