Postfix
There are various ways to configure Postfix with Guardian Mail. The following is our preferred method.
Edit /etc/postfix/main.cf
Add the following in the “smtpd_recipient_restrictions” parameter. It should be placed after “reject_unauth_destination“.
smtpd_recipient_restrictions = ... reject_unauth_destination # Check rDNS in domain blacklist (optional) reject_rhsbl_client <APIKEY>.dblack.mail.abusix.zone # Check HELO/EHLO in domain blacklist (optional) reject_rhsbl_helo <APIKEY>.dblack.mail.abusix.zone # Check FROM domain in blacklist (optional) reject_rhsbl_sender <APIKEY>.dblack.mail.abusix.zone # Check connecting IP in whitelist (optional) # permit_dnswl_client entries should be placed before any reject directives # that want to skip, but should always be before any reject_rbl_client # entries to ensure that any IP listed on the whitelist not rejected. permit_dnswl_client <APIKEY>.white.mail.abusix.zone # Reject any IP listed in the blacklist reject_rbl_client <APIKEY>.combined.mail.abusix.zone rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map
Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Next, to prevent your API key from being leaked, create /etc/postfix/rbl_reply_map with the following:
<APIKEY>.combined.mail.abusix.zone $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason} <APIKEY>.dblack.mail.abusix.zone $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason}
Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
If you are using Postscreen, you can omit the “reject_rbl_client” entry and instead add:
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map postscreen_dnsbl_sites = <APIKEY>.combined.mail.abusix.zone
Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then to prevent your API key from leaking, create /etc/postfix/postscreen_dnsbl_reply_map, which should contain the following:
<APIKEY>.combined.mail.abusix.zone mail.abusix.zone
Replace <APIKEY> with “Your API key” from your account in app.abusix.com.
Then reload Postfix to activate this configuration.