Changing to policyd-weight from postfix's built-in reject_rbl_client

Licenced under CC-BY-4.0, created by Peter Molnar (), published at to canonical URL with keywords #mailserver #postfix #RBL #security

Install a weighted RBL daemon for Postfix.

Last week my own server - hosting some sites from old and relatively close client - had been hijacked, and got listed on some RBL lists.

Using apache2-mpm-itk1 it was quite easy to trace it back, because the spamsender process was running with a user’s id, not with simple www-data. Someone managed to log in with an FTP account, placed some scripts in the www directory, and started it from a web request. The real beauty was that the script removed itself after loading. It also sent the mails from the domain’s default name, so, unfortunately it wasn’t forged, and a lot of lists added my IP.

Using the help of, a site for monitoring mailservers2, a lot of hours and at least 10 apologizing mails I managed to remove myself. This reminded me, that I use the same method: RBL blockings right inside postfix’s main.conf.

So if anyone got listed on one the lists I use, I reject their mail just like it happened to me. I clearly feel now, that this is not the good approach. So I looked for some kind of weighted possibility, like spamassassin for spam, and I met policyd-weight. It is the perfect tool I was looking for, and the best, Ubuntu has it as package.

apt-get install policyd-weight

The only thing: it does not provide a default conf file, you need to create it with a build-in feature:

policyd-weight defaults > /etc/policyd-weight.conf

You also need to add it to postfix’s main.conf, right into smtp_recipient_restrictions

check_policy_service inet:,

You can also remove every RBL entry from here after this is enabled.

Reload postfix

/etc/init.d/postfix reload

and your system is ready to use policyd-weight, a lot more sophisticated solution for RBL listings, than built-in version of postfix.

To see more, visit Ubuntu manpage of policyd-weight3, or the poject’s website4.