---
author:
email:
[email protected]
image:
https://petermolnar.net/favicon.jpg
name: Peter Molnar
url:
https://petermolnar.net
copies:
-
http://web.archive.org/web/20120414091518/http://petermolnar.eu:80/linux-tech-coding/changing-to-policyd-weight-from-postfixs-built-in-reject_rbl_client/
lang: en
published: '2010-03-07T22:41:54+00:00'
summary: Install a weighted RBL daemon for Postfix.
tags:
- server
title: Changing to policyd-weight from postfix's built-in reject_rbl_client
---
Last week my own server - hosting some sites from old and relatively
close client - had been hijacked, and got listed on some RBL lists.
Using apache2-mpm-itk[^1] it was quite easy to trace it back, *because
the spamsender process was running with a user's id, not with simple
www-data.* Someone managed to log in with an FTP account, placed some
scripts in the www directory, and started it from a web request. The
real beauty was that the script removed itself after loading. It also
sent the mails from the domain's default name, so, unfortunately it
wasn't forged, and a lot of lists added my IP.
Using the help of mxtoolbox.com, a site for monitoring mailservers[^2],
a lot of hours and at least 10 apologizing mails I managed to remove
myself. This reminded me, that I use the same method: RBL blockings
right inside postfix's main.conf.
So if anyone got listed on one the lists I use, I reject their mail just
like it happened to me. I clearly feel now, that this is not the good
approach. So I looked for some kind of weighted possibility, like
spamassassin for spam, and I met policyd-weight. It is the perfect tool
I was looking for, and the best, Ubuntu has it as package.
``` {.bash}
apt-get install policyd-weight
```
The only thing: it does not provide a default conf file, you need to
create it with a build-in feature:
``` {.bash}
policyd-weight defaults > /etc/policyd-weight.conf
```
You also need to add it to postfix's main.conf, right into
`smtp_recipient_restrictions`
``` {.bash}
check_policy_service inet:127.0.0.1:12525,
```
You can also remove every RBL entry from here after this is enabled.
Reload postfix
``` {.bash}
/etc/init.d/postfix reload
```
and your system is ready to use policyd-weight, a lot more sophisticated
solution for RBL listings, than built-in version of postfix.
To see more, visit Ubuntu manpage of policyd-weight[^3], or the poject's
website[^4].
[^1]: <
http://tech.webportfolio.hu/4/installing-apache2-mpm-itk-on-a-virtualmin-based-ubuntu-8-04/>
[^2]: <
http://mxtoolbox.com>
[^3]: <
http://manpages.ubuntu.com/manpages/hardy/man8/policyd-weight.8.html>
[^4]: <
http://www.policyd-weight.org/>