---
author:
   email: [email protected]
   image: https://petermolnar.net/favicon.jpg
   name: Peter Molnar
   url: https://petermolnar.net
copies:
- http://web.archive.org/web/20120414091518/http://petermolnar.eu:80/linux-tech-coding/changing-to-policyd-weight-from-postfixs-built-in-reject_rbl_client/
lang: en
published: '2010-03-07T22:41:54+00:00'
summary: Install a weighted RBL daemon for Postfix.
tags:
- server
title: Changing to policyd-weight from postfix's built-in reject_rbl_client

---

Last week my own server - hosting some sites from old and relatively
close client - had been hijacked, and got listed on some RBL lists.

Using apache2-mpm-itk[^1] it was quite easy to trace it back, *because
the spamsender process was running with a user's id, not with simple
www-data.* Someone managed to log in with an FTP account, placed some
scripts in the www directory, and started it from a web request. The
real beauty was that the script removed itself after loading. It also
sent the mails from the domain's default name, so, unfortunately it
wasn't forged, and a lot of lists added my IP.

Using the help of mxtoolbox.com, a site for monitoring mailservers[^2],
a lot of hours and at least 10 apologizing mails I managed to remove
myself. This reminded me, that I use the same method: RBL blockings
right inside postfix's main.conf.

So if anyone got listed on one the lists I use, I reject their mail just
like it happened to me. I clearly feel now, that this is not the good
approach. So I looked for some kind of weighted possibility, like
spamassassin for spam, and I met policyd-weight. It is the perfect tool
I was looking for, and the best, Ubuntu has it as package.

``` {.bash}
apt-get install policyd-weight
```

The only thing: it does not provide a default conf file, you need to
create it with a build-in feature:

``` {.bash}
policyd-weight defaults > /etc/policyd-weight.conf
```

You also need to add it to postfix's main.conf, right into
`smtp_recipient_restrictions`

``` {.bash}
check_policy_service inet:127.0.0.1:12525,
```

You can also remove every RBL entry from here after this is enabled.

Reload postfix

``` {.bash}
/etc/init.d/postfix reload
```

and your system is ready to use policyd-weight, a lot more sophisticated
solution for RBL listings, than built-in version of postfix.

To see more, visit Ubuntu manpage of policyd-weight[^3], or the poject's
website[^4].

[^1]: <http://tech.webportfolio.hu/4/installing-apache2-mpm-itk-on-a-virtualmin-based-ubuntu-8-04/>

[^2]: <http://mxtoolbox.com>

[^3]: <http://manpages.ubuntu.com/manpages/hardy/man8/policyd-weight.8.html>

[^4]: <http://www.policyd-weight.org/>

You are viewing proxied material from petermolnar.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.