Last week my own server - hosting some sites from old and relatively close client - had been hijacked, and got listed on some RBL lists.
Using apache2-mpm-itk1 it was quite easy to trace it back, because the spamsender process was running with a user's id, not with simple www-data. Someone managed to log in with an FTP account, placed some scripts in the www directory, and started it from a web request. The real beauty was that the script removed itself after loading. It also sent the mails from the domain's default name, so, unfortunately it wasn't forged, and a lot of lists added my IP.
Using the help of mxtoolbox.com, a site for monitoring mailservers2, a lot of hours and at least 10 apologizing mails I managed to remove myself. This reminded me, that I use the same method: RBL blockings right inside postfix's main.conf.
So if anyone got listed on one the lists I use, I reject their mail just like it happened to me. I clearly feel now, that this is not the good approach. So I looked for some kind of weighted possibility, like spamassassin for spam, and I met policyd-weight. It is the perfect tool I was looking for, and the best, Ubuntu has it as package.
apt-get install policyd-weightThe only thing: it does not provide a default conf file, you need to create it with a build-in feature:
policyd-weight defaults > /etc/policyd-weight.confYou also need to add it to postfix's main.conf, right into
smtp_recipient_restrictions
check_policy_service inet:127.0.0.1:12525,You can also remove every RBL entry from here after this is enabled.
Reload postfix
/etc/init.d/postfix reloadand your system is ready to use policyd-weight, a lot more sophisticated solution for RBL listings, than built-in version of postfix.
To see more, visit Ubuntu manpage of policyd-weight3, or the poject's website4.
(Oh, by the way: this entry was written by Peter Molnar, and originally posted on petermolnar dot net.)
