Last week my own server - hosting some sites from old and relatively close client - had been hijacked, and got listed on some RBL lists.
Using apache2-mpm-itk1 it was quite easy to trace it back, because the spamsender process was running with a user's id, not with simple www-data. Someone managed to log in with an FTP account, placed some scripts in the www directory, and started it from a web request. The real beauty was that the script removed itself after loading. It also sent the mails from the domain's default name, so, unfortunately it wasn't forged, and a lot of lists added my IP.
Using the help of mxtoolbox.com, a site for monitoring mailservers2, a lot of hours and at least 10 apologizing mails I managed to remove myself. This reminded me, that I use the same method: RBL blockings right inside postfix's main.conf.
So if anyone got listed on one the lists I use, I reject their mail just like it happened to me. I clearly feel now, that this is not the good approach. So I looked for some kind of weighted possibility, like spamassassin for spam, and I met policyd-weight. It is the perfect tool I was looking for, and the best, Ubuntu has it as package.
apt-get install policyd-weight
The only thing: it does not provide a default conf file, you need to create it with a build-in feature:
policyd-weight defaults > /etc/policyd-weight.conf
You also need to add it to postfix's main.conf, right into
You can also remove every RBL entry from here after this is enabled.
and your system is ready to use policyd-weight, a lot more sophisticated solution for RBL listings, than built-in version of postfix.