Skip to main content
There are various ways to configure Postfix with Guardian Mail. The following is our preferred method. Edit /etc/postfix/main.cf Add the following in the “smtpd_recipient_restrictions” parameter. It should be placed after “reject_unauth_destination“. 
smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    # Check rDNS in domain blacklist (optional)
    reject_rhsbl_client <APIKEY>.dblack.mail.abusix.zone
    # Check HELO/EHLO in domain blacklist (optional)
    reject_rhsbl_helo <APIKEY>.dblack.mail.abusix.zone
    # Check FROM domain in blacklist (optional)
    reject_rhsbl_sender <APIKEY>.dblack.mail.abusix.zone
    # Check connecting IP in whitelist (optional)
    # permit_dnswl_client entries should be placed before any reject directives
    # that want to skip, but should always be before any reject_rbl_client
    # entries to ensure that any IP listed on the whitelist not rejected.
    permit_dnswl_client <APIKEY>.white.mail.abusix.zone
    # Reject any IP listed in the blacklist
    reject_rbl_client <APIKEY>.combined.mail.abusix.zone

rbl_reply_maps = texthash:/etc/postfix/rbl_reply_map
Replace <APIKEY> with “Your API key” from your account in app.abusix.com. Next, to prevent your API key from being leaked, create /etc/postfix/rbl_reply_map with the following: 
<APIKEY>.combined.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason}
<APIKEY>.dblack.mail.abusix.zone        $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using Guardian Mail${rbl_reason?; $rbl_reason}
Replace <APIKEY> with “Your API key” from your account in app.abusix.com. If you are using Postscreen, you can omit the “reject_rbl_client” entry and instead add: 
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply_map
postscreen_dnsbl_sites = <APIKEY>.combined.mail.abusix.zone
Replace <APIKEY> with “Your API key” from your account in app.abusix.com. Then to prevent your API key from leaking, create /etc/postfix/postscreen_dnsbl_reply_map, which should contain the following: 
<APIKEY>.combined.mail.abusix.zone                mail.abusix.zone
Replace <APIKEY> with “Your API key” from your account in app.abusix.com. Then reload Postfix to activate this configuration.