From 0d8f2910abf57f0be331f4f9abf6ae91a392668e Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 29 Apr 2021 18:54:10 +0200
Subject: [PATCH] install_postfix_advanced.sh: some more spam protections..

---
 install_postfix_advanced.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh
index b265da4..098ca40 100755
--- a/install_postfix_advanced.sh
+++ b/install_postfix_advanced.sh
@@ -1647,6 +1647,23 @@ smtpd_client_restrictions =
    #
    permit_dnswl_client dnswl.oopen.de,
    # Blacklists
+   # 
+   #   - rhs stands for right hand side, i.e, the domain name.
+   #
+   #   - reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted.
+   #
+   #   - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is 
+   #     blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is 
+   #     blacklisted, reject the email.
+   #
+   #   -  reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted.
+   #
+   #   - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted, 
+   #     reject the email.
+   #
+   reject_rhsbl_helo dbl.spamhaus.org,
+   reject_rhsbl_reverse_client dbl.spamhaus.org,
+   reject_rhsbl_sender dbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client ix.dnsbl.manitu.net,
    # Greylisting check
@@ -1714,6 +1731,7 @@ smtpd_sender_restrictions =
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_non_fqdn_sender
+   reject_unknown_reverse_client_hostname
 
 
 ## ---