I'm seeing increasing amounts of spam getting past my Postfix configuration that relies heavily on DNSBLs such as Spamhaus Zen. There is a line in main.cf under "smtpd_recipient_restrictions =" that says "reject_rbl_client zen.spamhaus.org". This is certainly having some effect as the daily mail log shows things like: "blocked using zen.spamhaus.org (top 25) (total: 628)". Typical spam that is getting through comes with an IP address that is flagged as spam by Spamhaus, but a hostname that is not flagged as spam, and is the reverse IP for the IP address for the mail connection. The hostname resolves to an IP address that is also not flagged as spam. So far as I understand Postfix configuration, this mail is getting through because the check is done on the reverse IP hostname from the connected IP address (which is a supposedly good host). To give a specific example, a warning is shown in the log "emaillerim.com does not resolve to address 185.87.123.238" and these are the hostname and IP address for the mail connection. The reverse IP for 185.87.123.238 is indeed emaillerim.com and emaillerim.com resolves to 185.86.164.196 on a DNS lookup. Neither emaillerim.com nor 185.86.164.196 are blacklisted by Spamhaus, but the actual IP for the mail connection, 185.87.123.238, is blacklisted. It seems that this combination gets past the DNSBL check. Is there a way to configure Postfix so that it will check the actual given IP address against Spamhaus? It will then be recognised as spam.
