1 Topic by juanpablopwr

  • juanpablopwr
  • Member
  • Offline
  • Registered: 2014-04-25
  • Posts: 34

Topic: RBL/SPF/DKIM/DMARC Check SMTP

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail    1.7.4 - iRedAdmin-Pro 5.7.1
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Debian 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I’m looking for my mail server to check RBL lists and SPF/DKIM/DMARC records whenever emails are sent to any of my domains, in order to filter out spam and junk mail. Is it possible to do this with the current system?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by dave.opc

  • dave.opc
  • Member
  • Offline
  • Registered: 2019-07-08
  • Posts: 109

Re: RBL/SPF/DKIM/DMARC Check SMTP

Of course mail server checks all those records.
The only thing for me was not working is checking spamhouse db, but after i manually assigned ip/dns settings in ubuntu, all started working

3 Reply by juanpablopwr (edited by juanpablopwr 2025-09-06 20:04:37)

  • juanpablopwr
  • Member
  • Offline
  • Registered: 2014-04-25
  • Posts: 34

Re: RBL/SPF/DKIM/DMARC Check SMTP

And how did you enable all those checks for external SMTP servers? I added the RBL lists to main.cf, but it seems like it’s not working — I’m still getting a lot of spam, and when I check the SMTP server that sent the email, it’s listed on RBLs.
I’m using Debian 12.

main.cf

permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_non_fqdn_recipient
reject_unlisted_recipient
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
check_policy_service inet:127.0.0.1:7777
check_policy_service inet:127.0.0.1:12340

4 Reply by dave.opc

  • dave.opc
  • Member
  • Offline
  • Registered: 2019-07-08
  • Posts: 109

Re: RBL/SPF/DKIM/DMARC Check SMTP

i told you, i had to manually assign ip/dns because via dhcp it wasn't working

5 Reply by juanpablopwr

  • juanpablopwr
  • Member
  • Offline
  • Registered: 2014-04-25
  • Posts: 34

Re: RBL/SPF/DKIM/DMARC Check SMTP

dave.opc wrote:

i told you, i had to manually assign ip/dns because via dhcp it wasn't working

I noticed that it doesn’t work with Google’s DNS queries! I’m currently not using DHCP on the server — the DNS settings are static.
And how did you enable SPF checks for external servers when they send emails to your server?

6 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 968

Re: RBL/SPF/DKIM/DMARC Check SMTP

Thats done with SA and amavis

7 Reply by juanpablopwr

  • juanpablopwr
  • Member
  • Offline
  • Registered: 2014-04-25
  • Posts: 34

Re: RBL/SPF/DKIM/DMARC Check SMTP

Hi, how are you? I wanted to let you know that I solved the RBL check issue as mentioned above, by adding a custom DNS and installing Unbound on Debian 12.

Previously, I modified the following lines in my Postfix main.cf file in this order:

permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:7777,
check_policy_service inet:127.0.0.1:12340

This only started working after I enabled a custom DNS server, because I found online that Spamhaus does not accept DNS requests from Google DNS. Once I configured a local DNS server, it started working without any problems.
Now I’m going to test it for a week and see if, in addition to the RBL lists, I should add SPF and DMARC checks — or if I’ll just add DKIM, since that already checks both.