Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Postfix Policy Daemon

Perl Postfix Policy daemon (see which :

  • Performs DNS Blacklist scoring - you can assign scores to each and threshold at which the mail is rejected.
  • Performs GeoIP scoring - if you don't like certain countries...
  • Performs SPF checking - does the client ip address have permission to send for the domain?
  • Performs RHSBL checks on the sender domain

This code is loosely based on :


GPL v2

What it does

  • Check SMTP envelope headers for SPF confirmity.
  • Check DNS Blacklists for the Client IP address (i.e. the IP sending mail to us)
  • Perform GeoIP scoring (client ip addr)
  • Check the sender's domain and see if it's in a RHS blacklist.

It doesn't (yet) do much with the helo (unless this is involved with the SPF check).

  1. Ignore localhost or whitelisted entities such as known backup mx / relays.
  2. Check SPF stuff
  3. Perform DNS Blacklists checks on the client IP - each has varying score/weightings. Reject if total_score > threshold
  4. Perform a GeoIP check, if e.g. it's from Nigeria, then perhaps we score it slightly higher than if it's from GB.
  5. If the total score is > a threshold, again, reject it.
  6. Perform a RHSBL check, if e.g. it's listed under then score appropriately.
  7. If the total score is > a threshold, again, reject it.

The code currently implements simplisitc caching for :

  • Sender IP Addresses - if found to be blacklisted they'll remain blacklisted for about a day
  • Sender domain addresses - if found to be blacklisted they'll remain blacklisted for about a day


  • Copy the src/ script to somewhere useful.
  • Try and install Net::DNS::BL, if you can't use bundled.
  • Install File::Cache or libfile-cache-perl [Debian]
  • You'll probably need libnetaddr-ip-perl libmail-spf-perl libsys-hostname-long-perl libgeo-ip-perl libfile-cache-perl [Debian]
  • Edit /etc/postfix/ (see below).
  • Edit /etc/postfix/ (see below) to cause the policy daemon to be used.
  • Check syslog & /var/log/mail.log to see what's going on....

(choose something more descriptive than 'policyName').

 policyName  unix  -       n       n       -       15       spawn
    user=nobody argv=/path/to/  max_idle=30 max_use=50 daemon_timeout=50

(The max_use/max_idle/daemon_timeout aren't strictly necessary but seem sensible to ensure there are no potential issues with memory leaks).

 smtpd_recipient_restrictions =
   ... whatever ...
   check_policy_service unix:private/policyName
   ... whatever ...


Not yet very automated; read/edit src/ as necessary.


cd tests

Other relevant links


Perl Postfix Policy daemon which performs DNSBL, SPF and GeoIP checking with basic scoring.




No releases published


No packages published