You have built your local IP blacklist for
Postfix.
Invested time to analyze server logs or Rspamd history to
blacklist single hosts, IP addresses, or even whole networks. But how well is it
working compared to public blacklists you are using? Time to see the results
and get some visual insights through Munin Monitoring
System.
Setup your blacklist for Munin
First of all, you have to decide how to visualize the data in your graph. There
are different solutions you can approach. You may want so kind of overview, to
see how many hits your blacklist has. Maybe you want to monitor or compare the
results to public or payed blacklists you are using.
By running a Postfix mail server, you need to know some commands to manage
Postfix mail queues. With this knowledge, you can manage queues and write simple
scripts to accomplish larger tasks.
First, I will list the most relevant commands you need for your daily business.
Then we will build up real-life examples to understand how these commands work,
how to use them, and when they can harm.
You know those same hosts, providers, or whole networks, who get through your
spam filter and spam your users with the same content over and over again. By
building up your blacklist in Postfix, you can stop them from bothering you and
your users. We will explain how local blacklists work in Postfix and how to use
them with
whitelists
to have better control and reduce errors.
Check before you blacklist
Blocking other hosts must be a well-thought decision because blocking single
hosts, IP addresses, or even whole networks will stop all delivery attempts to
your mail servers.
If you use any blacklists for email services, whitelisting important Hosts,
single IP Addresses, and even whole networks is an essential task. By
whitelisting valuables email services to your users or even customers, you as
admin won’t reject important email communication.
Blacklisting in Postfix
If you use any blacklist service or has your
blacklist
in your Postfix setup, you will probably find similar logs:
root@server $ grep "blocked using" /var/log/mail.log
Dec 17 4:07:18 server postfix/smtpd[21213]: NOQUEUE: reject: RCPT from
unknown[1.2.3.4]: 554 5.7.1 Service unavailable; Client host [1.2.3.4]blocked using ix.dnsbl.manitu.net; Blocked - see http://www.dnsbl.manitu.net/lookup.php?value=1.2.3.4;
from=<x0h0ihbxazf@somedomain.example> to=<cp57ouwn7zm9@mydomain.example> proto=ESMTP helo=<[1.2.3.4]>
As you can see in this example, IP Address 1.2.3.4 was blacklisted by a
third-party service.
Monitoring email queues on your favorite email server is an essential task of an
email admin, as rising queues are often an indication of problems. First, you
need to understand how queues work, manage them, and get emails enqueued.
Then build a shell script to monitor them. In the last step, you will learn how
to get smartphone push notifications by sending emails to a third-party push
service.
