Jun 272016

SMTPUTF8 is one of extended/enhanced SMTP feature. The protocol format was defined in RFC 6531.Latest postfix-3.1, support for SMTPUTF8 feature (since version 2.12) and this is how to install/compile it on CentOS 7.

Install libicu-devel, if it’s not install yet.

# yum -y install libicu-devel

Download postfix-3.1 rpm source

# wget http://repos.oostergo.net/7/SRPMS/postfix-3.1.1-1.el7.centos.src.rpm

Rebuild the source

# rpmbuild --rebuild postfix-3.1.1-1.el7.centos.src.rpm

Upgrade existing postfix

# cd rpmbuild/RPMS/x86_64/
# rpm -Uvh postfix-3.1.1-1.el7.centos.x86_64.rpm postfix-perl-scripts-3.1.1-1.el7.centos.x86_64.rpm

Test it

# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 web-server.localdomain ESMTP Postfix
ehlo localhost
250-SIZE 10240000
May 252016

in order to make rbldnsd as rhsbl authoritative nameserver for unbound, the simple way is to create stub-zone like this:

        name: "rhsbl.example.com."

if we configured unbound as iterator and validator, this minimal configuration will not work. when you query for example:

# dig blacklisted.domain.com.rhsbl.example.com

we will get “SERVFAIL” replied.
the simple way is by turned off validator function in unbound, but if we still want validator function in unbound, we can simply exclude our rhsbl zone in stub-zone as insecure domain.

domain-insecure: "rhsbl.example.com."

now, we wlll get reply as expected

# dig blacklisted.domain.com.rhsbl.example.com +short

and in rbldnsd start up config

RBLDNSD="dsbl -r/var/lib/rbldnsd -t 300 -b rhsbl.example.com:dnset:hosts"

happy blacklisting 😀

combined with checkdbl.pl script here: http://www.kutukupret.com/2010/12/03/postfix-header_checks-using-tcp_table-and-checkdbl-pl-script/ we can use it as header_checks map. here’s the result:

May 25 19:11:31 mx1 postfix/cleanup[146988]: 68A203080DD: reject: header From: Dominic McXXX <McXXX@domainspammer.com> from sub.domainspammer.com[xxx.xxx.xxx.xx]; from=<McXXX@domainspammer.com> to=<myuser@example.org> proto=ESMTP helo=<spammer>: 5.7.1 domainspammer.com, which appears in the 'From' header, is listed on rhsbl.example.com