Blocking spam to postfix postmaster

RFC822 from way back in 1982 stipulates that any SMTP mail server system must accept mail for postmaster@<domain> so that someone may send email to the administrator of the email system without knowing any personal email addresses.

When setting up my postfix server I set up DNS Blacklists (DNSBL) to block email being sent from known open relays to minimise the number of spam. This was a great success and I now very rarely receive any spam to my personal address. However, a year or so back I noticed that email were coming in to the postmaster address, past any spam checks. I quickly learned that postfix by default disables any blocks for the postmaster address and when I searched the Internet it looked as if a recompilation of postfix was necessary.

Then, eventually, I found that if the value address_verify_sender is set to something else than postmaster@<domain> DNSBL could again be enabled for the postmaster alias. The value address_verify_sender is used when the mail server verifies the sender. It can be set to null but that will probably lead to problems since many mailservers will not accept it. The solution is simple – I created another alias in /etc/aliases and set the same alias to address_verify_sender in /etc/postfix/main.cf.

Now DNSBL is in place for postmaster@<domain> but it is disabled for the address used for verification. However, that address is not as easily guessed and doesn’t get any spam. Legitimate email to postmaster@<domain> still gets through so I don’t feel that this is in violation to RFC822.