Postscreen is a handy feature of Postfix 2.9 and on, if you want to prevent degrading the performance of your server box with frequent external invalid requests. It actually implements a set of basic tests before the remote server could even initiate SMTP transport.  It’s features are vast, and you can read about it here.

First, if you have Postfix < v2.9, you’ll need to upgrade it to a newer version, and one way is using this howto.

If done, insert a small config code at the end of

postscreen_access_list = permit_mynetworks,
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =*3*2*2*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
postscreen_whitelist_interfaces =, static:all
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
meta_directory = /etc/postfix
shlib_directory = no

The config aboove will do a moderate compliancy check of a mail server before it will allow it to start the SMTP transport.

There’s a whitelist file that needs to be at least touched, where you an actyally whitelist remote servers that will not go thru the postscreen checks. The matter is that this configuration enables greylisting, so your emails will initially delayed at least for the 1st trasport try, until postfix whitelists them in it’s database. So, I usually put gmail’s IPs here, because it’s real pain to until postfix tracks them all down:

vi /etc/postfix/postscreen_access.cidr and enter:

#gmail whitelist            permit         permit           permit          permit          permit           permit          permit        permit         permit         permit         permit

This is the current list of gmail’s IPs, but you can contact google on how to obtain an up to date. For my oppinion, there’s no signifficant need to update them manually, becaue posfix will eventually whitelist them on it’s own when a new smaller IP range comes up.

And now, let’s enable Postscreen. open and comment out the smtp transport line at the beginning, and remove comments from

smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy

which are probably at the end of your line.

service postfix restart

and good luck!