I use a combination of DNS blacklists (DNSBLs) and spamassassin on my server to try and limit the amount of spam I get. I use the Postfix mail server and here is the relevant part of my Postfix main.cf config file:

smtpd_sender_restrictions = reject_unknown_address

smtpd_client_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client dnsbl-1.uceprotect.net,
        permit

message_size_limit = 15728639
disable_vrfy_command = yes
smtpd_helo_required = yes

Note that I’m using 3 DNSBLs (spamhaus, spamcop, and uceprotect — the values for reject_rbl_client) and they are placed towards the end of smtpd_client_restrictions. I only want the external DNSBL DNS lookups to occur if the mail passes the simpler checks first.

Seems to be doing a decent job. I still get a few pieces of spam that fall through the cracks, but don’t want it so aggressive that letgitimate email doesn’t get to me. Here’s the summary data from logwatch from yesterday:

        1   Reject relay denied                        0.02%
      207   Reject HELO/EHLO                           4.40%
      442   Reject unknown user                        9.40%
     4053   Reject RBL                                86.18%
 --------   ------------------------------------------------
     4703   Total Rejects                            100.00%

The DNSBLs combined rejected over 4000 pieces of mail, most of which would have likely been caught by spamassassin anyways if I didn’t have the DNSBL checks, but it’s nice that they didn’t get past my mail server and into my mailbox!