I’ve written a few posts on my Postfix anti-spam config, but since it’s been a while and I tweak it from time to time, here’s the config as of late December 2012:

smtpd_helo_restrictions =
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        reject_rhsbl_helo hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rhsbl_helo zen.spamhaus.org

smtpd_data_restrictions =
        reject_unauth_pipelining

smtpd_client_restrictions =
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
        reject_unknown_client_hostname

smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_unknown_address,
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rbl_client b.barracudacentral.org

smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_destination,

        permit_dnswl_client list.dnswl.org,

        check_policy_service inet:127.0.0.1:10023,

        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        reject_rhsbl_client dbl.spamhaus.org,
        reject_rhsbl_sender fresh15.spameatingmonkey.net,
        reject_rhsbl_client fresh15.spameatingmonkey.net,
        reject_rhsbl_sender uribl.spameatingmonkey.net,
        reject_rhsbl_client uribl.spameatingmonkey.net,
        reject_rhsbl_sender urired.spameatingmonkey.net,
        reject_rhsbl_client urired.spameatingmonkey.net,
        reject_rhsbl_client hostkarma.junkemailfilter.com=127.0.0.2,

        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spameatingmonkey.net,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client spamsources.fabel.dk,
        reject_rbl_client truncate.gbudb.net,
        reject_rbl_client ubl.unsubscore.com,
        reject_rbl_client aspews.ext.sorbs.net,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client backscatter.spameatingmonkey.net,
        reject_rbl_client bl.spameatingmonkey.net,
        reject_rbl_client psbl.surriel.com,
        reject_rbl_client cidr.bl.mcafee.com,
        reject_rbl_client bl.mailspike.net,
        reject_rbl_client ix.dnsbl.manitu.net,
        reject_rbl_client black.uribl.com,
        reject_rbl_client spam.spamrats.com,

        permit

I had a string of spam making it into my mailbox recently which is why I added a few new RBLs to the config, but based on dnsblcount‘s report on the number of DNSBL rejections since the beginning of the month, I can probably trim it down a little (note that the DNSBLs are queried in the order listed in your config).

b.barracudacentral.org            6457
hostkarma.junkemailfilter.com     1513
dbl.spamhaus.org                  1110
fresh15.spameatingmonkey.net        35
zen.spamhaus.org                    17
dnsbl.webequipped.com                3
ubl.unsubscore.com                   3
spam.spamrats.com                    2
truncate.gbudb.net                   2
uribl.spameatingmonkey.net           1
psbl.surriel.com                     1
dnsbl.sorbs.net                      1
bl.mailspike.net                     1
=======================================
Total DNSBL rejections:            9146

Note one additional new item I added to my postfix config is the postgrey greylisting policy service (via the check_policy_service inet:127.0.0.1:10023).