On 09/10/2010 05:28 PM, post...@corwyn.net wrote:
Hi!
what I'd like to do is block all emails from individual contries based
on sender email address (.au, .jp, etc)
What makes you think those are dependable criteria for filtering ?
In reading the docs, it looks like I can block particular domains with
check_client_access and check_sender_access
Yes and no - they don't do the same thing.
check_client_access does accept domain names, but will test the client
IPs PTR record. This is somewhat useful, but entirely unrelated to:
check_sender_access tests the envelope sender (domain, in your example)
- if the sending client is an open relay, this tells you nothing.
You would have to add sender verification callout to all your mail
reception for this test to have much meaning, and that adds delays.
When I read through the docs for those two fucntions, it looks like I
can block with
domain.tld REJECT
or
.domain.tld REJECT
but what I want is to just block
.tld REJECT
but that doesn't appear to work that way (no surprise, as the docs
don't indicate that will work).
Says who ?
A top level domain is still a domain.
Inadvisable as it would be to block one, nothing prevents you from doing so.
However, subdomain matching in postfix is dependent on the setting of
parent_domain_matches_subdomains, which defaults to
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
Make sure smtpd_access_maps is in fact included in your configuration.
--
J.
