post...@corwyn.net put forth on 9/10/2010 10:28 AM:
>
>
> Hi!
>
> what I'd like to do is block all emails from individual contries based
> on sender email address (.au, .jp, etc)
>
> In reading the docs, it looks like I can block particular domains with
> check_client_access and check_sender_access
>
> When I read through the docs for those two fucntions, it looks like I
> can block with
> domain.tld REJECT
> or
> .domain.tld REJECT
>
> but what I want is to just block
> .tld REJECT
>
> but that doesn't appear to work that way (no surprise, as the docs don't
> indicate that will work).
>
> Is there a ready way to do this?
/etc/postfix/ptr-tld.pcre
# ban the following TLDs in FQrDNS names
/^.*?(info|tv|ru|cn|kr|jp)$/i 550 We do not accept mail from .$1 domains
/etc/postfix/main.cf
...
smtpd_foo_restrictions
...
check_client_access pcre:/etc/postfix/ptr-tld.pcre
...
That'll get you blocking rDNS TLDs quickly and easily, and it's not
restricted to country TLDs--you can add .com and .net if you like, but
that would be counter productive. Adding TLDs to the block list is
quick and painless: just edit the file, add TLD, save, and "postfix
reload".
Now, if you really want to SMTP block clients from an entire country,
you'll need to use a CIDR table and country subnet information from
ipdeny.com. The process to do so is much more complex requiring
multiple steps. I believe there are some *nix scripts out there to
automate the process but they are geared toward iptables and netfilter,
not Postfix smtpd. If you'd like to do this as well, let me know, and
I'll write up some instructions. I use it here but I set it up once,
quite some time ago to block a handful of countries, and haven't
monkeyed with it much since. It's not difficult if you're familiar with
CIDR tables, SED, and using cat to append one file to another.
--
Stan
