Re: Block A Sender in Postfix

Sat, 20 Nov 2010 15:54:15 -0800 

On 11/20/2010 11:35 AM, Pete wrote:

On Sat, Nov 20, 2010 at 10:57:58AM -0500, Carlos Mennens wrote:

[snip]



So I'm done trying to ask nicely and it doesn't seem like I'm going to
get any results so now I'd like to get back to my original question,
what's the best way via Postfix to stop them from sending mail to my
Postfix server? How can I block them so their mail is rejected? I'd
like to have a method in '/etc/postfix/' that I can block specific
clients (I'm assuming "clients" is the proper name for servers that
try and communicate with my SMTP server) basic on IP(s).

Can someone please tell me the recommended way to do this in Postfix?
I'm sure most of you veterans have had a time where you had to stop a
specific server from sending your Postfix server email. How do I go
about this?


Hello,

Apologies if I've missed the point of your question but here's how I
successfully do what I *think* you're trying to do :

Here's my /etc/postfix/main.cf :

smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   reject_unauth_pipelining,
   check_client_access hash:/etc/postfix/smtp_client_access,
   check_sender_access hash:/etc/postfix/smtp_sender_access,
   reject_unknown_sender_domain,
   reject_rbl_client zen.spamhaus.org,
   reject_invalid_hostname


For the 'smtp_client_access' and 'smtp_sender_access' references to work you
first need to create them using a text editor (mine's Vim) and then run as
root :

postmap hash:smtp_client_access

With the same applying for the 'smtp_sender_access' file. That command
assumes you're in the /etc/postfix directory.


OK so far...


Restart Postfix after applying
the command/s.
It is not necessary to restart postfix after rebuilding a hash: file; postfix will notice the changes and reload the modified file. 

http://www.postfix.org/DATABASE_README.html#detect

Postfix should be restarted after editing main.cf or master.cf.




The format of my smtp_client_access file is like so :

.dodgyhost.tld                         REJECT Spam sewer.
.evilspammer.tld                       REJECT Spam sewer.
The default setting of parent_domain_matches_subdomains includes smtpd_access_maps.
That means the above must not have a leading dot unless you've changed the defaults. (your entries won't break anything, but they will never match) 

See the table search order documented in:
http://www.postfix.org/access.5.html





The format of my smtp_sender_access file is like so :

barrelshoot.tld                         REJECT No thanks.
al...@example.tld                       OK
example.tld                             REJECT No thanks.
freespam.tld                            REJECT Go away.
interesting101@                         OK


OK.


  -- Noel Jones

Reply via email to