On 1/20/2015 10:49 AM, Rosenbaum, Larry M. wrote: > What would be the best method for (temporarily) blocking all mail > from a particular (internal) IP? Or alternatively, blocking all mail > with a particular “MAIL FROM” address? > > > > For instance, blocking all mail from 1.2.3.4, or alternatively, from > bro...@badhost.example.com <mailto:bro...@badhost.example.com>.
In postfix, you can use a check_client_access table to block by client hostname or IP, or a check_sender_access table to block by the MAIL FROM sender address or domain. If the client happens to be listed in mynetworks, and blacklist will need to be before permit_mynetworks (or before permit_sasl_authenticated if they use AUTH). General docs are here: http://www.postfix.org/SMTPD_ACCESS_README.html Simple example: do this in smtpd_client_restrictions to prevent accidents. # main.cf smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_blacklist check_sender_access hash:/etc/postfix/sender_blacklist ... any other restrictions ... # client_blacklist # list IP or client hostname to block 192.0.2.125 REJECT bad client badhost.example.com REJECT bad client # Sender blacklist # list sender email address or domain given in MAIL FROM command bo...@example.com annoying.domain.example.com Alternately, you can use the local machine firewall or a null route to block their access. > The purpose would be if some departmental server has a runaway > process that is spewing out error messages on the weekend and there > is a delay in contacting the sysadmin to shut it down. Pull their network cable? I suppose they could consider that impolite. -- Noel Jones
