Thanks!
> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Noel Jones > Sent: Tuesday, January 20, 2015 12:15 PM > To: postfix-users@postfix.org > Subject: Re: Temporarily block all messages from a particular IP > > On 1/20/2015 10:49 AM, Rosenbaum, Larry M. wrote: > > What would be the best method for (temporarily) blocking all mail > > from a particular (internal) IP? Or alternatively, blocking all mail > > with a particular "MAIL FROM" address? > > > > > > > > For instance, blocking all mail from 1.2.3.4, or alternatively, from > > bro...@badhost.example.com <mailto:bro...@badhost.example.com>. > > > In postfix, you can use a check_client_access table to block by > client hostname or IP, or a check_sender_access table to block by > the MAIL FROM sender address or domain. If the client happens to be > listed in mynetworks, and blacklist will need to be before > permit_mynetworks (or before permit_sasl_authenticated if they use > AUTH). > > General docs are here: > http://www.postfix.org/SMTPD_ACCESS_README.html > > > Simple example: > do this in smtpd_client_restrictions to prevent accidents. > > # main.cf > smtpd_client_restrictions = > check_client_access hash:/etc/postfix/client_blacklist > check_sender_access hash:/etc/postfix/sender_blacklist > ... any other restrictions ... > > > # client_blacklist > # list IP or client hostname to block > 192.0.2.125 REJECT bad client > badhost.example.com REJECT bad client > > # Sender blacklist > # list sender email address or domain given in MAIL FROM command > bo...@example.com > annoying.domain.example.com > > > Alternately, you can use the local machine firewall or a null route > to block their access. > > > The purpose would be if some departmental server has a runaway > > process that is spewing out error messages on the weekend and there > > is a delay in contacting the sysadmin to shut it down. > > Pull their network cable? I suppose they could consider that impolite. > > > > > -- Noel Jones
