Sender domain based blocking to certain domains

Fri, 08 Apr 2016 06:11:51 -0700 

Hi, everyone,

In need to block/reject one of my hosted domains foo.tld from sending
emails to a couple of external domains, while not restricting sending
to other domains like gmail.com nor restricting any of my other hosted
domains i.e. bar.tld from sending to these "bad domains". I also need
to stop "bad domains" from sending to the foo.tld. So far the only
solution that I've been able to make work has been to create a new
restriction_class. Correct me if me logic isn't correct, but this
works fine for blacklisting (or for whitelisting exeptions), because
of the permit.

SENDING server:

smtpd_recipient_restrictions =
        check_sender_access hash:/etc/postfix/footld_sender,
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        permit_mynetworks,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/verify_domains,
        permit

footld_sender contains:
    #postmaster exeption
    postmas...@foo.tld OK
    foo.tld bad_domains

smtpd_restriction_classes =
   bad_domains

bad_domains =
        check_recipient_access hash:/etc/postfix/bad_domains,
        permit

bad_domains contains:

tld           REJECT not allowed
    bad.tld     REJECT did you mean GOOD.tld




RECEIVING server:

smtpd_sender_restrictions =
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        check_sender_access hash:/etc/postfix/helo_access,   <-
restricts external IPs from sending with my own domain name
        warn_if_reject check_sender_access
pcre:/etc/postfix/sender_access,   <- old blacklist of TLDs we blacked
(pretty much for logging purposes only)
        hash:/etc/postfix/access_blacklist,   <- our own custom
blacklist of known spammers/UBE senders
        permit
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unknown_recipient_domain,
        reject_unknown_client_hostname,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        check_policy_service inet:127.0.0.1:60000
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        check_policy_service unix:private/policy,
        permit

smtpd_relay_restrictions =
        permit_mynetworks,
        reject_unauth_destination



sending server and receiving servers are two different machines.

Reply via email to