Here is how I do it: check_sender_access regexp:/etc/postfix/sender_domain_checks
here are the (partial) contents of /etc/postfix/sender_domain_checks: /\.top$/ REJECT /\.xyz$/ REJECT /\.cam$/ REJECT /\.fun$/ REJECT /\.buzz$/ REJECT /\.club$/ REJECT /\.link$/ REJECT /\.hinet\.net$/ REJECT Since I'm using AlmaLinux, a derivative of RHEL, it does not have PCRE because Redhat decided to remove it entirely from RHEL. Thus, I had to convert all my "pcre:" into "regexp:", like the above. On Tue, 7 Feb 2023 16:49:13 -0500 James Pifer <j...@obrien-pifer.com> wrote: > Hello all. I'm trying to block some TLDs and everything I try I'm > getting: 451 4.3.5 <em...@gmail.com>: Sender address rejected: Server > configuration error; > > Obviously this is a configuration issue. I've tried following these > sites among others: > https://forum.centos-webpanel.com/index.php?topic=10649.0 > https://www.davidmartinwhite.com/2016/10/25/fighting-spam-block-entire-ttld-with-postfix/ > https://www.ericmichaelstone.com/how-to-block-an-entire-tld-in-postfix/ > > Hoping there's and easy fix in my configuration. Sorry, not a postfix > expert. If you see any issues in my config I would appreciate suggestions. > > Thanks > > > My /etc/postfix/reject_domains looks like: > > /\.(pro)$/ REJECT We reject all .pro domains > /\.(date)$/ REJECT We reject all .date domains > /\.(science)$/ REJECT We reject all .science domains > /\.(top)$/ REJECT We reject all .top domains > /\.(download)$/ REJECT We reject all .download domains > /\.(work)$/ REJECT We reject all .work domains > /\.(click)$/ REJECT We reject all .click domains > /\.(link)$/ REJECT We reject all .link domains > /\.(diet)$/ REJECT We reject all .diet domains > /\.(review)$/ REJECT We reject all .review domains > /\.(party)$/ REJECT We reject all .party domains > /\.(zip)$/ REJECT We reject all .zip domains > /\.(xyz)$/ REJECT We reject all .xyz domains > /\.(stream)$/ REJECT We reject all .stream domains > /\.(bid)$/ REJECT We reject all .bid domains > /\.(store)$/ REJECT We reject all .store domains > > > > My /etc/postfix/main.cf > > virtual_alias_maps = hash:/etc/postfix/virtual > relay_domains = mydomain.com > relayhost = 192.168.1.188:25 > mynetworks = 192.168.188.0/24 > recipient_delimiter = + > #debug_peer_list = 0.0.0.0 > > smtpd_restriction_classes = sender_white_list > sender_white_list = check_client_access > hash:/etc/postfix/check_client_access > > ####### AS SOON AS I UNCOMMENT THESE TWO LINES I GET THE ERROR ON ALL > EMAILS###### > #smtpd_recipient_restrictions = > # check_sender_access pcre:/etc/postfix/reject_domains > > smtpd_helo_required = yes > smtpd_helo_restrictions = > permit_mynetworks > permit_sasl_authenticated > check_helo_access hash:/etc/postfix/helo_access > reject_invalid_helo_hostname > reject_non_fqdn_helo_hostname > # reject_unknown_helo_hostname ###### Commented out 01/30/2023 ###### > # reject_rhsbl_helo dbl.spamhaus.org, > # reject_rhsbl_reverse_client dbl.spamhaus.org, > # reject_rhsbl_sender dbl.spamhaus.org, > # reject_rbl_client zen.spamhaus.org > > smtpd_client_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unknown_sender_domain, > reject_unknown_reverse_client_hostname, > reject_unknown_client_hostname, > #...the rest of them, > permit
