http://www.postfix.org/RESTRICTION_CLASS_README.html

IP rang Banglalink & GP

116.58.200.0/21

203.223.92.0/22

119.30.32.0/20

123.108.240.0/22

202.56.4.0/22

-------

How to restrict user from using different forged sender email in postfix?

Enforcing a match between FROM address and sasl username

Postfix - restrict authenticated senders to their own e-mail address in MAIL FROM.

Postfix : How to reject sender addresses that don't exist only for local domains

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# cd /etc/postfix

touch  local_domains 

touch  restricted-mail-groups

touch  allowed-users    

touch restricted_senders 

postmap  local_domains 

postmap restricted-mail-groups

postmap  allowed-users

postmap restricted_senders 

###-----Group Email restricted

###----SENDING OUT RESTRICTIONS

smtpd_restriction_classes = insiders_only, local_only

insiders_only = check_sender_access hash:/etc/postfix/allowed-users, reject

local_only = check_recipient_access hash:/etc/postfix/local_domains, reject

### SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

        check_sender_access hash:/etc/postfix/restricted_senders,

        permit_mynetworks,

        permit_sasl_authenticated,

##### SMTPD RECIPIENT RESTRICTIONS 

smtpd_recipient_restrictions =

        check_recipient_access hash:/etc/postfix/restricted-mail-groups,

        check_sender_access hash:/etc/postfix/restricted_senders,

        permit_mynetworks,

        permit_sasl_authenticated,

----------- Group mail restriction ---------------------------

# vi /etc/postfix/allowed-users

###----Allow Group Sent users----#####

u1@worldcm.net       OK

u2@worldcm.net       OK

u10@worldcm.net      OK

abc@worldcm.net      OK

xyz@worldcm.net      OK

# vi /etc/postfix/restricted-mail-groups

####--- Allow group Mail IDs-----#####

office@worldcm.net       insiders_only

hr@worldcm.net            insiders_only

admin@worldcm.net     insiders_only

alluser@worldcm.net     insiders_only

---------------- only send Local mail ------------------------------------------

# vi /etc/postfix/local_domains 

## Local Domain##

worldcm.net       OK

# vi /etc/postfix/restricted_senders 

### Local Domain User##

f1@worldcm.net        local_only

f10@worldcm.net      local_only

asd@worldcm.net      local_only

----------------     ######################################

Restricting specific users from sending email to external domains in Postfix centos

To restrict specific users from sending emails to external domains in Postfix on CentOS, you can achieve this by using sender-dependent transport maps. This method allows you to control the delivery of emails based on the sender's address. Here's how you can set it up:

• Configure main.cf Configuration: Open the Postfix main configuration file /etc/postfix/main.cf in a text editor and add the following lines at the end:

• Create transport and sender_dependent_transport Files: Create the two files by running:

• Edit transport File: Open the transport file in a text editor and add the following line to specify a default transport for all external domains:

• Edit sender_dependent_transport File: Open the sender_dependent_transport file in a text editor and add lines to specify specific users and their allowed transport. For example:

• Leave the colon (:) at the end of each line to indicate that no transport should be applied.

• Generate Hash Files: Generate the hash files for transport and sender_dependent_transport by running:

• Restart Postfix: After making these changes, restart the Postfix service to apply the new configurations:

• sudo systemctl restart postfix

Edit main.cf Configuration: Open the Postfix main configuration file /etc/postfix/main.cf in a text editor and add or modify the following line:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Relay Host - multiple Domain

#  [root@mail postfix]#        vi /etc/postfix/relay_by_sender 

@worldcm.net          smtp:smtp.spamguard.cloud:587

#   vi  main.cf     [Add this line end]

sender_dependent_default_transport_maps = hash:/etc/postfix/relay_by_sender

Remove announcement details

By default Postfix appends a little announcement to outgoing messages saying that this email is powered by Postfix. It's best to give hackers as little information as possible about your server, so you should remove the banner by finding the line for smtpd_banner in the configuration file and setting it to:

smtpd_banner = $myhostname ESMTP

100 emails par hours limite per user postfix 

To limit users to sending 100 emails per hour in Postfix, you can use the postfwd policy server. Here's how to set up rate limiting to achieve this on CentOS 7:

1. Install postfwd:

If you haven't already installed the postfwd package, you can do so by using the EPEL repository:

2. Configure postfwd:

Create a configuration file for postfwd, typically located at /etc/postfix/postfwd.cf. Add the following configuration to rate limit emails for each user:

-----------------------------------

3. Configure Postfix to use postfwd:

(/etc/postfix/main.cf) and add or modify the smtpd_recipient_restrictions parameter to include the check_policy_service directive:

5. Test the rate limiting:

Now, when users send emails through your Postfix server, postfwd will enforce the rate limiting rules you defined. Users exceeding the limit will have their email delivery rate limited to 100 emails per hour.

Set to only accept local emails for delivery

 change inet_interfaces = all to ```inet_interfaces = localhost``

-------------

### Checks to remove badly formed email

Reject incoming emails that use your own domain as sender

smtpd_sender_restrictions = reject_sender_login_mismatch,  permit_sasl_authenticated

reject_unauthenticated_sender_login_mismatch,

reject_sender_login_mismatch,

reject_unlisted_sender,  permit

disable incoming mail?

You can use the inet_interfaces directive in /etc/postfix/main.cf to control what address Postfix listens on for incoming connections. If you set it to the following it will only listen on the loopback interface, which means that connections can only originate from that machine. # vi main.cf

  inet_interfaces = loopback-only

postfix reject incoming mail for certain recipients

smtpd_recipient_restrictions =     permit_mynetworks,     . . .     check_recipient_access hash:/etc/postfix/recipient_access,     . . .

In addition to the error code you can use a custom human readable, informational error message:

/etc/postfix/recipient_access:     joe@example.com   550  Mailbox doesn't exist. See https://example.com/contact     mary@example.com  550  Mary no longer works at Example Ltd. Contact Jason, instead.

As it's a hash: database, always remember to postmap /etc/postfix/recipient_access

                                        ------------------------X-------------------------------

Block incoming emails to a specific recipient

virtual aliases map (e.g. /etc/postfix/virtual_alias_maps), add the following line:

abcd@example.com devnull

In /etc/postfix/aliases, add the following line:

devnull:  /dev/null

This defines a mailbox named devnull and stores its contents in /dev/null.

Don't forget to update the alias caches and restart Postfix, for example like

postmap /etc/postfix/virtual_alias_maps  newaliases  systemctl restart postfix

                                               ------------------------------------------------------------

Restrict Sender   ---   Extranal Domain

# vi/etc/postfix/main.cf and add the line below.

smtpd_sender_restrictions = 

  check_sender_access hash:/etc/postfix/sender_access

Edit sender_access

# vi /etc/postfix/sender_access 

janedoe@acme.local  REJECT

bugsbunny@acme.com  OK

acme.com            REJECT

# postmap /etc/postfix/sender_access

Restrict Recipient  -  internal [my server mail ID]

# vi  /etc/postfix/main.cf 

smtpd_recipient_restrictions = 

  check_recipient_access hash:/etc/postfix/recipient_access,

  reject_unauth_destinations

# vi /etc/postfix/recipient_access

janedoe@acme.local  REJECT

bugsbunny@acme.com  OK

acme.com            REJECT

# postmap /etc/postfix/recipient_access

                                   ------------------------------------------------------------------

How do specific users only receive mail but do not send mail postfix centos mail server 

• Configure Header Checks: Edit the Postfix header checks configuration file /etc/postfix/header_checks or create it if it doesn't exist. Add lines like the following to reject outgoing messages for specific users

/^From:.*user1@example\.com/ REJECT Sorry, sending email is not allowed for user1@example.com

/^From:.*user2@example\.com/ REJECT Sorry, sending email is not allowed for user2@example.com

• Replace user1@example.com and user2@example.com with the email addresses of the users you want to restrict from sending emails.

• Configure Sender Restrictions: Edit the Postfix main configuration file /etc/postfix/main.cf and add the following lines to enable header checks and specify the path to the header checks file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/header_checks

header_checks = regexp:/etc/postfix/header_checks

• Create Hash File for Header Checks: Generate the hash file for the header checks by running the following commands:

sudo postmap /etc/postfix/header_checks

• Restart Postfix: After making these changes, restart the Postfix service to apply the new configurations:

• sudo systemctl restart postfix

Block outgoing mail to specific address using Postfix

smtpd_recipient_restrictions = 

check_recipient_access hash:/etc/postfix/bad_recipients, 

permit_mynetworks, 

reject_unauth_destination, 

permit

And in #   vi /etc/postfix/bad_recipients

bad_user1@example.com REJECT We don't like him

bad_user2@example.org REJECT Delivery to this user is prohibited

                         --------------------------------

Block outgoing mail to specific address using Postfix centos 

main.cf

Don't deliver mail to certain addresses

/etc/postfix/transport:

user@domain.name     discard: 

domain.name          discard:

It should already exist, but ensure there is a transport_maps parameter in your postfix main.cf file, something like

transport_maps = hash:/etc/postfix/transport

Typically you will need to run postmap transport

How to discard mails sent from a specific local user to external addresses?

Configuring Postfix to block outgoing mail to all but one domain

# vi /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

Now we need to add a line specifying which domain to allow sending to (I'm going to allow to bentasker.co.uk). To do so, insert the following lines

# vi /etc/postfix/transport

bentasker.co.uk :

* discard:

This will simply discard messages to any email address not of the domain bentasker.co.uk. If you wanted to reject with an error 

you'd use (set the error text to suit your needs)

bentasker.co.uk:

* error: Only allowing one domain

How to discard mails sent from a specific local user to external addresses?

• 1. Add following line to /etc/postfix/main.cf

     1. sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport_maps

  2. Create /etc/postfix/sender_transport_maps as follow

• • 1. user@local.domain   discard

• 3. Create postfix map file and restart postfix

• • 1. cd /etc/postfix postmap sender_transport_maps service postfix restart

Restricting specific users from sending email to external domains in Postfix

~# vim /etc/postfix/main.cf

smtpd_sender_restrictions =

                           check_sender_access hash:/etc/postfix/restricted_senders,

# vim /etc/postfix/restricted_senders

james@worldcm.net    local_only

vanessa@worldcm.net  local_only

i. Then create the restriction class "local_only" and add rules. They are executed top to bottom - first match wins:

                                                                                           # BEST

# vim /etc/postfix/main,cf

## Sendind out Restriction

smtpd_restriction_classes = local_only

local_only= 

      check_recipient_access hash:/etc/postfix/local_domains,                    

      reject

# vim /etc/postfix/local_domains

worldcm.net   OK

 ---------------------- vi main.cf -------------------

###### SENDING OUT RESTRICTIONS

smtpd_restriction_classes = local_only

local_only= 

       check_recipient_access hash:/etc/postfix/local_domains,

       reject

#SMTPD CLIENT RESTRICTIONS

smtpd_client_restrictions =

        permit_mynetworks,

#       permit_sasl_authenticated,

        check_client_access,

        hash:/etc/postfix/access,

        reject_unauth_pipelining,

        permit_inet_interfaces

#SMTPD ETRN RESTRICTIONS

smtpd_etrn_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject

# SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

        check_sender_access hash:/etc/postfix/restricted_senders,

        permit_mynetworks,

##### SMTPD RECIPIENT RESTRICTIONS , 

smtpd_recipient_restrictions =

        check_sender_access hash:/etc/postfix/restricted_senders,

        permit_mynetworks,

                   ---------------------------------------------------

restrict local user to send mail to more destinations

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders' postconf -e 'smtpd_restriction_classes = local_only' postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK domain.com                 OK otherdomain.de             OK

Allow user to send email without smtp authentication

Create a plain text file: /etc/postfix/accepted_unauth_senders, list all users' email addresses which are allowed to send email without smtp authentication. We use user email address user@example.com for example:

user@example.com OK

It's ok to use IP address instead like below:

For more allowed sender format, please check Postfix manual page: access(5).

192.168.1.1 OK 192.168.2   OK 172.16      OK

Create hash db file with postmap command:

# postmap hash:/etc/postfix/accepted_unauth_senders

Modify Postfix config file /etc/postfix/main.cf to use this text file:

smtpd_sender_restrictions =      check_sender_access hash:/etc/postfix/accepted_unauth_senders,     [...OTHER RESTRICTIONS HERE...]

Restart/reload postfix to make it work:

# /etc/init.d/postfix restart

OR

#  vi mail.cf

---------

smtpd_recipient_restrictions = 

                           check_client_access hash:/etc/postfix/accepted_unauth_senders,

smtpd_sender_restrictions = 

                           check_client_access hash:/etc/postfix/accepted_unauth_senders

#  touch /etc/postfix/accepted_unauth_senders

#   vi /etc/postfix/accepted_unauth_senders

user@worldcm.net OK

192.168.1.1 OK 1

92.168.2 OK

results@worldcm.net OK

#  postmap hash:/etc/postfix/accepted_unauth_senders

# systemctl restart postfix

Is it possible to block a certain email adress from sending email anywhere other to its own domain

smtpd_recipient_restrictions you add a line to check the sender access: check_sender_access hash:/etc/postfix/sender_access

in the file sender_access you put the email address, and the policy applied (it's better to whitelist, since you say a few users, so specifically allow them to send anywhere, then the others add a larger group.. just the domain for example).

/etc/postfix/sender_access:

user1@yourdomain.com      all user2@yourdomain.com      all @yourdomain.com           local

Then you need to define those classes.

smtpd_restriction_classes = local, all  local = check_recipient_access hash:/etc/postfix/local_dom, reject all = check_recipient_access regex:/etc/postfix/all_dom, reject

/etc/postfix/local:

domain1.com    OK domain2.com    OO

/etc/postfix/all:

^*@*  OK

Block outgoing mail to specific address using Postfix

#  vi main.cf

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/bad_recipients, permit_mynetworks, reject_unauth_destination, permit

 # vi /etc/postfix/bad_recipients

bad_user1@example.com REJECT We don't like him bad_user2@example.org REJECT Delivery to this user is prohibited

OR

• 1. main.cf if it is not already there:

     1. transport_maps = hash:/etc/postfix/transport

  2. Add this line to the file "/etc/postfix/transport"

• • 1. abc@example.com     discard

Postfix block local user from sending

wrote a vim /etc/postfix/sender_access file with the following lines

# cat sender_access joe REJECT joe@mail.example.com REJECT

# ADDRESS PATTERNS         # ACTION sender@example.com         550 Blacklisted domain.com                 REJECT user@                      REJECT

And loaded as a hash postmap hash:sender_access, then I added in main.cf the row

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

postfix: block emails to external addresses

/etc/postfix/main.cf

    transport_maps = hash:/etc/postfix/transport

etc/postfix/transport:

    example.org  :

    *      error:destination unauthorized

Restricting who can send to an email address

vi /etc/postfix/main.cf:

smtpd_recipient_restrictions =   check_recipient_access hash:/etc/postfix/protected_destinations,   permit_mynetworks,   reject_unauth_destination

smtpd_restriction_classes = insiders_only

insiders_only = check_sender_access hash:/etc/postfix/insiders, reject  /etc/postfix/protected_destinations: protected.list@example.com insiders_only  /etc/postfix/insiders: allowed.user@example.com OK another.allowed.user@example.com OK

# vi /etc/postfix/main.cf

### Group Email

smtpd_restriction_classes = insiders_only

insiders_only = check_sender_access hash:/etc/postfix/allowed-users, reject

#SMTPD CLIENT RESTRICTIONS

smtpd_client_restrictions = 

    permit_mynetworks 

    check_client_access hash:/etc/postfix/access 

    reject_unauth_pipelining 

    permit_inet_interfaces

#SMTPD ETRN RESTRICTIONS

smtpd_etrn_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject

# SMTPD SENDER RESTRICTIONS

smtpd_sender_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        check_sender_access hash:/etc/postfix/access,

        reject_non_fqdn_sender,

        reject_unknown_sender_domain,

        reject_sender_login_mismatch,

        reject_unlisted_sender,

        reject_unauth_pipelining,

        reject_non_fqdn_hostname,

        reject_unauth_destination

##### SMTPD RECIPIENT RESTRICTIONS , 

smtpd_recipient_restrictions =

check_recipient_access hash:/etc/postfix/restricted-mail-groups,

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        reject_invalid_hostname,

        check_recipient_access hash:/etc/postfix/access,

        check_client_access hash:/etc/postfix/access,

        check_sender_access hash:/etc/postfix/access,

        reject_unauth_pipelining,

        reject_non_fqdn_sender,

        reject_unknown_recipient_domain,

        reject_non_fqdn_recipient,

        reject_unknown_sender_domain,

        reject_unlisted_recipient,

        reject_multi_recipient_bounce

[root@mail yum.repos.d]# cd /etc/postfix/

[root@mail postfix]#  vi restricted-mail-groups        # [group mail IDs]

  alluser@worldcm.net     insiders_only                     

 office@worldcm.net      insiders_only

[root@mail postfix]#  vi allowed-users                  # user [ who can sent]

  admin@worldcm.net   OK

  hr@worldcm.net      OK

# postmap restricted-mail-groups

# postmap allowed-users  

                                 ----------------------------------------------------------

# vi /etc/postfix/header_checks

/Your E-mail Account storage capacity is low/      REJECT

Create BCC of incoming and outgoing mails without knowing the users - Postfix

Postfix provides three mechanisms:

    always_bcc = address

        Deliver a copy of all mail to the specified address.

    sender_bcc_maps = type:table

        Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address.

    recipient_bcc_maps = type:table

        Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address.

These features are implemented in postfix 2.1 and later versions.

always_bcc

Add the following entry in /etc/postfix/main.cf to forward all mails in the server to administrator@example.com.

always_bcc = administrator@example.com

sender_bcc_maps and recipient_bcc_maps

You can setup these functions as follows.

[root@postfix ~]# touch /etc/postfix/sender_bcc

[root@postfix ~]# touch /etc/postfix/recipient_bcc

[root@postfix ~]# postmap sender_bcc

[root@postfix ~]# postmap recipient_bcc

Then, open /etc/postfix/main.cf and add the following lines in it.

sender_bcc_maps = hash:/etc/postfix/sender_bcc

recipient_bcc_maps = hash:/etc/postfix/recipient_bcc

verify the following files are generated once the above steps are finished.

/etc/postfix/recipient_bcc.db

/etc/postfix/sender_bcc.db

You can add entries as like follows in sender_bcc and recipient_bcc. This will forward mails from user@domain.com to other@example.com.

[root@postfix ~]# cat /etc/postfix/sender_bcc

user@domain.com other@example.com

[root@postfix ~]# cat /etc/postfix/recipient_bcc

user@domain.com other@example.com

Finally reload postfix,

[root@postfix ~]# postfix reload

###################################################################################################################

REALY SERVER:-SMTP

myhostname = mail2.mitalifashions.net

mydomain = mail2.mitalifashions.net

myorigin = $mydomain

#relayhost = mail.mitalifashions.net

mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.mitalifashions.net, mail2.mitalifashions.net, 202.161.179.68/32

mynetworks = 192.168.13.0/24, 127.0.0.0/8, 202.161.179.64/27, 203.82.195.0/24, 202.161.179.69/32, 203.202.240.226/32, 202.161.191.108/32, 203.112.73.0/24, 203.82.195.75/32, 202.40.181.0/24, 202.161.191.104/32, 117.18.224.0/21, 202.161.179.68/32, 202.84.36.202/32

inet_interfaces = all

############################################################################

Mail Block

Postfix blacklist or reject an email address

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file

# cd /etc/postfix

# vi sender_access 

Append sender email id as follows:

user@abadboy.com REJECT

Save and close the file. Use postmap command to create a database:

# postmap hash:sender_access 

Now open main.cf and add code as follows:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

Save and close the file. Restart / reload postfix MTA:

# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:

# vi /etc/mail/spamassassin/local.cf

Append blacklist as follows:

blacklist_from user@abadboy.com

Save and close the file. Restart spamassassin:

# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

                    XXXXXXXXXXXXXXXXXXXXXXXXXXXXX-----------XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX--------------------

There are a handful of sites that continuously send SPAM to my server and seem to avoid getting listed on the blacklist servers. I'm trying to set up POSTFIX to refuse connections from these sever's IP addresses. Here is how I set up smtpd_client_restrictions in main.cf:

smtpd_client_restrictions = 

check_client_access hash:/Library/Server/Mail/Config/postfix/client_checks

permit_mynetworks

permit_sasl_authenticated

reject_rbl_client bl.spamcop.net

reject_rbl_client zen.spamhaus.org

permit

The content of /Library/Server/Mail/Config/postfix/client_checks:

94.242.161.0/24 REJECT Your IP range is spammer

141.255.161.0/24 REJECT Your IP range is spammer

192.95.54.0/24 REJECT Your IP range is spammer

198.50.229.0/24 REJECT Your IP range is spammer

198.50.171.0/24 REJECT Your IP range is spammer

For some reason POSTFIX isn't blocking SMTP connections from these IP addresses.

Is there some other command that I need to specify for smtpd_client_restrictions to get processed?

Is the syntax of my client check incorrect?

            -----------------------------------------------------------

 How to block postfix connection to a specific ip address

Figured out what the problem was in getting PostFix to use the check_client_access file for SMTP connections to reject.  Seems that PostFIx doesn't understand CIDR notation in the file so these entries are just ignored and no entry is made in the SMTP Log which makes it even harder to figure out what is going on.  Changing the contents of the file from:

 94.242.161.0/24                    REJECT Your IP range is spammer

141.255.161.0/24                    REJECT Your IP range is spammer

192.95.54.0/24                    REJECT Your IP range is spammer

198.50.229.0/24                    REJECT Your IP range is spammer

198.50.171.0/24                    REJECT Your IP range is spammer

 to only listing the leading octets of the IP address works.  Now the REJECT message appears in the SMTP log and the connection from these IP address ranges are dropped on connection and the irritating spam that is missed by the blacklist servers in gone.  Nice!!! 

# Restricts which clients this system accepts SMTP connections from.

 94.242            REJECT Your IP range is spammer

141.255         REJECT Your IP range is spammer

192.95.54      REJECT Your IP range is spammer

198.50.229   REJECT Your IP range is spammer

23.89.158     REJECT Your IP range is spammer

216.55.165   REJECT Your IP range is spammer

 XXX--------------------------XXXXXXXXXXXXXXXXXXXXXXXXXX------------------------XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

To accomplish the task in Postfix, blocking only SMTP connections from those 

IP addresses: 

edit: /etc/postfix/main.cf 

smtpd_[client/recipient]_restrictions = 

        ... 

        check_client_access hash:/etc/postfix/blacklist 

        ... 

# [client/recipient] selection depends on whether you use the "everything 

under smtpd_recipient_restrictions" style main.cf layout. 

create: /etc/postfix/blacklist 

... 

1.2.3.4 REJECT 

4.3.2.1 REJECT 

3.2.1.4 REJECT 

... 

/$ postmap /etc/postfix/blacklist 

/$ postfix reload 

Simply eh? 

Or to deny all port access from those IPs, if using Linux, use Netfilter: 

/$ iptables -I INPUT -s 1.2.3.4 -j DROP 

/$ iptables -I INPUT -s 4.3.2.1 -j DROP 

/$ iptables -I INPUT -s 3.2.1.4 -j DROP 

iptables inputs are non persistent across reboots.  Without knowing what 

OS/distro you're using, I'll give generic instructions on running this at 

system startup instead of rc.* instructions. 

As root, create something like /usr/bin/load_iptables.sh and make sure the 

execute bit is set. 

#! /bin/sh 

iptables -I INPUT -s 1.2.3.4 -j DROP 

iptables -I INPUT -s 4.3.2.1 -j DROP 

iptables -I INPUT -s 3.2.1.4 -j DROP 

As root create this crontab entry usually with "crontab -e" 

@reboot /usr/bin/load_iptables.sh 

Now all packets from those IPs will be dropped.  Hope this helps. 

------XXXXXXXXXXXXXX---------------------------XXXXXXXXXXXXXXXXXXXXX------------XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Blacklist & Whitelist with Postfix

In this little howto, I will describe, howto configure whitelist and / or blacklist to your postfix installation. 

There are two different parameters we can set in postfix, which acts differently. 

check_client_access 

Blocks by client IP, Client IP Range or Hostname 

check_sender_access 

Block by sender e-mail address (In the FROM field) 

#block by client IP, IP range, hostname

  check_client_access hash:/etc/postfix/client_checks 

#block by sender e-mail address. (In the FROM field)

  check_sender_access hash:/etc/postfix/sender_checks 

It is important that check_client_access and check_sender_access are defined as some of the first in smtpd_recipient_restrictions. 

We do this, so the e-mail is not caught by some of the other filters we have set. 

Here is an sample output of the main.cf file.

/etc/postfix/main.cf smtpd_recipient_restrictions =    check_client_access hash:/etc/postfix/client_checks,    check_sender_access hash:/etc/postfix/sender_checks,    etc....    etc....

We will define the whitelist or blacklist with and OK or REJECT, followed by an optional answer text. 

OK is allowed 

REJECT is block 

/etc/postfix/client_checks # Restricts which clients this system accepts SMTP connections from.  example.com               REJECT No spammers .example.com              REJECT No spammers, from your subdomain 123.456.789.123           REJECT Your IP is spammer 123.456.789.0/24          REJECT Your IP range is spammer 321.987.654.321           OK example1.com              OK  /etc/postfix/sender_checks # Restricts sender addresses this system accepts in MAIL FROM commands.  example.com              REJECT env. from addr any@example.com rejected .example.com             REJECT env. from addr any@sub.example.com rejected user@example.com         REJECT We don't want your email example2.com             OK

When a change have been made to any of the files, remember to run postmap, for postfix lookup tables updates, and reload postfix.

#postmap /etc/postfix/client_checks #postmap /etc/postfix/sender_checks #/etc/init.d/postfix reload

That was it, quite simple. 

-----------------------------------------------------------

Block outgoing mail to specific address using Postfix

As described in access(5), just add a check_recipient_access map to your smtpd_recipient_restrictions;

if you wish to block these recipients for your own users too, make sure to place it before permit_mynetworks and/or permit_sasl_authenticated.

# Main.cf

Is it possible to block a certain email adress from sending email anywhere other to its own domain

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxxxxxxxxxXXXXXXXXXXXXXXXXXXXXXXXXXxXXXXXXXXXXXXXXXXXXXXXXX

Create/edit three files:

nano /etc/postfix/body_checks

nano /etc/postfix/header_checks

and final file have example data (I will create an example user for testing purposes):

[root@mail ~]# vi /etc/postfix/header_checks

# add at the head

# reject if email address is empty

/^From:.*<#.*@.*>/ REJECT

/^Return-Path:.*<#.*@.*>/ REJECT

[root@mail ~]# vi /etc/postfix/body_checks

# reject if includes 'example.com' in mail body

/^(|[^>].*)example.com/ REJECT

------------------------------------------------------

Tuning the number of Postfix processes

/etc/postfix/master.cf:     # ====================================================================     # service type  private unpriv  chroot  wakeup  maxproc command + args     #               (yes)   (yes)   (yes)   (never) (100)     # ====================================================================     . . .     smtp      inet  n       -       -       -       10      smtpd

-----main.cf---------------------------------------------------------

smtpd_recipient_limit = 300

default_process_limit = 300

default_destination_concurrency_limit = 200

---------------------------------------------------------------------------------------------

Comments from Brad Knowles

default_destination_concurrency_limit=50  default_destination_recipient_limit=50  default_process_limit=200  smtp_mx_session_limit=100  smtpd_client_connection_count_limit=100  smtp_destination_concurrency_limit=100  maximal_backoff_time = 1000s  minimal_backoff_time = 300s

Add this stuff to block bad SMTP requests

# vi /etc/postfix/main.cf

smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp: /etc/postfix/helo.regexp, permit

/etc/postfix/helo.regexp

Create /etc/postfix/helo.regexp and set contents to:

/^subdomain\.host\.com$/        550 Don't use my own hostname

/^xxx\.yyy\.zzz\.xxx$/             550 Don't use my own IP address

/^\[xxx\.yyy\.zzz\.xxx\]$/       550 Don't use my own IP address

/^[0-9.]+$/                              550 Your software is not RFC 2821 compliant

/^[0-9]+(\.[0-9]+){3}$/           550 Your software is not RFC 2821 compliant

-------------