Blacklist & Whitelist

--

Blacklist & Whitelist with Postfix

In this little howto, I will describe, howto configure whitelist and / or blacklist to your postfix installation.

There are two different parameters we can set in postfix, which acts differently.

check_client_access

Blocks by client IP, Client IP Range or Hostname

check_sender_access

Block by sender e-mail address (In the FROM field)

# block by client IP, IP range, hostname

 check_client_access hash:/etc/postfix/client_checks

# block by sender e-mail address. (In the FROM field)

 check_sender_access hash:/etc/postfix/sender_checks

It is important that check_client_access and check_sender_access are defined as some of the first in smtpd_recipient_restrictions.

We do this, so the e-mail is not caught by some of the other filters we have set.

Here is an sample output of the main.cf file.

/etc/postfix/main.cf smtpd_recipient_restrictions =    check_client_access hash:/etc/postfix/client_checks,    check_sender_access hash:/etc/postfix/sender_checks,    etc....    etc....

We will define the whitelist or blacklist with and OK or REJECT, followed by an optional answer text. 

OK is allowed 

REJECT is block 

/etc/postfix/client_checks # Restricts which clients this system accepts SMTP connections from.  example.com               REJECT No spammers .example.com              REJECT No spammers, from your subdomain 123.456.789.123           REJECT Your IP is spammer 123.456.789.0/24          REJECT Your IP range is spammer 321.987.654.321           OK

@example.com         REJECT We don't want your email example2.com             OK

When a change have been made to any of the files, remember to run postmap, for postfix lookup tables updates, and reload postfix.

#postmap /etc/postfix/client_checks #postmap /etc/postfix/sender_checks

#/etc/init.d/poexample1.com              OK  /etc/postfix/sender_checks # Restricts sender addresses this system accepts in MAIL FROM commands.  example.com              REJECT env. from addr any@example.com rejected .example.com             REJECT env. from addr any@sub.example.com rejected userstfix reload

That was it, quite simple. 

-------