Blacklist & Whitelist
--
Blacklist & Whitelist with Postfix
In this little howto, I will describe, howto configure whitelist and / or blacklist to your postfix installation.
There are two different parameters we can set in postfix, which acts differently.
check_client_access
Blocks by client IP, Client IP Range or Hostname
check_sender_access
Block by sender e-mail address (In the FROM field)
# block by client IP, IP range, hostname
check_client_access hash:/etc/postfix/client_checks
# block by sender e-mail address. (In the FROM field)
check_sender_access hash:/etc/postfix/sender_checks
It is important that check_client_access and check_sender_access are defined as some of the first in smtpd_recipient_restrictions.
We do this, so the e-mail is not caught by some of the other filters we have set.
Here is an sample output of the main.cf file.
/etc/postfix/main.cf smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, etc.... etc....
We will define the whitelist or blacklist with and OK or REJECT, followed by an optional answer text.
OK is allowed
REJECT is block
/etc/postfix/client_checks # Restricts which clients this system accepts SMTP connections from. example.com REJECT No spammers .example.com REJECT No spammers, from your subdomain 123.456.789.123 REJECT Your IP is spammer 123.456.789.0/24 REJECT Your IP range is spammer 321.987.654.321 OK
@example.com REJECT We don't want your email example2.com OK
When a change have been made to any of the files, remember to run postmap, for postfix lookup tables updates, and reload postfix.
#postmap /etc/postfix/client_checks #postmap /etc/postfix/sender_checks
#/etc/init.d/poexample1.com OK /etc/postfix/sender_checks # Restricts sender addresses this system accepts in MAIL FROM commands. example.com REJECT env. from addr any@example.com rejected .example.com REJECT env. from addr any@sub.example.com rejected userstfix reload
That was it, quite simple.
-------