LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 06-18-2008, 03:18 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
Block Emails on Postfix


Can anyone explain how I can place a filter or block list of email accounts I do not wish to be able to communicate with my email server? For example, I do not want anyone to be able to send and or receive email from *@aol.com using my MTA. Is there a way in Postfix I can block all SMTP traffic (in/out) to any or all AOL email accounts?
 
Old 06-18-2008, 03:32 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
You should be able to do this with the smtpd_recipient_restrictions in the main.cf configuration.

Might end up looking something like this in your conf:

Code:
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access regexp:/etc/postfix/unwanted_sender, reject_unauth_destination
Then you just put the domains in the unwanted_sender file. ?

Upon further readings though, this might only reject outgoing email. For incoming, I'd just use SpamAssassin to block unwanted emails.
 
Old 06-18-2008, 03:37 PM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
So w/o SA, there is no way to filter emails from any specific domain? I am testing this now now on my server to see if I can receive from Gmail and just not send and or both...

Right now I have the following in main.cf

Code:
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_client_access dbm:/etc/postfix/client_blacklist,
        check_recipient_access hash:/etc/postfix/access,
        check_sender_access hash:/etc/postfix/access,
        check_policy_service inet:127.0.0.1:12525,
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client multihop.dsbl.org,
        reject_rbl_client unconfirmed.dsbl.org,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client spam.dnsrbl.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client dun.dnsrbl.net,
        reject_rbl_client vox.schpider.com,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        permit
Do you know exactly where I should place this and also if I need to add it the same in "smtpd_sender_restrictions" in order for it to work both ways?

Last edited by carlosinfl; 06-18-2008 at 03:39 PM.
 
Old 06-18-2008, 03:43 PM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
For inbound email, add a check_sender_access to your smtpd_recipient_restrictions to create a blacklists for senders from domains or addresses you wish to block:

Code:
main.cf:
    smtpd_recipient_restrictions =
        ...
        check_sender_access hash:/etc/postfix/sender_checks
        permit_mynetworks
        reject_unauth_destination
        ...
        permit

sender_checks:
    #
    # WARNING - DO NOT PUT OKs IN HERE!! Creates Open Relay
    #
    aol\.com                     REJECT  We don't allow mail from AOL
    .aol\.com                    REJECT  We don't allow mail from AOL
Chose the map type and syntax that suits you (hash, regexp, pcre, etc.)

For outbound email, you can create an AOL-specific transport that sends to error:

Code:
main.cf:
   transport_maps = hash:/etc/postfix/transport

transport:
    aol.com     error:We do not allow sending to AOL

Last edited by Mr. C.; 06-18-2008 at 03:45 PM.
 
Old 06-18-2008, 04:07 PM   #5
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Mr. C - I have done the following:

Code:
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/access,
        check_sender_access hash:/etc/postfix/access,
        check_policy_service inet:127.0.0.1:12525,
        check_sender_access hash:/etc/postfix/sender_checks
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client multihop.dsbl.org,
        reject_rbl_client unconfirmed.dsbl.org,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client spam.dnsrbl.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client dun.dnsrbl.net,
        reject_rbl_client vox.schpider.com,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        permit
Now my question is when I create the file /etc/postfix/sender_checks, what do I need to do to make this a hash file? I don't think I need to postmap it, correct? I am still confused about the different types of files.

Thanks for any assistance!
 
Old 06-18-2008, 04:16 PM   #6
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Since you have the file listed as a hash file:

Code:
check_sender_access hash:/etc/postfix/sender_checks
you must postmap the file.

Postmap translates ASCII text files into a database format. This is required for hash, db, and dbm files, and any other file which is a "database" format. If you specify the files as regexp or pcre, you don't need to postmap, because the files are not database files, but are read directly.

If you are unsure of a table type, do a man on the table type, as in:

Code:
man cidr_table
man pcre_table
man regexp_table

Last edited by Mr. C.; 06-18-2008 at 04:19 PM.
 
Old 06-18-2008, 05:44 PM   #7
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
OK - Thanks for clearing that up for me. I was not sure when to use Postmap and when it is not needed...

So if I have a file called foo and foo.db and in my main.cf it is being called as regexp or pcre - then I don't need foo.db, correct? Is there a benefit to using one of the mentioned above? Seems like regexp would be preferred so you don't have to postmap anything when you make a change, right?
 
Old 06-18-2008, 05:50 PM   #8
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Right, with pcre/regexp, you just use the text file - no .db file required or used.

The choice of file types you use depends on what you are trying to do, and concerns about performance. Pcre is faster than regexp, so use pcre if you have pcre built in. Use hash's for longer lists, since db lookups are faster than long pcre or regexp lists. If you only have a few entires, the table choice doesn't matter much. Pick one that suits your needs.
 
Old 06-19-2008, 09:51 AM   #9
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by Mr. C. View Post
For outbound email, you can create an AOL-specific transport that sends to error:

Code:
main.cf:
   transport_maps = hash:/etc/postfix/transport

transport:
    aol.com     error:We do not allow sending to AOL
From above, does it matter where in the main.cf file I place the following?

Code:
transport_maps = hash:/etc/postfix/transport
I don't know if it matters but I sent it to the very last line on my main.cf file. Is that incorrect and does that need to go in a specific section like smtpd_sender_restrictions?
 
Old 06-19-2008, 12:50 PM   #10
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
No, it does not matter where in the file you place the settings.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to block some specific an emails using Postfix? angel115 Linux - Software 1 04-18-2008 04:52 PM
wildcard emails using postfix rezaan.marlie Linux - Newbie 3 05-17-2007 09:37 AM
qmail: how can I block emails which have no sender address? hamish Linux - Networking 0 08-16-2006 05:16 PM
Block emails which has no 'from email address' using qmail linuxharry Linux - Software 16 03-18-2005 10:11 AM
block/bounce emails using qmail enzo250gto Linux - Software 0 04-07-2004 03:31 AM


All times are GMT -5. The time now is 04:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration