Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Guys who manage Postfix servers, what do you recommend is the best way to refuse all incoming and outgoing mail to specific domains? I want a blacklist of domains such as:
- AOL
- Yahoo
- MSN
- Hotmail
- Gmail
Is there a proper way I can tell Postfix to please deny sending and receiving SMTP traffic to and from those specific domains I specify? I see no need in my corp. mail server has to communicate in any way to those. I allow access to all those accounts via port 80/443 so they can just login to the web and send non business related junk this way.
Anyone know a preferred way to accomplish this in Postfix?
Are you sure you want to prevent your mail server from talkint to other mail servers like Gmail, Yahoo! etc? You do understand that if you do this, the corp. mail server will not be able to recive any mail from these addresses or send mail to these addresses? So if an individual with an AOL account needs to email your business to request services etc, they will get a bounce back email and unless you are watching the mail logs closely, you would never know.
If you truly do want to restrict the sending and receving of email from domains such as these, I will help, but I want you to understand that you can potentially miss important emails using this approach.
Once this has been added to the main.cf, you need to create the /etc/postfix/access file and put entries in it like this:
Code:
aol.com REJECT
yahoo.com REJECT
msn.com REJECT
So on and so forth until all the domains have been entered. Once you have created this file and the permissions are correct run the following command:
Code:
postmap hash:/etc/mail/access
and finally restart postfix.
This will prevent the offending domains from sending you mail and your users from sending mail to those domains.
**NOTE**I have used smtpd_sender_restrictions in past configurations, I have not used reject_unauth_destination, and based that portion of this reply on what I read on the postfix site. You may want to impliment each one seperately and test.
If you truly do want to restrict the sending and receving of email from domains such as these, I will help, but I want you to understand that you can potentially miss important emails using this approach.
Thanks,
~Art
Art - Thanks for that reply. I am 100% sure I want to block users sending and receiving email from those specific domains. This is a company email server and there is really not reason I can see from the past year in logs that anyone on my LAN should be sending email to and from those domains. I allow everyone to access those sites and they can login and check their own personal email on their own time.
Quote:
Originally Posted by aenright
**NOTE**I have used smtpd_sender_restrictions in past configurations, I have not used reject_unauth_destination, and based that portion of this reply on what I read on the postfix site. You may want to implement each one seperately and test.
So from that statement above, I am assuming that smtpd_sender_restrictions = ability to send email from my mail server and that reject_unauth_destination is the blocking incoming email from the outside world, right?
Sorry for the late response. No, the smtpd_sender_restrictions prevents mail from the list of domains from being received by postfix, where as the reject_unauth_destination would prevent users from sending mail to those domains. Also, if the reject_unauth_destination hash did not work, you could even use iptables to restrict outbound mail traffic to those domains. You might also be able to come up with an outbound milter/mail rule that relies on regular expressions.
Once you have created this file and the permissions are correct run the following command:
Code:
postmap hash:/etc/mail/access
and finally restart postfix.
I am confused here. If I created /etc/postfix/access, why am I running postmap command on /etc/mail/access? Was that a typo or should I proceed with that following command as you noted in your post?
Yes, you run the command to create the database hash. The access file is human readable and when you run the postmap command it will create a hashed database that postfix can read when it starts up. In the future, if you add additional lines to the access file, you will need to run the postmap command on the file again to re-hash the database that postfix reads.
This was really helpful to me, but if i wanna block the domains for everybody but a group?, for example 10 users, with Hotmail blocked, i apply this config and everything goes nice, but 3 of them need to receive something from Hotmail, what should i do?, what should i do with the users because i´ve been reading about ACL´s in Postfix but can´t find the way to put togheter the Domains block ACL and the users ACL.
Please if you can help me it would be really nice, i´m in a big hurry!!!
Last edited by where21084; 08-21-2009 at 04:54 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
