LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-20-2008, 11:17 AM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,900

Rep: Reputation: 73
How To Block Domains (Postfix)


Guys who manage Postfix servers, what do you recommend is the best way to refuse all incoming and outgoing mail to specific domains? I want a blacklist of domains such as:

- AOL
- Yahoo
- MSN
- Hotmail
- Gmail

Is there a proper way I can tell Postfix to please deny sending and receiving SMTP traffic to and from those specific domains I specify? I see no need in my corp. mail server has to communicate in any way to those. I allow access to all those accounts via port 80/443 so they can just login to the web and send non business related junk this way.

Anyone know a preferred way to accomplish this in Postfix?
 
Old 11-20-2008, 02:07 PM   #2
aenright
Member
 
Registered: May 2005
Location: San Antonio, TX
Distribution: CentOS/Fedora/RHEL/FreeBSD/HPUX/Solaris
Posts: 46

Rep: Reputation: 16
Are you sure you want to do this?

Hello Carlwill,

Are you sure you want to prevent your mail server from talkint to other mail servers like Gmail, Yahoo! etc? You do understand that if you do this, the corp. mail server will not be able to recive any mail from these addresses or send mail to these addresses? So if an individual with an AOL account needs to email your business to request services etc, they will get a bounce back email and unless you are watching the mail logs closely, you would never know.

If you truly do want to restrict the sending and receving of email from domains such as these, I will help, but I want you to understand that you can potentially miss important emails using this approach.

Thanks,
~Art
 
Old 11-20-2008, 03:05 PM   #3
aenright
Member
 
Registered: May 2005
Location: San Antonio, TX
Distribution: CentOS/Fedora/RHEL/FreeBSD/HPUX/Solaris
Posts: 46

Rep: Reputation: 16
If you are sure...

So, if you are sure you want to block all mail to/from the list of domains, you can add the following directive to your postfix main.cf file:

Code:
smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/access
Once this has been added to the main.cf, you need to create the /etc/postfix/access file and put entries in it like this:

Code:
aol.com     REJECT
yahoo.com   REJECT
msn.com     REJECT
So on and so forth until all the domains have been entered. Once you have created this file and the permissions are correct run the following command:

Code:
postmap hash:/etc/mail/access
and finally restart postfix.

This will prevent the offending domains from sending you mail and your users from sending mail to those domains.

**NOTE**I have used smtpd_sender_restrictions in past configurations, I have not used reject_unauth_destination, and based that portion of this reply on what I read on the postfix site. You may want to impliment each one seperately and test.

Best of luck,
~Art
 
Old 11-20-2008, 05:48 PM   #4
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,900

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by aenright View Post
Hello Carlwill,

If you truly do want to restrict the sending and receving of email from domains such as these, I will help, but I want you to understand that you can potentially miss important emails using this approach.

Thanks,
~Art
Art - Thanks for that reply. I am 100% sure I want to block users sending and receiving email from those specific domains. This is a company email server and there is really not reason I can see from the past year in logs that anyone on my LAN should be sending email to and from those domains. I allow everyone to access those sites and they can login and check their own personal email on their own time.

Quote:
Originally Posted by aenright View Post

**NOTE**I have used smtpd_sender_restrictions in past configurations, I have not used reject_unauth_destination, and based that portion of this reply on what I read on the postfix site. You may want to implement each one seperately and test.
So from that statement above, I am assuming that smtpd_sender_restrictions = ability to send email from my mail server and that reject_unauth_destination is the blocking incoming email from the outside world, right?
 
Old 11-21-2008, 09:30 AM   #5
aenright
Member
 
Registered: May 2005
Location: San Antonio, TX
Distribution: CentOS/Fedora/RHEL/FreeBSD/HPUX/Solaris
Posts: 46

Rep: Reputation: 16
Hello Carlwill,

Sorry for the late response. No, the smtpd_sender_restrictions prevents mail from the list of domains from being received by postfix, where as the reject_unauth_destination would prevent users from sending mail to those domains. Also, if the reject_unauth_destination hash did not work, you could even use iptables to restrict outbound mail traffic to those domains. You might also be able to come up with an outbound milter/mail rule that relies on regular expressions.

Hope this helps,
~Art
 
1 members found this post helpful.
Old 11-21-2008, 01:16 PM   #6
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,900

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by aenright View Post
Once you have created this file and the permissions are correct run the following command:

Code:
postmap hash:/etc/mail/access
and finally restart postfix.
I am confused here. If I created /etc/postfix/access, why am I running postmap command on /etc/mail/access? Was that a typo or should I proceed with that following command as you noted in your post?

Thanks for clarification!
 
Old 11-21-2008, 03:44 PM   #7
aenright
Member
 
Registered: May 2005
Location: San Antonio, TX
Distribution: CentOS/Fedora/RHEL/FreeBSD/HPUX/Solaris
Posts: 46

Rep: Reputation: 16
Cool

Yes, you run the command to create the database hash. The access file is human readable and when you run the postmap command it will create a hashed database that postfix can read when it starts up. In the future, if you add additional lines to the access file, you will need to run the postmap command on the file again to re-hash the database that postfix reads.

Thanks,
~Art
 
Old 08-21-2009, 04:52 PM   #8
where21084
LQ Newbie
 
Registered: Aug 2009
Posts: 2

Rep: Reputation: 0
This blocks everythin but....

Good afternoon

This was really helpful to me, but if i wanna block the domains for everybody but a group?, for example 10 users, with Hotmail blocked, i apply this config and everything goes nice, but 3 of them need to receive something from Hotmail, what should i do?, what should i do with the users because ive been reading about ACLs in Postfix but cant find the way to put togheter the Domains block ACL and the users ACL.

Please if you can help me it would be really nice, im in a big hurry!!!

Last edited by where21084; 08-21-2009 at 04:54 PM.
 
Old 11-29-2013, 11:40 PM   #9
studyete
Member
 
Registered: Feb 2013
Posts: 35

Rep: Reputation: Disabled
Sorry for reopening old thread. I have configured postfix in debian. When I tried to apply above settings to block domain. I got the following error.

Code:
postmap: fatal: open /etc/mail/access: No such file or directory
Code:
Note that I have created file in /etc/postfix/access
than run the following command

Code:
postconf -e smtpd_sender_restrictions = hash:/etc/postfix/access
postconf -e reject_unauth_destination = hash:/etc/postfix/access
After restarting postfix. got the following warnings.

Code:
postconf: warning: /etc/postfix/main.cf: unused parameter: reject_unauth_destination=hash:/etc/postfix/access
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: reject_unauth_destination=hash:/etc/postfix/access
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - how do hosted domains download their mail from my postfix franschoek Linux - Software 1 04-01-2006 09:41 PM
Rejecting domains with Postfix... CRCool75 Linux - Networking 4 03-09-2006 07:42 AM
Postfix and virtual domains nvargas Linux - Software 6 03-12-2004 02:35 PM
managing different domains with postfix jules_fraser Linux - Networking 1 12-22-2003 11:07 PM
Postfix and multiple domains MasterC Linux - Networking 4 07-16-2003 01:19 PM


All times are GMT -5. The time now is 02:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration