Postfix blacklist

crxssi · 11-15-2006, 10:19 AM

Using Mandriva 2006 + Postfix + RBL + Postgrey.

We have just about everything we want, with one exception- I have no way to easily add an IP address (or range) or domain to manually blacklist.

Yes, you can do it with complex tables and hashes that have to be rebuilt every time you want to add or change something in it. But isn't there a way I can have either Postfix or Postgrey just look in a plain text file for a list of banned IP's/names without having to rebuild a hash table every time (and sometimes even reloading Postfix)?

Thanks for any ideas!

gani · 11-16-2006, 06:34 AM

Add amvisd-new and SpamAssassin and tell amavisd-new to use SA as well.

In SA's local.cf you can add a blacklist like this:

blacklist_from *@domain.com

Using amavisd-new, you can as well use clamav to scan mails against viruses/worms, not just spam.

http://www.ijs.si/software/amavisd

To install amavisd-new, read and follow INSTALL text file after you have unpacked the tar ball or refer to their page. Or through this howto.

http://www.postfixvirtual.net/postfi...tml#amavisdnew

crxssi · 11-16-2006, 05:50 PM

Thanks for the suggestion, although we don't really want to install/configure/test/run SpamAssassin at this time (since we are not interested in that type of filtering... yet).

Child of Wonder · 11-17-2006, 09:01 AM

Here's a very simple script that can do what you want.

Quote:

nano /usr/local/bin/addblacklistedip

Quote:

#!/bin/sh

echo -e "$1\tREJECT" >> /etc/postfix/client_access
postmap /etc/postfix/client_access

Then make it executable:

Quote:

chmod +x /usr/local/bin/addblacklistedip

Then make sure you have "check_client_access hash:/etc/postfix/client_access" in your "smtpd_client_restrictions" section (or any section) in /etc/postfix/main.cf.

Quote:

postfix reload

All you need to do is type "addblacklistedip x.x.x.x" and hit enter. In fact, you can name the script anything you want. "blacklist" "badip" etc. It will append the IP with REJECT in your client_access file and postmap it. This will stop the IP from connecting to Postfix.

crxssi · 02-14-2009, 10:11 AM

Thanks, "Child of Wonder". I seem to have gotten distracted and never tried your suggestion. I implemented it yesterday and it works great.

First thing to go in the blacklist was:

constantcontact.com

They will no longer CONSTANTLY CONTACT my users

oranges · 09-22-2009, 03:45 PM

will this also work if I blacklist a subnet? x.x.x.0/24?

TIA!

crxssi · 09-22-2009, 05:13 PM

Quote:

Originally Posted by oranges

will this also work if I blacklist a subnet? x.x.x.0/24? TIA!

Not sure on that. I have only blocked DNS things like this:

.XXX
XXXX.XXX
XXX@XXXX.XXX

Using the blacklist has been a *HUGE* success. Especially blocking entire countries like .pl .ru .cn

I just add something to the /etc/postfix/blacklist file and run postmap on it. Done!

sasykes · 09-23-2009, 02:34 PM

Great info. Finally got around to blacklisting some annoying email addresses.

Thanks for the script.

EDIT: Actually, I had to change the postfix main.cf line to...

Quote:

smtpd_client_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, permit

and now all is well.