Postfix outgoing email blacklist

Yaniv-Fer · 02-07-2011, 03:35 AM

Hello,

i have a postfix system that sends allot of emails to customers and web site visitors.
allot of visitors just enter an invalid email in the WEB form just to download some files or do other tasks.

is it possible to BLACKLIST specific email addresses so the system does not send to those addresses?

i can grep from the postfix mail log all those fake emails and place them somewhere....

thanks for any help

-- Yaniv

Noway2 · 02-07-2011, 04:45 AM

Quote:

allot of visitors just enter an invalid email in the WEB form just to download some files or do other tasks.

Does this surprise you? Perhaps you should consider a different system where the user has a choice of opting in after they have seen the content you have to offer. I even go as far as to keep a special email address that is just this side of /dev/null specifically for this purpose. Not surprisingly, it gets orders of magnitude more true SPAM for Viagra and other products to "make my dinger bigger" than my 'real' mailboxes. I am not saying that YOU are abusing their email address, but this practice IS abused SO MUCH that you are being treated as a criminal as a byproduct.

Quote:

is it possible to BLACKLIST specific email addresses so the system does not send to those addresses? I can grep from the postfix mail log all those fake emails and place them somewhere

Yes, in fact I think that there is an easy an elegant solution for you. Postfix supports filtering on any of several parameters, including recipient and sender - email address or whole domains. To use it, you have to put the addresses in a list, which you can do with grep (or sed if you need more functionality) and then run postmap on the list to create a database hash table for postfix. You then add this hashed list to an entry in main.cf and postfix should discard the messages based upon this list.

I think that this is the section of the Postfix how-to documentation that best describes what you are after. The Postfix documentation is extensive, so you might want to browse around and experiment with the different restriction classes and capabilities.

Yaniv-Fer · 02-07-2011, 05:08 AM

ok found some solution that i have to test

create a file at /etc/postfix/recipient

with a list inside

user@a.com REJECT
user@b.com REJECT

and add smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient,..... to the main.cf file

i have to test it and update here.

Yaniv-Fer · 02-07-2011, 08:51 AM

it works :-)

at the moment i already have almost 1000 new entries in the file /etc/postfix/recipient

i am wondering what is the limit that is supported? or when do i start to get performance issues....

would it be possible to use a mysql DB for this?

thanks
Yaniv

Noway2 · 02-07-2011, 10:01 AM

I don't see any reason you shouldn't be able to use a MySQL database as Postfix supports them too. The syntax is as follows:

Code:

 smtpd_recipient_restrictions = proxy:mysql:$config_directory/smtpd_recipient_restrictions_maps.cf

There is nothing magical about the names and you can change them to whatever works for you. I have $config_directory set to /etc/postfix which is where I keep my mysql mapping files. Then in the map file you need the following:

Code:

user = <database user name>
password = <database user password>
dbname = <database name>
table = <the table>
select_field = as needed
where_field = as needed

senthilvael · 05-22-2012, 01:35 AM

Hi,
I am trying to implement exactly the same. I added the following line in the main.cf file.

Code:

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access

My "/etc/postfix/recipient_access" contains,

Code:

badmail@gmail.com   REJECT

after that i run the following command

Code:

postmap hash:/etc/postfix/recipient_access

Then I restart the postfix. But still I am able to send email to "badmail@gmail.com". Am I missing anything? Can you please help me?

Regards,
S.Senthilvel.

Quote:

Originally Posted by Yaniv-Fer

ok found some solution that i have to test

create a file at /etc/postfix/recipient

with a list inside

user@a.com REJECT
user@b.com REJECT

and add smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient,..... to the main.cf file

i have to test it and update here.

Noway2 · 05-22-2012, 04:32 AM

What does your smtpd_recipient_restrictions block look like. You should certainly have more than that one line and the order of the checks is important. In your case it appears that a rule above this check is permitting the sending access. I would also look in your mail log to verify that the recipient address isn't getting mangled too.

From what I can tell from the Postfix documentation, you are using the correct paramater.

Quote:

smtpd_recipient_restrictions: The access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
check_recipient_access: Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.

BtW, I have also used the report function to ask the moderators to trim these posts and place them in a thread of their own rather than appending to an older thread. This will allow your question to better get the attention it deserves.

senthilvael · 05-22-2012, 07:41 AM

Hi,
Sorry for using the old thread. My smtpd_recipient_restrictions line is like as follows.

Code:

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination

Also found the problem. After making the changes, I tried testing with sendmail command. But the above settings will work only for RCPT method. So while trying to send email via telnet (telnet localhost 25; ehlo doamin... .. ) it worked fine. Thanks a lot for helping.

Regards,
S.Senthilvel.