Block sender e-mail address in Postfix

Good day,
I use an ISP Config Postfix mail server. How do a block a specific spammer's e-mail address or domain to not be able to send mails through this server?  

I read through forums and tried the following. I've added this line in the main.cf file:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/rbl_blacklist

And I've added the following line in the rbl_blacklist file:

grv.co.za REJECT

This domain can still send mail / spam through my server.
LVL 1
Pieter LateganNetwork AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
It is tougher than it looks to do this.

Postfix authenticates based on the contents of the HELO / EHLO and the MAIL FROM fields.  This would be fine if the contents of those fields are truthful, but they don't have to be, and Postfix doesn't reverse authenticate them for various good reasons -- see next para.

Suppose a spammer is sitting on a rented server from bogus-servers.com.  His domain is spammer.org, and the DNS for spammer.org points to his rented server.  Reverse DNS lookup on his IP address will resolve to his server provider's domain, not to him.  And this is true for many, many legitimate systems.  It is also common for a system to authenticate with "smtp.somewhere.com" and find the RDNS is actually something like "smtp-outgoing-3.somewhere.com."  Should that email be rejected because the RDNS does not match?  Probably not.

Now here comes the spammer to our mail server.  He says HELO bucknaked.com.  That's not who he is, but Postfix, not having done a DNS or RDNS lookup, assumes that bucknaked.com is a valid domain sitting on that IP address and says OK.

The spammer follows up with MAIL FROM: spambuddy@fiddlesticks.org.  That's not who he is either, but Postfix is happy to receive it.

In neither case did the spammer provide valid information, but Postfix received the mail anyway.

Doing HELO and MAIL FROM inspection in Postfix with the sender_checks file and access_helo files catches the dull, pedestrian spammers.  But the only way to be 100% sure that no unwanted email comes in is to look at the offender's IP address in the Postfix log and block it.
arnoldCommented:
Look at your mynetwork definition these will define who can send through your server meaning relay a message not destined to a donain your server services.

Did you run the postconf to hash the rbl_blacklist?
rbl_blacklist.db?

Postfix has a test query where you can test your entry would work as you expect.
Dr. KlahnPrincipal Software EngineerCommented:
Side note:  This is (a part of) how I have my Postfix configured.

smtpd_sender_restrictions =
  permit_mynetworks,
  check_sender_access regexp:/etc/postfix/sender_checks,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit

Open in new window


Note that check_sender_access is a regexp, not a hashed file.  This is simpler to maintain.  There's no need to re-hash the file on a change.  Just restart Postfix to load the new sender_checks.

And the contents of sender_checks:

#
#       Postfix configuration file for MAIL FROM: checking
#

# REJECTIONS BLACKLIST

/^$/                                    550 Missing sender

# Disreputable TLDs

/\.internal$/                           550 Disreputable TLD
/\.stream$/                             550 Disreputable TLD
/\.top$/                                550 Disreputable TLD
/\.vip$/                                550 Disreputable TLD

# Disreputable domains

/instagram\.com$/                       550 Instagram is blacklisted.  Send from another site.
/jsheltonlaw\.com$/                     550 Blacklisted spammer
/mailfinder\.com$/                      550 Spammer
/reachforce\.com$/                      550 Spammer
/redbox\.com$/                          550 Spammer
/springcreekbarbeque\.com$/             550 Spammer

# Specific senders

/sharingservices@aol\.com$/             550 Spammer
/emkoser@gmail\.com$/                   550 Spammer
/mwd@cgsarchiving\.com$/                  550 Spammer
/standardloans@financier\.com$/           550 Spammer
/floodservice@jabme.de$/                        550 Spammer
/test@live\.com$/                         550 Spammer
/info@maxtren\.com$/                      550 Spammer
/test@megapath.net$/                    550 Spammer
/security@review.org$/                  550 Spammer

Open in new window


But blocking using iptables is the only sure fix.  And it keeps the logs clean.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
Iptables blocks IPs, it can not block domains.

The postfix sender is the default and is likely what the setup is.
The question deals with dynamically adding senders to be blocked from sending to their recipients, the hash, type table is useful, the reject might not be the right option, try deny

Check the mechanism and entry to see whether it behaves as you expect
.domain
*@domain might be more apt.
Try adding rbl checks that would reject senders based on their ip origin see mxtoolbox.com/blacklists
There are several there that you can use since the domain used in spam mailings are different and relying that all spam is from a domain is in correct.
You could look at using a milter that will be using spamassassin to check the incoming message is not likely spam before accepting/the message into its queue for delivery to local user.
Be cautious as a milter applies to every incoming message.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.