block mails from a particular country in postfix

Vijay Kumar Gajula
Vijay Kumar Gajula used Ask the Experts™
on
Is there any possibility to block mails from country wise in Postfix.  for Example I need to block all mails coming from China. Please let me know the process.

Thanks,
Vijay.G
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Tim EdwardsIT Team Lead - Unified Communications & Collaboration

Commented:
Please take a look here, they were able to get this completed with Postfix:

http://freesoftware.zona-m.net/how-to-reject-spam-from-certain-countries-if-you-must-really-really-do-it/
Kent WSr. Network / Systems Admin

Commented:
The most straightforward way is blocking the /8 IP block of the associated country, via iptables.
The list of IPv4 is here - http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
Ipv6 is here - https://www.iana.org/assignments/bgp-extended-communities/bgp-extended-communities.xhtml#non-trans-ipv6

Regardless of your postfix config, if you block via iptables rules, they won't be able to get mail or any other packets to your server...like bruteforce, etc.
Distinguished Expert 2017
Commented:
http://www.postfix.org/addon.html has references to enhance functionality.
Blocking by firewall could lead to dos since there is a resource for blocking and attempts will be retried ..
Using rbl that will mimic an SMTP session and issue a permanent error when the recipient is identified in the SMTP session.

Rbl, you would use an internally created ..........
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Natty GregIn Theory (IT)

Commented:
Use PFblocker

Author

Commented:
is PFblocker is open source? can we install it in my mail server which is UBUNTU back-end. If So Please let me know the procedure.
Thanks
Natty GregIn Theory (IT)

Commented:
Yes PFblocker is open source, however it only installs on PFsense from what I know and found. So maybe use PFsense as your firewall then you'll have all this functionality

Author

Commented:
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial