As a followup on my blog regarding Mailscanner as your mailrelay for your Domino environment ( link ), this article describes how to block more spam using postfix on your Linux server.
More and more, my mailbox is full of garbage from spammers. Now it’s time to block them…at least try harder to block those mail.
Add these lines into /etc/postfix/main.cf
To reject email when the HELO/EHLO hostname has neither DNS A record nor MX record, use:
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
To restrict senders use:
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/sender_access
Edit and deploy /etc/postfix/sender_access:
Add these lines ( put your won configuration inside it )
# ADDRESS PATTERNS # ACTION sender@example.com 550 Blacklisted domain.com REJECT user@ REJECT
Now build the database for postfix:
postmap /etc/postfix/sender_access
It will create the file /etc/postfix/server_access.db
Add the following lines. It will reject email if the domain name of the address supplied with the MAIL FROM command has neither MX record nor A record.
smtpd_sender_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_reverse_client_hostname
reject_unknown_sender_domain
reject_unknown_client_hostname
Don’t be an open relay:
smtpd_relay_restrictions =
permit_mynetworks permit_sasl_authenticated defer_unauth_destination
Now restart postfix: systemctl restart postfix
Visits: 393
Hi,
I have done what you have stated under:
Edit and deploy /etc/postfix/sender_access:
and done all else. And it seems like it was working for a while, but SPAM from these blocked
Domains is getting throught again!
So what do we need to do to firmly Block given Domains on Postfix?
Regards,
Hi,
in order to block entire domains you have to setup the following configuration, like i mentioned in the article:
Create a new file, or edit the one already in place:
vi /etc/postfix/sender_accessAdd your domains, you want to block, inside this file:
domain.com REJECTotherdomain.com REJECT
After you did this, enter the following command to enable the config for postfix:
postmap /etc/postfix/sender_accessNow we have to tell postfix to use this file (maybe already in place):
vi /etc/postfix/main.cfsmtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_accessNow everything is in place we have to restart postfix:
symstemctl restart postfixThe Domains what are coming thru again, what is the log telling you about it?