Postfix Admins, Have a Restriction Question

C

Carlosinfl

Loves the juice
Joined
Sep 25, 2002
Messages
6,633
I run a very small environment email server which has maybe 200 mailboxes under one domain. Nothing crazy with virtual domains or anything being relayed. Just very basic Postfix MTA. I have tons of people on the server who insist on sending chain emails and forwarding the same stupid Internet non-sense over and over to 'Yahoo!, AOL, MSN/Hotmail, and Gmail'. At this point I feel are mail addresses are being harvested and exposed to spammers and would like to basically restrict all inbound and outbound SMTP traffic to specific domains I feel necessary based on logs and SMTP traffic. Can you tell me how I can achieve this in Postfix MTA? I assume I can create a block list of sorts in /etc/postfix/ and then add this somewhere in main.cf but I am looking for specifics if anyone can please help me out with options and or suggestions...

Thanks!
 
You could script a filter to quarantine that sort of junk mail. Another approach (a heavy-handed one) is to firewall the SMTP traffic to and from the offending IPs. Yet another way to deal with outbound junk is to tweak your local DNS to return an unroutable IP for those domains. Messing about with DNS has side effects, though it's not a big deal if you enjoy annoying your users ;) Firewalling the incoming traffic has the advantage of reducing the spam-induced load on the mail server.

Personally, I like the filter approach for its flexibility.
 
To do this inside of Postfix create a recipient_access file in /etc/postfix then add the following:

smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/recipient_access

Inside the recipient access file you can add email addresses or whole domains to allow through. Look at the access man page for more info. However, bear in mind that any recipient checks that are listed after the recipient_access check in smtpd_recipient_restrictions will be bypassed if the recipient_access check results in a "OK." So if you have anything else under the smtpd_recipient_restrictions section I would put the recipient_access check portion at the bottom.

Once you've created the recipient_access file, run postmap /etc/postfix/recipient_access and postfix reload.
 
You must log in or register to reply here.
Back
Top