Distroname and release: Debian Squeeze
Blacklist & Whitelist with PostfixIn this little howto, I will describe, howto configure whitelist and / or blacklist to your postfix installation.
There are two different parameters we can set in postfix, which acts differently.
Blocks by client IP, Client IP Range or Hostname
Block by sender e-mail address (In the FROM field)
#block by client IP, IP range, hostname
#block by sender e-mail address. (In the FROM field)
It is important that check_client_access and check_sender_access are defined as some of the first in smtpd_recipient_restrictions.
We do this, so the e-mail is not caught by some of the other filters we have set.
Here is an sample output of the main.cf file.
/etc/postfix/main.cf smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, etc.... etc....We will define the whitelist or blacklist with and OK or REJECT, followed by an optional answer text.
OK is allowed
REJECT is block
/etc/postfix/client_checks # Restricts which clients this system accepts SMTP connections from. example.com REJECT No spammers .example.com REJECT No spammers, from your subdomain 123.456.789.123 REJECT Your IP is spammer 123.456.789.0/24 REJECT Your IP range is spammer 321.987.654.321 OK example1.com OK /etc/postfix/sender_checks # Restricts sender addresses this system accepts in MAIL FROM commands. example.com REJECT env. from addr firstname.lastname@example.org rejected .example.com REJECT env. from addr email@example.com rejected firstname.lastname@example.org REJECT We don't want your email example2.com OKWhen a change have been made to any of the files, remember to run postmap, for postfix lookup tables updates, and reload postfix.
#postmap /etc/postfix/client_checks #postmap /etc/postfix/sender_checks #/etc/init.d/postfix reloadThat was it, quite simple.