Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.
A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.
Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access
Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart
You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart
spamassassin will marke mail as SPAM instead of rejecting the same.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 11/6/07
{ 12 comments… read them below or add one }
Thanks! Very helpful.
Ony one slight error: The main.cf line should read:
Thanks for the heads up!
Please correct to:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
Using the given line, the mail server will not accept communication…yet shows to be running.
Test with ‘telnet localhost 25′
Normally, you should get a response such as:
220 {yourmailserverFQDN} ESMTP Postfix
While not stated above, this should work for whitelisting senders as well. Ideal when you don’t want to whitelist someone’s misconfigured exchange server.
I am not able to start internet from RHEL 5
please help me out!!!
plz give step by step instructions
Hey still have problem ? please fixed it. Other wise newbie may be confused?
@Jacki,
Do you see any problem with configuration?
yes I followed your tips.
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_accessShould be….
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_accessThanks
Thanks for your tips.
I think Jacki have wrong. It’s well smtpd_recipient_restrictions.
(excuse my english i am from France)
Bye
@Tom
Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.
/etc/postfix/main.cf:smtpd_sender_restrictions = hash:/etc/postfix/sender_access
unverified_sender_reject_code = 550
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify
/etc/postfix/sender_access:
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
... etcetera ...
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
...
reject_unknown_recipient_domain
reject_unverified_recipient
...
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed
Could this be used as a method of blocking mail sent to a valid user, but with a bogus TO address?
Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_accessThanks for this tutorial! Besides this minor frustration, GREAT article.