Postfix blacklist or reject an email address

by Vivek Gite · 12 comments

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 12 comments… read them below or add one }

1 Jules 11.05.07 at 2:56 pm

Thanks! Very helpful.

Ony one slight error: The main.cf line should read:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

2 vivek 11.06.07 at 7:15 am

Thanks for the heads up!

3 neotexan 01.21.08 at 5:09 pm

Please correct to:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Using the given line, the mail server will not accept communication…yet shows to be running.

Test with ‘telnet localhost 25′

Normally, you should get a response such as:
220 {yourmailserverFQDN} ESMTP Postfix

4 neotexan 01.21.08 at 5:13 pm

While not stated above, this should work for whitelisting senders as well. Ideal when you don’t want to whitelist someone’s misconfigured exchange server.

5 Mihir 05.05.08 at 12:13 pm

I am not able to start internet from RHEL 5
please help me out!!!
plz give step by step instructions

6 Jacki 03.08.09 at 1:55 pm

Hey still have problem ? please fixed it. Other wise newbie may be confused?

7 Vivek Gite 03.08.09 at 4:57 pm

@Jacki,

Do you see any problem with configuration?

8 Jacki 03.09.09 at 2:38 pm

yes I followed your tips.

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

Should be….
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Thanks

9 Tom 03.09.09 at 9:00 pm

Thanks for your tips.
I think Jacki have wrong. It’s well smtpd_recipient_restrictions.
(excuse my english i am from France)
Bye

10 Jacki 03.11.09 at 3:19 pm

@Tom

Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.

/etc/postfix/main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/sender_access
unverified_sender_reject_code = 550
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250

# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify

/etc/postfix/sender_access:
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
... etcetera ...


/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
...
reject_unknown_recipient_domain
reject_unverified_recipient
...
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed

11 John 12.11.09 at 1:29 am

Could this be used as a method of blocking mail sent to a valid user, but with a bogus TO address?

12 Nick 02.05.10 at 3:13 pm

Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Thanks for this tutorial! Besides this minor frustration, GREAT article.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous FAQ:

Next FAQ:

nixCraft FAQ PDF Collection Now Available To All