Postfix blacklist or reject an email address

by on July 4, 2007 · 26 comments· LAST UPDATED November 6, 2007

in , ,

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 26 comments… read them below or add one }

1 Jules November 5, 2007 at 2:56 pm

Thanks! Very helpful.

Ony one slight error: The main.cf line should read:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

Reply

2 nixCraft November 6, 2007 at 7:15 am

Thanks for the heads up!

Reply

3 neotexan January 21, 2008 at 5:09 pm

Please correct to:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Using the given line, the mail server will not accept communication…yet shows to be running.

Test with ‘telnet localhost 25′

Normally, you should get a response such as:
220 {yourmailserverFQDN} ESMTP Postfix

Reply

4 neotexan January 21, 2008 at 5:13 pm

While not stated above, this should work for whitelisting senders as well. Ideal when you don’t want to whitelist someone’s misconfigured exchange server.

Reply

5 Mihir May 5, 2008 at 12:13 pm

I am not able to start internet from RHEL 5
please help me out!!!
plz give step by step instructions

Reply

6 Jacki March 8, 2009 at 1:55 pm

Hey still have problem ? please fixed it. Other wise newbie may be confused?

Reply

7 nixCraft March 8, 2009 at 4:57 pm

@Jacki,

Do you see any problem with configuration?

Reply

8 Jacki March 9, 2009 at 2:38 pm

yes I followed your tips.

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

Should be….
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Thanks

Reply

9 Tom March 9, 2009 at 9:00 pm

Thanks for your tips.
I think Jacki have wrong. It’s well smtpd_recipient_restrictions.
(excuse my english i am from France)
Bye

Reply

10 Jacki March 11, 2009 at 3:19 pm

@Tom

Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.

/etc/postfix/main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/sender_access
unverified_sender_reject_code = 550
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250

# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify

/etc/postfix/sender_access:
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
... etcetera ...


/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
...
reject_unknown_recipient_domain
reject_unverified_recipient
...
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed

Reply

11 John December 11, 2009 at 1:29 am

Could this be used as a method of blocking mail sent to a valid user, but with a bogus TO address?

Reply

12 Nick February 5, 2010 at 3:13 pm

Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Thanks for this tutorial! Besides this minor frustration, GREAT article.

Reply

13 krish May 8, 2010 at 5:40 am

Respected Sir,
Please help me regarding smtp sender mails block. I need to block some users should not send mails to other domain but they get receipt mail from other domain also they send same domain to each others.

Thanks
krish

Reply

14 Manish July 17, 2010 at 10:21 pm

Hi

I would like to block mails coming from all domains and and allow only those mails from the domains which are whitelisted.
If I use
blacklist_from *@* all the domains are marked as SPAM and even the whitelist domains are also makred as spam. How can I place a rule for blocking all other domains editing the /etc/mail/spamassassin/local.cf and or with .procmailrc file. Any suggestion or help would be appreciated.

Thank you
Manish

Reply

15 Davo December 12, 2011 at 11:37 am

Does anyone know of a way to blacklist a sender address that works?

Reply

16 prl77 August 23, 2012 at 7:22 pm

In main.cf, the smtpd_sender_restrictions directive *requires* one of four possible options at the end, otherwise postfix will not accept any mail at all. I think this guide should include this because I followed it verbatim and broke postfix, just like neotexan pointed out above in his comment on January 21, 2008 at 5:09 pm.

See here: http://www.postfix.org/postconf.5.html

IMPORTANT: If you change this parameter setting, you must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:
reject, defer, defer_if_permit, reject_unauth_destination

Reply

17 danduz September 4, 2012 at 3:42 am

hi all,

after that i run the following command like below:

cobu.email@gmail.com REJECT
# postmap hash:sender_access
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
# /etc/init.d/postfix restart

i still can send email from cobu.email@gmail.com to my account on postfix mail server.
did i missing something ?
did anyone can help me ?

Regards,
danduz

Reply

18 Fasil October 2, 2012 at 8:52 pm

Thanks for this nice post. Keep up the good work :)

Reply

19 Marios December 10, 2012 at 9:42 am

What about having the allowed senders in a MySQL database instead of a file ?

Reply

20 Karl February 15, 2013 at 12:32 pm

Hi,

I would like to configure my postfix to block all unknown sender and allow the known sender to send email, can i use this parameter below ?????

*****************************************************************
# vi sender_access
all@abadboy.com PERMIT
all@abadboy.com REJECT
*****************************************************************

Reply

21 Karl February 15, 2013 at 12:34 pm

Sorry for my first post.. correction below..

*****************************************************************
# vi sender_access
all@aGOODboy.com PERMIT
all@aBADboy.com REJECT
*****************************************************************

Reply

22 Kiruba May 14, 2013 at 5:04 am

Hi,

i wants to accept mail from blocked users and discard mail in Postfix server itself with out any bounce back.

Pls give some tips ASAP…………

Reply

23 Ojay May 25, 2013 at 11:32 pm

@dnaduz you may have fixed it, however it could be that you need to move the rule up the line….that worked for me!

Reply

24 Doesn't work October 25, 2013 at 4:07 am

It doesn’t work am still getting emails from an address I blocked :(

Reply

25 shahzaibcb December 29, 2013 at 11:31 am

I want to discard any email that is recieved on my domain account i.e anonymous@mydomain.com using postfix. Can you guide me regarding it ?

Reply

26 Sam June 16, 2014 at 5:21 pm

Hi,

I have MySQL table listing allowed sender email addresses. I like to receive emails only from allowed people. Can I do this using MySQL instead of file? Also, I like to collect email address of sender who sent email, but wasn’t allowed so I can send him/her custom auto reply. Any way to do this?

Thanks

Reply

Leave a Comment

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: