Postfix blacklist or reject an email address

Posted on in Categories , , last updated November 6, 2007

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: [email protected] . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
[email protected] REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from [email protected]
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

28 comment

  1. Please correct to:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Using the given line, the mail server will not accept communication…yet shows to be running.

    Test with ‘telnet localhost 25’

    Normally, you should get a response such as:
    220 {yourmailserverFQDN} ESMTP Postfix

  2. yes I followed your tips.

    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Should be….
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks

  3. @Tom

    Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.

    /etc/postfix/main.cf:
    smtpd_sender_restrictions = hash:/etc/postfix/sender_access
    unverified_sender_reject_code = 550
    # Postfix 2.6 and later.
    # unverified_sender_defer_code = 250

    # Note 1: Be sure to read the "Caching" section below!
    # Note 2: Avoid hash files here. Use btree instead.
    address_verify_map = btree:/var/lib/postfix/verify

    /etc/postfix/sender_access:
    aol.com reject_unverified_sender
    hotmail.com reject_unverified_sender
    bigfoot.com reject_unverified_sender
    ... etcetera ...


    /etc/postfix/main.cf:
    smtpd_recipient_restrictions =
    permit_mynetworks
    reject_unauth_destination
    ...
    reject_unknown_recipient_domain
    reject_unverified_recipient
    ...
    # Postfix 2.6 and later privacy feature.
    # unverified_recipient_reject_reason = Address lookup failed

  4. Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks for this tutorial! Besides this minor frustration, GREAT article.

    1. Respected Sir,
      Please help me regarding smtp sender mails block. I need to block some users should not send mails to other domain but they get receipt mail from other domain also they send same domain to each others.

      Thanks
      krish

  5. Hi

    I would like to block mails coming from all domains and and allow only those mails from the domains which are whitelisted.
    If I use
    blacklist_from *@* all the domains are marked as SPAM and even the whitelist domains are also makred as spam. How can I place a rule for blocking all other domains editing the /etc/mail/spamassassin/local.cf and or with .procmailrc file. Any suggestion or help would be appreciated.

    Thank you
    Manish

  6. In main.cf, the smtpd_sender_restrictions directive *requires* one of four possible options at the end, otherwise postfix will not accept any mail at all. I think this guide should include this because I followed it verbatim and broke postfix, just like neotexan pointed out above in his comment on January 21, 2008 at 5:09 pm.

    See here: http://www.postfix.org/postconf.5.html

    IMPORTANT: If you change this parameter setting, you must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:
    reject, defer, defer_if_permit, reject_unauth_destination

  7. Hi,

    I have MySQL table listing allowed sender email addresses. I like to receive emails only from allowed people. Can I do this using MySQL instead of file? Also, I like to collect email address of sender who sent email, but wasn’t allowed so I can send him/her custom auto reply. Any way to do this?

    Thanks

Leave a Comment