Postfix blacklist or reject an email address

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

ADVERTISEMENTS

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
28 comments… add one
  • Jules Nov 5, 2007 @ 14:56

    Thanks! Very helpful.

    Ony one slight error: The main.cf line should read:

    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

  • 🐧 nixCraft Nov 6, 2007 @ 7:15

    Thanks for the heads up!

  • neotexan Jan 21, 2008 @ 17:09

    Please correct to:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Using the given line, the mail server will not accept communication…yet shows to be running.

    Test with ‘telnet localhost 25’

    Normally, you should get a response such as:
    220 {yourmailserverFQDN} ESMTP Postfix

  • neotexan Jan 21, 2008 @ 17:13

    While not stated above, this should work for whitelisting senders as well. Ideal when you don’t want to whitelist someone’s misconfigured exchange server.

  • Mihir May 5, 2008 @ 12:13

    I am not able to start internet from RHEL 5
    please help me out!!!
    plz give step by step instructions

  • Jacki Mar 8, 2009 @ 13:55

    Hey still have problem ? please fixed it. Other wise newbie may be confused?

  • 🐧 nixCraft Mar 8, 2009 @ 16:57

    @Jacki,

    Do you see any problem with configuration?

  • Jacki Mar 9, 2009 @ 14:38

    yes I followed your tips.

    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Should be….
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks

  • Tom Mar 9, 2009 @ 21:00

    Thanks for your tips.
    I think Jacki have wrong. It’s well smtpd_recipient_restrictions.
    (excuse my english i am from France)
    Bye

  • Jacki Mar 11, 2009 @ 15:19

    @Tom

    Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.

    /etc/postfix/main.cf:
    smtpd_sender_restrictions = hash:/etc/postfix/sender_access
    unverified_sender_reject_code = 550
    # Postfix 2.6 and later.
    # unverified_sender_defer_code = 250

    # Note 1: Be sure to read the "Caching" section below!
    # Note 2: Avoid hash files here. Use btree instead.
    address_verify_map = btree:/var/lib/postfix/verify

    /etc/postfix/sender_access:
    aol.com reject_unverified_sender
    hotmail.com reject_unverified_sender
    bigfoot.com reject_unverified_sender
    ... etcetera ...


    /etc/postfix/main.cf:
    smtpd_recipient_restrictions =
    permit_mynetworks
    reject_unauth_destination
    ...
    reject_unknown_recipient_domain
    reject_unverified_recipient
    ...
    # Postfix 2.6 and later privacy feature.
    # unverified_recipient_reject_reason = Address lookup failed

  • John Dec 11, 2009 @ 1:29

    Could this be used as a method of blocking mail sent to a valid user, but with a bogus TO address?

  • Nick Feb 5, 2010 @ 15:13

    Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks for this tutorial! Besides this minor frustration, GREAT article.

    • krish May 8, 2010 @ 5:40

      Respected Sir,
      Please help me regarding smtp sender mails block. I need to block some users should not send mails to other domain but they get receipt mail from other domain also they send same domain to each others.

      Thanks
      krish

  • Manish Jul 17, 2010 @ 22:21

    Hi

    I would like to block mails coming from all domains and and allow only those mails from the domains which are whitelisted.
    If I use
    blacklist_from *@* all the domains are marked as SPAM and even the whitelist domains are also makred as spam. How can I place a rule for blocking all other domains editing the /etc/mail/spamassassin/local.cf and or with .procmailrc file. Any suggestion or help would be appreciated.

    Thank you
    Manish

  • Davo Dec 12, 2011 @ 11:37

    Does anyone know of a way to blacklist a sender address that works?

  • prl77 Aug 23, 2012 @ 19:22

    In main.cf, the smtpd_sender_restrictions directive *requires* one of four possible options at the end, otherwise postfix will not accept any mail at all. I think this guide should include this because I followed it verbatim and broke postfix, just like neotexan pointed out above in his comment on January 21, 2008 at 5:09 pm.

    See here: http://www.postfix.org/postconf.5.html

    IMPORTANT: If you change this parameter setting, you must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:
    reject, defer, defer_if_permit, reject_unauth_destination

  • danduz Sep 4, 2012 @ 3:42

    hi all,

    after that i run the following command like below:

    cobu.email@gmail.com REJECT
    # postmap hash:sender_access
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
    # /etc/init.d/postfix restart

    i still can send email from cobu.email@gmail.com to my account on postfix mail server.
    did i missing something ?
    did anyone can help me ?

    Regards,
    danduz

  • Fasil Oct 2, 2012 @ 20:52

    Thanks for this nice post. Keep up the good work :)

  • Marios Dec 10, 2012 @ 9:42

    What about having the allowed senders in a MySQL database instead of a file ?

  • Karl Feb 15, 2013 @ 12:32

    Hi,

    I would like to configure my postfix to block all unknown sender and allow the known sender to send email, can i use this parameter below ?????

    *****************************************************************
    # vi sender_access
    all@abadboy.com PERMIT
    all@abadboy.com REJECT
    *****************************************************************

  • Karl Feb 15, 2013 @ 12:34

    Sorry for my first post.. correction below..

    *****************************************************************
    # vi sender_access
    all@aGOODboy.com PERMIT
    all@aBADboy.com REJECT
    *****************************************************************

  • Kiruba May 14, 2013 @ 5:04

    Hi,

    i wants to accept mail from blocked users and discard mail in Postfix server itself with out any bounce back.

    Pls give some tips ASAP…………

  • Ojay May 25, 2013 @ 23:32

    @dnaduz you may have fixed it, however it could be that you need to move the rule up the line….that worked for me!

  • Doesn't work Oct 25, 2013 @ 4:07

    It doesn’t work am still getting emails from an address I blocked :(

  • shahzaibcb Dec 29, 2013 @ 11:31

    I want to discard any email that is recieved on my domain account i.e anonymous@mydomain.com using postfix. Can you guide me regarding it ?

  • Sam Jun 16, 2014 @ 17:21

    Hi,

    I have MySQL table listing allowed sender email addresses. I like to receive emails only from allowed people. Can I do this using MySQL instead of file? Also, I like to collect email address of sender who sent email, but wasn’t allowed so I can send him/her custom auto reply. Any way to do this?

    Thanks

  • chinnachamy May 25, 2015 @ 5:17

    How do i remove separate spam mail id

  • ken Jun 28, 2016 @ 7:18

    Hi,

    I am currently using FC21 as my email server. and I followed the instructions here but I still get annoying emails from user@qq.com with chinese characters that I don’t understand.

    Please help me.

    Thank you

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.