Postfix blacklist or reject an email address

last updated in Categories , ,

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 28 comments/add one below):

28 comment

  1. Thanks! Very helpful.

    Ony one slight error: The main.cf line should read:

    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

  2. Please correct to:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Using the given line, the mail server will not accept communication…yet shows to be running.

    Test with ‘telnet localhost 25’

    Normally, you should get a response such as:
    220 {yourmailserverFQDN} ESMTP Postfix

  3. While not stated above, this should work for whitelisting senders as well. Ideal when you don’t want to whitelist someone’s misconfigured exchange server.

  4. I am not able to start internet from RHEL 5
    please help me out!!!
    plz give step by step instructions

  5. yes I followed your tips.

    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Should be….
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks

  6. Thanks for your tips.
    I think Jacki have wrong. It’s well smtpd_recipient_restrictions.
    (excuse my english i am from France)
    Bye

  7. @Tom

    Yes it will work & and work as recipient_restrictions. This E-mail address still can send e-mail not receive since theres two separate option in postfix to block e-mail address receiving & sending email to this server.

    /etc/postfix/main.cf:
    smtpd_sender_restrictions = hash:/etc/postfix/sender_access
    unverified_sender_reject_code = 550
    # Postfix 2.6 and later.
    # unverified_sender_defer_code = 250

    # Note 1: Be sure to read the "Caching" section below!
    # Note 2: Avoid hash files here. Use btree instead.
    address_verify_map = btree:/var/lib/postfix/verify

    /etc/postfix/sender_access:
    aol.com reject_unverified_sender
    hotmail.com reject_unverified_sender
    bigfoot.com reject_unverified_sender
    ... etcetera ...


    /etc/postfix/main.cf:
    smtpd_recipient_restrictions =
    permit_mynetworks
    reject_unauth_destination
    ...
    reject_unknown_recipient_domain
    reject_unverified_recipient
    ...
    # Postfix 2.6 and later privacy feature.
    # unverified_recipient_reject_reason = Address lookup failed

  8. Vivek, PLEASE fix your tutorial above. Following your instructions will make POSTFIX break, and not accept any SMTP connections. The correct line is:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

    Thanks for this tutorial! Besides this minor frustration, GREAT article.

    1. Respected Sir,
      Please help me regarding smtp sender mails block. I need to block some users should not send mails to other domain but they get receipt mail from other domain also they send same domain to each others.

      Thanks
      krish

  9. Hi

    I would like to block mails coming from all domains and and allow only those mails from the domains which are whitelisted.
    If I use
    blacklist_from *@* all the domains are marked as SPAM and even the whitelist domains are also makred as spam. How can I place a rule for blocking all other domains editing the /etc/mail/spamassassin/local.cf and or with .procmailrc file. Any suggestion or help would be appreciated.

    Thank you
    Manish

  10. In main.cf, the smtpd_sender_restrictions directive *requires* one of four possible options at the end, otherwise postfix will not accept any mail at all. I think this guide should include this because I followed it verbatim and broke postfix, just like neotexan pointed out above in his comment on January 21, 2008 at 5:09 pm.

    See here: http://www.postfix.org/postconf.5.html

    IMPORTANT: If you change this parameter setting, you must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:
    reject, defer, defer_if_permit, reject_unauth_destination

  11. hi all,

    after that i run the following command like below:

    cobu.email@gmail.com REJECT
    # postmap hash:sender_access
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
    # /etc/init.d/postfix restart

    i still can send email from cobu.email@gmail.com to my account on postfix mail server.
    did i missing something ?
    did anyone can help me ?

    Regards,
    danduz

  12. Hi,

    I would like to configure my postfix to block all unknown sender and allow the known sender to send email, can i use this parameter below ?????

    *****************************************************************
    # vi sender_access
    all@abadboy.com PERMIT
    all@abadboy.com REJECT
    *****************************************************************

  13. Hi,

    i wants to accept mail from blocked users and discard mail in Postfix server itself with out any bounce back.

    Pls give some tips ASAP…………

  14. @dnaduz you may have fixed it, however it could be that you need to move the rule up the line….that worked for me!

  15. Hi,

    I have MySQL table listing allowed sender email addresses. I like to receive emails only from allowed people. Can I do this using MySQL instead of file? Also, I like to collect email address of sender who sent email, but wasn’t allowed so I can send him/her custom auto reply. Any way to do this?

    Thanks

  16. Hi,

    I am currently using FC21 as my email server. and I followed the instructions here but I still get annoying emails from user@qq.com with chinese characters that I don’t understand.

    Please help me.

    Thank you

    Have a question? Post it on our forum!