How do I block an email address in Postfix?

I need to block an external email address in postfix from sending me emails. This is an external email address of a third party domain name that I'm not controlling.

The reason why I need to block it is because they have something misconfigured and I'm getting a message saying "Warning, your message has not being delivered yet", every second or so. I already contacted their tech support, but they are taking a long time to fix it and in the meantime, my server and my users are suffering.

I tried doing this. In my mail.cf I added:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit

and in /etc/postfix/sender_access I added:

[email protected] REJECT

I run

postmap hash:sender_access

and restart postfix, but it seemed to have no effect.

I also tried:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access

in the main.cf, which fails with this error:

postfix/smtpd[2144]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Trying:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit

gave me the same error.


As mentioned by Laurentio Roescu, the smtpd_sender_restrictions should work. Only I do not think that was what was intended. The sender is the person sending emails from your server. Not the sender from the other side.

So you indeed wanted to use the smtpd_recipient_restrictions = check_sender_access ..., but as mentioned in the documentation, this is overridden by smtpd_relay_restrictions if you use it.

http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions

Optional restrictions that the Postfix SMTP server applies in the context of a client RCPT TO command, after smtpd_relay_restrictions. See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access restriction lists" for a discussion of evaluation context and time.

With Postfix versions before 2.10, the rules for relay permission and spam blocking were combined under smtpd_recipient_restrictions, resulting in error-prone configuration. As of Postfix 2.10, relay permission rules are preferably implemented with smtpd_relay_restrictions, so that a permissive spam blocking policy under smtpd_recipient_restrictions will no longer result in a permissive mail relay policy.

For backwards compatibility, sites that migrate from Postfix versions before 2.10 can set smtpd_relay_restrictions to the empty value, and use smtpd_recipient_restrictions exactly as before.

So instead you would do:

smtpd_relay_restrictions = ...
    ...
    check_sender_access hash:/etc/postfix/sender_access
    ...

That way it should be taken in account as expected. (The ... represent other options, be sure to place this check at the right location in the list.)


check_sender_access should be after reject_unauth_destination or you could become an open relay.

smtpd_recipient_restrictions = reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access

See: http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions

IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions parameter must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:

reject, reject_unauth_destination

defer, defer_if_permit, defer_unauth_destination

On the other hand using smtpd_sender_restrictions should work, so you probably have something else before it which accepts the email.