How do I block an email address in Postfix?
I need to block an external email address in postfix from sending me emails. This is an external email address of a third party domain name that I'm not controlling.
The reason why I need to block it is because they have something misconfigured and I'm getting a message saying "Warning, your message has not being delivered yet", every second or so. I already contacted their tech support, but they are taking a long time to fix it and in the meantime, my server and my users are suffering.
I tried doing this. In my mail.cf I added:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit
and in /etc/postfix/sender_access I added:
[email protected] REJECT
I run
postmap hash:sender_access
and restart postfix, but it seemed to have no effect.
I also tried:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
in the main.cf, which fails with this error:
postfix/smtpd[2144]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Trying:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit
gave me the same error.
As mentioned by Laurentio Roescu, the smtpd_sender_restrictions
should work. Only I do not think that was what was intended. The sender is the person sending emails from your server. Not the sender from the other side.
So you indeed wanted to use the smtpd_recipient_restrictions = check_sender_access ...
, but as mentioned in the documentation, this is overridden by smtpd_relay_restrictions
if you use it.
http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
Optional restrictions that the Postfix SMTP server applies in the context of a client RCPT TO command, after smtpd_relay_restrictions. See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access restriction lists" for a discussion of evaluation context and time.
With Postfix versions before 2.10, the rules for relay permission and spam blocking were combined under smtpd_recipient_restrictions, resulting in error-prone configuration. As of Postfix 2.10, relay permission rules are preferably implemented with smtpd_relay_restrictions, so that a permissive spam blocking policy under smtpd_recipient_restrictions will no longer result in a permissive mail relay policy.
For backwards compatibility, sites that migrate from Postfix versions before 2.10 can set smtpd_relay_restrictions to the empty value, and use smtpd_recipient_restrictions exactly as before.
So instead you would do:
smtpd_relay_restrictions = ...
...
check_sender_access hash:/etc/postfix/sender_access
...
That way it should be taken in account as expected. (The ... represent other options, be sure to place this check at the right location in the list.)
check_sender_access
should be after reject_unauth_destination
or you could become an open relay.
smtpd_recipient_restrictions = reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access
See: http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
IMPORTANT: Either the smtpd_relay_restrictions or the smtpd_recipient_restrictions parameter must specify at least one of the following restrictions. Otherwise Postfix will refuse to receive mail:
reject, reject_unauth_destination
defer, defer_if_permit, defer_unauth_destination
On the other hand using smtpd_sender_restrictions
should work, so you probably have something else before it which accepts the email.