Postfix can perform a lot of checks on the sender and the recipient. We will see here how to properly blacklist a mail address using a postfix map.
Create the file /etc/postfix/sender_access and insert the following content:
spam@beautifulhorses.co.uk REJECT
spammonster.fr REJECT
unix-experience.fr OK
The syntax of this file is as follows:
<address|domain> <action>
In the present case we reject the first address as well as the spammonster.fr domain. On the other hand, the unix-experience.fr domain is allowed.
Then compile the map:
postmap /etc/postfix/sender_access
Now let’s apply our map. It will here be applied to our mail relay and therefore to the smtp process of postfix. Open the /etc/postfix/master.cf file and edit the line associated with the smtp process:
smtp inet n - - - - smtpd
-o smtpd_sender_restrictions=check_sender_access,hash:/etc/postfix/sender_access
Then restart the postfix service.
When the domain is blocked you should see the following message in your logs:
Sender address rejected: Access denied
If no domain matches the generated map, postfix will pass the mail to the next filter. In the example above there is none, so the mails will be accepted.
You now know how to block a domain name or a specific address on your SMTP relays. This configuration must be handled with care because it does not rule out potential false positives, but it provides a quick and effective way to reject unwanted behavior quickly.
Do not hesitate to use an antispam such as spamassassin coupled with this solution as well as greylisting in order to counter SPAM.