Page 1 of 1

How block host ip from a whole country?

Posted: 27 Jul 2018 08:37
by jheffez
Hello,

I'm trying to block whole countries based on their host name dns resolution. Example: for Turkey: *.tr.
To clarify, the host name is derived from a dns resolution, not from message headers.

in main.cf I have:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
check_client_access hash:/etc/postfix/domain_access,
check_client_access regexp:/etc/postfix/domain_regex,
permit_sasl_authenticated

In domain_access:
tr reject Turkey


It does not work. I tried to put a dot (.) in front of tr but postfix still allowing. Using EFA 3.0.2.6.
Any idea what's wrong?

Re: How block host ip from a whole country?

Posted: 28 Jul 2018 10:04
by henk
To block countries or ip's, you could use SpamAssassin, and leave postfix untouched.
viewtopic.php?&t=2659
Due the assigned score the message is moved to quarantaine.

Make sure your dns (unbound) is working fine to avoid discussion on performance isues...