How block host ip from a whole country?

Questions and answers about how to do stuff
Post Reply
jheffez
Posts: 25
Joined: 01 Jan 2018 14:55

How block host ip from a whole country?

Post by jheffez »

Hello,

I'm trying to block whole countries based on their host name dns resolution. Example: for Turkey: *.tr.
To clarify, the host name is derived from a dns resolution, not from message headers.

in main.cf I have:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
check_client_access hash:/etc/postfix/domain_access,
check_client_access regexp:/etc/postfix/domain_regex,
permit_sasl_authenticated

In domain_access:
tr reject Turkey


It does not work. I tried to put a dot (.) in front of tr but postfix still allowing. Using EFA 3.0.2.6.
Any idea what's wrong?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: How block host ip from a whole country?

Post by henk »

To block countries or ip's, you could use SpamAssassin, and leave postfix untouched.
viewtopic.php?&t=2659
Due the assigned score the message is moved to quarantaine.

Make sure your dns (unbound) is working fine to avoid discussion on performance isues...
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Post Reply