How block host ip from a whole country?

Questions and answers about how to do stuff
Post Reply
Posts: 18
Joined: 01 Jan 2018 14:55

How block host ip from a whole country?

Post by jheffez » 27 Jul 2018 08:37


I'm trying to block whole countries based on their host name dns resolution. Example: for Turkey: *.tr.
To clarify, the host name is derived from a dns resolution, not from message headers.

in I have:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
check_client_access hash:/etc/postfix/domain_access,
check_client_access regexp:/etc/postfix/domain_regex,

In domain_access:
tr reject Turkey

It does not work. I tried to put a dot (.) in front of tr but postfix still allowing. Using EFA
Any idea what's wrong?

Posts: 457
Joined: 14 Dec 2015 22:16
Location: Netherlands

Re: How block host ip from a whole country?

Post by henk » 28 Jul 2018 10:04

To block countries or ip's, you could use SpamAssassin, and leave postfix untouched.
Due the assigned score the message is moved to quarantaine.

Make sure your dns (unbound) is working fine to avoid discussion on performance isues...

Post Reply