How block host ip from a whole country?

Questions and answers about how to do stuff
Post Reply
jheffez
Posts: 15
Joined: 01 Jan 2018 14:55

How block host ip from a whole country?

Post by jheffez » 27 Jul 2018 08:37

Hello,

I'm trying to block whole countries based on their host name dns resolution. Example: for Turkey: *.tr.
To clarify, the host name is derived from a dns resolution, not from message headers.

in main.cf I have:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
check_client_access hash:/etc/postfix/domain_access,
check_client_access regexp:/etc/postfix/domain_regex,
permit_sasl_authenticated

In domain_access:
tr reject Turkey


It does not work. I tried to put a dot (.) in front of tr but postfix still allowing. Using EFA 3.0.2.6.
Any idea what's wrong?

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: How block host ip from a whole country?

Post by henk » 28 Jul 2018 10:04

To block countries or ip's, you could use SpamAssassin, and leave postfix untouched.
viewtopic.php?&t=2659
Due the assigned score the message is moved to quarantaine.

Make sure your dns (unbound) is working fine to avoid discussion on performance isues...

Post Reply