Re: Block certain remote hosts on submission port
- On 8/24/2013 3:52 PM, Stan Hoeppner wrote:
> On 8/24/2013 1:18 PM, LuKreme wrote:...
>> On 22 Aug 2013, at 21:28 , Stan Hoeppner <stan@...> wrote:
>>> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
>>> ~$ sed 's/$/ OK/g' us.zone > us.cidr
>>> ~$ cp us.cidr /etc/postfix
>>> ~$ postfix reload
>>> and you're off to the races.
>If you do the reject in postfix you'll be able to see the sender
> And BTW, it's better to do this at the firewall if at all practical.
details, which may be valuable for seeing which accounts have been
compromised and/or troubleshooting false positive reports.
All the firewall can show is some IP was blocked.
>You can append a wildcard reject AT THE END of the cidr file with a
>> 2) If I did this I also would like to log these rejections to a separate file, possible?
> Not directly. You'd specify a custom reject code then parse your mail
> log for that, pipe to another file. If you do it at the firewall it
> would depend on the firewall's features.
custom message. That message will be sent to the client and will be
included in your log.
# us cidr table
... everything else
0.0.0.0/0 REJECT submission not allowed from your location geoip
>> Under 2.10, would it make sense to put those restriction in the smtpd_relay_restrictions if port 25 is open for connections?
> In the other half of the instructions I gave, which you cut, I show that
> this needs to be done in master.cf. smtpd_foo_restrictions in main.cf
> are global. You want this restriction only on the submission port, not
> the public smtp port.
-- Noel Jones