smtpd client restrictions

From Initq

Jump to: navigation, search

When an email comes in the first level of check is the client check for all unsolicited commercial email (UCE). This is where you can actually block the smtpd client even before they send any message.

Here is our smtpd_client_restriction section from main.cf file: 

smtpd_client_restrictions =
        permit_mynetworks,
        check_client_access hash:/etc/postfix/client_access,
        check_client_access pcre:/etc/postfix/client_access.pcre
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client dun.dnsrbl.net,
        reject_rbl_client rblserver.domain.extention,
        reject_invalid_hostname,
        permit

client_access file should be compiled with postmap. 

#Spam sites
sex.com                 DISCARD

#Halal sites
apptricity.com          OK
192.168.0.13            OK

#Private IP's should be blocked
10                      554 Go Away!
172.16                  554 Bugger off!
192.168.0               554 Take a Hike!

You need to make sure that pcre is compiled into your postfix. You can check it with the command postconf -m. If you don't see pcre then get a package called postfix-pcre and then do the following test.

You could do a quick test creating a rule as below (you don't need to stop the service):

- create the file /etc/postfix/pcre_test: /^Subject: test/ REJECT

- and execute:

postmap -q "Subject: test" pcre:/etc/postfix/pcre_test

If the word "REJECT" appears, pcre extension is working. If everything is working then youcan make a file called client_access.pcre. Here is our file: 

#10.9.8.0 - 10.9.9.255
/10\.9\.[89]\.\d+/              REJECT
Retrieved from "http://www.initq.com/index.php/Smtpd_client_restrictions"
Personal tools