Block a domain via smtpd_sender_restrictions ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Block a domain via smtpd_sender_restrictions ?

Frank Bonnet
Hello

is it possible to block all a domain using smtpd_sender_restrictions ?

@spammers.com DISCARD



Thank you

Reply | Threaded
Open this post in threaded view
|

Re: Block a domain via smtpd_sender_restrictions ?

Muzaffer Tolga Özses

On 12/12/2012 11:39 AM, Frank Bonnet wrote:

> Hello
>
> is it possible to block all a domain using smtpd_sender_restrictions ?
>
> @spammers.com DISCARD
>
>
>
> Thank you
>
Read http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions

Muzaffer,
Reply | Threaded
Open this post in threaded view
|

Re: Block a domain via smtpd_sender_restrictions ?

Benny Pedersen
In reply to this post by Frank Bonnet
Frank Bonnet skrev den 12-12-2012 10:39:

> is it possible to block all a domain using smtpd_sender_restrictions
> ?
> @spammers.com DISCARD

remove @

if its a subdomain its .example.org DISCARD

its just that this helps other spammers use your domain as sender, with
exspands the problem




Reply | Threaded
Open this post in threaded view
|

Re: Block a domain via smtpd_sender_restrictions ?

/dev/rob0
In reply to this post by Frank Bonnet
On Wed, Dec 12, 2012 at 10:39:23AM +0100, Frank Bonnet wrote:
> is it possible to block all a domain using
> smtpd_sender_restrictions ?
>
> @spammers.com DISCARD

First, why/who do you want to block? Almost all spam is sent with
forged sender addresses, not the actual spammer's address. Blocking
by sender address runs a risk of blocking a real sender. And to the
point for you as admin: it does not scale well. Any single spam run
might consist of thousands of sender addresses and domains.

Second, there is no need to limit this to smtpd_sender_restrictions.
It might be easier to maintain in smtpd_recipient_restrictions.

http://www.postfix.org/SMTPD_ACCESS_README.html

Third, why discard? Why not reject? Discarding mail based on sender
addresses is reckless. Furthermore it wastes bandwidth and time; just
DTRT and reject it.

Fourth, please do not use real Internet domains in examples. There
are example.{com,net,org,...} for that.

Finally, see "EMAIL ADDRESS PATTERNS" in the access(5) manual.

http://www.postfix.org/access.5.html
--
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: