I just got hit by a spammer sending spam through my mail server from multiple IP addresses in various netblocks all with a reverse lookup ending in googleusercontent.com. (I haven't figured out how; my server kept replying "reject" to some while letting others through.) I'd like to block all IP addresses in the domain. I have this in my main.cf:
smtpd_relay_restrictions = permit_mynetworks
check_recipient_access hash:/etc/postfix/recipient
permit_sasl_authenticated
reject_unauth_destination
check_client_access hash:/etc/postfix/rbl_override
check_sender_access pcre:/etc/postfix/domains
reject_rbl_client <several lines like this for blocklists>
rbl_override has several IP addresses (some with only three numbers, i.e. a netblock) followed by OK or REJECT. Does it make sense to put googleusercontent.com in rbl_override? Is there a way to block all IP addresses whose reverse DNS is in this domain?
(reject_unauth_destination was after the RBLs while the spam was getting through.)
accessmap to apply access controls and for example block all hosts in a particular domain. in/etc/postfix/accessadd for examplegoogleusercontent.com REJECT/etc/postfix/access. What do I put inmain.cf?