I just got hit by a spammer sending spam through my mail server from multiple IP addresses in various netblocks all with a reverse lookup ending in googleusercontent.com
. (I haven't figured out how; my server kept replying "reject" to some while letting others through.) I'd like to block all IP addresses in the domain. I have this in my main.cf
:
smtpd_relay_restrictions = permit_mynetworks
check_recipient_access hash:/etc/postfix/recipient
permit_sasl_authenticated
reject_unauth_destination
check_client_access hash:/etc/postfix/rbl_override
check_sender_access pcre:/etc/postfix/domains
reject_rbl_client <several lines like this for blocklists>
rbl_override
has several IP addresses (some with only three numbers, i.e. a netblock) followed by OK
or REJECT
. Does it make sense to put googleusercontent.com
in rbl_override
? Is there a way to block all IP addresses whose reverse DNS is in this domain?
(reject_unauth_destination
was after the RBLs while the spam was getting through.)
access
map to apply access controls and for example block all hosts in a particular domain. in/etc/postfix/access
add for examplegoogleusercontent.com REJECT
/etc/postfix/access
. What do I put inmain.cf
?